Commit Graph

1647 Commits

Author SHA1 Message Date
Frank Denis
20e384988c Test for presence of new sodium_runtime_has_*() functions 2015-10-11 18:51:30 +02:00
Frank Denis
c8be336506 C++ compat 2015-10-11 14:35:32 +02:00
Frank Denis
aa965a580b Expose only crypto_aead_aes256gcm_*() not crypto_aead_aes256gcm_aesni_*()
libsodium typically doesn't expose specific implementations.
It shouldn't be the case for that construction either, especially since
an ARM8 implementation might be added later.
We want a single interface for both.
2015-10-11 14:29:25 +02:00
Frank Denis
dadc5d9906 Add crypto_aead_aes256gcm_aesni_is_available() 2015-10-11 13:05:32 +02:00
Frank Denis
76846bd3ee Indent 2015-10-11 12:59:34 +02:00
Frank Denis
93295855cf Add aes256gcm test vectors 2015-10-11 12:56:20 +02:00
Frank Denis
16beebb2ec Don't use implementation-specific functions to expose sizes 2015-10-11 11:58:34 +02:00
Frank Denis
1dddd63a19 Merge branch 'aes256gcm'
* aes256gcm: (25 commits)
  aes256gcm: we can expect the accumulator and the padding buffer to be aligned
  aesgcm: don't expect input & output buffers to be aligned
  aes256gcm doesn't use SSE4.1 instructions any more
  Don't read past the AD buffer, even through an SIMD register
  Convert more functions to macros
  Add do { ... } while(0) when relevant
  Turn reduce4 into a macro That's too much registers for a function call in 32-bit mode. And in MSVC, this is even the case if the function is marked inline.
  Enable aes256gcm on Visual Studio
  Don't declare new variables after a line of code
  Declare __m128 arrays used as parameters as pointers Required for MSVC
  Proper casts for aeskeygenassist()
  Let's hope that requiring ssse3 is not required any more
  Try to enable specific cflags before testing each intructions set
  ssse3 target is required in addition to sse4.1
  Use SIMD-specific compiler flags only for files needing them
  Define __SSSE3__ if required
  Do not try to compile aesni code if this is not going to compile
  Check for AESNI & PCLMUL presence/usability
  Replace the aes256gcm implementation with Romain Dolbeau's implementation which is slightly faster than mine. Reimplement features from the previous implementation: add batch mode and use two passes in the decryption function in order to check the tag before decrypting.
  Explicit cast
  ...
2015-10-11 02:45:36 +02:00
Frank Denis
82e9c729f1 aes256gcm: we can expect the accumulator and the padding buffer to be aligned 2015-10-11 02:39:28 +02:00
Frank Denis
66d55c1939 aesgcm: don't expect input & output buffers to be aligned 2015-10-11 02:39:28 +02:00
Frank Denis
b618248c11 Merge pull request #304 from Sc00bz/patch-1
Zero the padding after having computed a hmac
2015-10-11 02:37:05 +02:00
Steve Thomas
e07599dafe Update hmac_hmacsha256.c 2015-10-10 19:28:13 -05:00
Steve Thomas
958323b8bc Update hmac_hmacsha512.c 2015-10-10 19:24:42 -05:00
Frank Denis
82b2f5a4c4 aes256gcm doesn't use SSE4.1 instructions any more 2015-10-11 01:17:00 +02:00
Frank Denis
970058bb38 Don't read past the AD buffer, even through an SIMD register 2015-10-11 01:00:33 +02:00
Frank Denis
0b20d292df Convert more functions to macros 2015-10-11 00:43:44 +02:00
Frank Denis
69aac7d0af Add do { ... } while(0) when relevant 2015-10-11 00:12:16 +02:00
Frank Denis
7a67bb9484 Turn reduce4 into a macro
That's too much registers for a function call in 32-bit mode.
And in MSVC, this is even the case if the function is marked inline.
