| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
--
The work of CMAC selftest was originally done by Red Hat.
Merging their work, there are mostly no lines from Red Hat,
but the code which originates mac-hmac.c copyrighted by Free
Software Foundation, Inc.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/mac-cmac.c (check_one_mac): New.
(selftests_cmac_3des): New.
(selftests_cmac_aes): New.
(cmac_selftest): New.
(cmac_ops): Add cmac_selftest.
* src/fips.c (run_mac_selftests): Add GCRY_MAC_CMAC_3DES and
GCRY_MAC_CMAC_AES.
--
This is an attempt to merge RedHat's
libgcrypt-1.8.3-cmac-selftest.patch
Test vectors are from tests/basic.c, which includes ones in RedHat.
|
| |
|
|
|
|
|
|
|
| |
* src/hwf-arm.c (HWCAP2_SHA1, HWCAP2_SHA2): Change from bit indexes to
flags.
--
GnuPG-bug-id: 5195
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
| |
* src/cipher-proto.h (_gcry_hmac_selftest): Rename to...
(_gcry_mac_selftest): ... this.
--
It appears that '_gcry_hmac_selftest' has been renamed to
'_gcry_mac_selftest' but renaming prototype was missed.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
| |
* cipher/Makefile.am (EXTRA_DIST): Remove hmac-tests.c.
* cipher/hmac-tests.c: Remove, merge into...
* cipher/mac-hmac.c: ... here.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
* mpi/longlong.h [__aarch64__] (count_leading_zeros): Use correctly
sized temporary variable for asm output.
--
Patch fixes clang-8 warning about differently sized inline
assembly operands seen on aarch64.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
| |
* configure.ac (gcry_cv_gcc_asm_elf_directives): New check.
(HAVE_GCC_ASM_ELF_DIRECTIVES): New 'config.h' macro.
* cipher/asm-common-aarch64.h (ELF): Change feature macro check from
__ELF__ to HAVE_GCC_ASM_ELF_DIRECTIVES.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Prepare merge of hmac-test.c into mac-hmac.c.
* cipher/hmac-tests.c: Ifdef-out run_selftests and _gcry_hmac_selftest.
* cipher/mac-internal.h: Include cipher-proto.h for selftest.
(gcry_mac_spec_ops): Add selftest field.
* cipher/mac-hmac.c: Include hmac-tests.c for migration.
(hmac_selftest) New.
(hmac_ops): Add hmac_selftest.
* cipher/gost28147.c, cipher/mac-cmac.c: Add new field for selftest.
* cipher/mac-gmac.c, cipher/mac-poly1305.c: Likewise..
* cipher/mac.c (_gcry_mac_selftest): New.
* src/fips.c (run_mac_selftests): Rename from run_hmac_selftests.
Use GCRY_MAC_HMAC_*, and call _gcry_mac_selftest.
(_gcry_fips_run_selftests): Use run_mac_selftests.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/g10lib.h (NOINLINE_FUNC): New attribute macro.
* src/misc.c (__gcry_burn_stack): Add NOINLINE_FUNC attribute.
--
LTO can cause inline of __gcry_burn_stack and result tail-call
to _gcry_fast_wipememory and defeat tail-call prevention in
_gcry_burn_stack macro. Mark __gcry_burn_stack with 'noinline'
attribute to prevent unwanted inlining of this function in
LTO builds.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_one_cipher_ctr_reset)
(check_one_cipher_ctr_overflow): New.
(check_one_cipher): Add counter overflow tests for ChaCha20 and CTR
mode.
--
Patch adds counter overflow tests to check for correct counter handling
in bulk processing implementations.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/chacha20-ppc.c (vec_add_ctr_u64, ADD_U64): New.
(_gcry_chacha20_ppc8_blocks1, _gcry_chacha20_ppc8_blocks4)
(_gcry_chacha20_poly1305_ppc8_blocks4): Use ADD_U64 when incrementing
counter.
--
Patch fixes 32-bit overflow for PowerPC ChaCha20 implementation.
In typical use case, overflow happens after 256 GiB bytes of output.
Typical use case here means use of 96-bit or 64-bit IV which causes
lower 32-bits of counter to start from zero.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
| |
* configure.ac [*-apple-darwin*] (USE_POSIX_SPAWN_FOR_TESTS): New.
* tests/random.c [USE_POSIX_SPAWN_FOR_TESTS] (run_all_rng_tests): New.
--
GnuPG-bug-id: 5159
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Use AS_MESSAGE_LOG_FD
instead of AC_FD_CC.
(GNUPG_CHECK_MLOCK): Use AC_LINK_IFELSE instead of AC_TRY_LINK.
Use AC_RUN_IFELSE instead of AC_TRY_RUN.
* configure.ac (AC_ISC_POSIX): Replace by AC_SEARCH_LIBS.
Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
Use AS_HELP_STRING instead of AC_HELP_STRING.
(AC_