2015-10-10 23:33:34 +02:00
Frank Denis
d1d833a240 Enable aes256gcm on Visual Studio 2015-10-10 23:04:40 +02:00
Frank Denis
30729b0add Don't declare new variables after a line of code 2015-10-10 21:57:04 +02:00
Frank Denis
9055a140f3 Declare __m128 arrays used as parameters as pointers
Required for MSVC
2015-10-10 21:07:07 +02:00
Frank Denis
78002f8ca7 Proper casts for aeskeygenassist() 2015-10-10 20:57:46 +02:00
Frank Denis
fad86b2fe9 Let's hope that requiring ssse3 is not required any more 2015-10-10 20:15:35 +02:00
Frank Denis
84d92fc1bf Try to enable specific cflags before testing each intructions set 2015-10-10 20:10:26 +02:00
Frank Denis
c3195da04d ssse3 target is required in addition to sse4.1 2015-10-10 19:40:29 +02:00
Frank Denis
f267352eec Use SIMD-specific compiler flags only for files needing them 2015-10-10 19:24:30 +02:00
Frank Denis
d4ff80e7a0 Define __SSSE3__ if required 2015-10-10 18:32:10 +02:00
Frank Denis
6ca06314fc Do not try to compile aesni code if this is not going to compile 2015-10-10 18:22:03 +02:00
Frank Denis
e83e9b2d8e Check for AESNI & PCLMUL presence/usability 2015-10-10 17:57:47 +02:00
Frank Denis
ab2e86748e Replace the aes256gcm implementation with Romain Dolbeau's implementation
which is slightly faster than mine.
Reimplement features from the previous implementation: add batch mode and
use two passes in the decryption function in order to check the tag before
decrypting.
2015-10-10 16:21:08 +02:00
Frank Denis
ef1417bc2f Explicit cast 2015-10-09 09:48:34 +02:00
Frank Denis
41c296fcf8 Make the state const in *_afternm() 2015-10-09 09:43:03 +02:00
Frank Denis
96d4494f2f Add crypto_aead_aes256gcm_aesni_{beforenm|*_afternm} 2015-10-09 09:25:01 +02:00
Frank Denis
396e16880d Move CRYPTO_ALIGN to sodium/export.h 2015-10-09 08:50:49 +02:00
Frank Denis
571bfc99c8 Check for ssse3 presence 2015-10-07 23:26:13 +02:00
Frank Denis
e8e5d2fc18 Add crypto_aead_aes256gcm_aesni_*
Requires a CPU with aesni and pclmulqdq
This is a private branch for a reason. It is not going to be merged as-is.
2015-10-07 23:09:19 +02:00
Frank Denis
d8e870cb43 /dev/urandom can be a name special file in addition to a character special file 2015-10-05 11:51:29 +02:00
Frank Denis
4705c0a066 Yes, support for NativeClient was added. 2015-09-22 22:51:31 +02:00
Frank Denis
dca2131f45 C++ compat 2015-09-21 16:05:53 +02:00
Frank Denis
6be1ce3f34 scalarmult: add the exact test from the irtf-cfrg-curves draft
Use guarded memory by the way.
2015-09-21 15:45:32 +02:00
Frank Denis
fe27e6c136 randombytes: use arc4random(3) on OpenBSD and CloudABI 2015-09-13 15:34:01 +02:00
Frank Denis
6757e3320a Confusing indentation 2015-09-13 15:09:51 +02:00
Frank Denis
46f71fba9e Check for getpid(2) presence instead of checking for Visual Studio 2015-09-13 15:04:26 +02:00
Frank Denis
7fa840e486 C++ compat 2015-09-09 17:42:38 +02:00
Frank Denis
8ee4950eb3 Use sodium_malloc() for the secretbox_*() tests 2015-09-09 10:00:18 +02:00
Frank Denis
e424963ae8 Call a weak function in sodium_memcmp() to prevent LTO.
sodium_memcmp() can be used to compare user-provided secrets against
constant, hardcoded secrets. We don't want the compiler to generate code
that would be optimized for these hardcoded values.
2015-09-09 09:33:20 +02:00
Frank Denis
0f1f8a6ea6 Check that secretbox works as expected when m and c are overlapping 2015-09-09 09:00:08 +02:00
Frank Denis
f51fb6a90e Add a test for crypto_secretbox() with c == m 2015-09-09 08:51:19 +02:00
Frank Denis
c1f749e68a Keep shell variables names consistent with their related C macros. 2015-09-04 15:37:31 +02:00
Frank Denis
cccc29cc18 Merge pull request #293 from mvduin/master
improve test for unaligned access
2015-09-04 15:31:01 +02:00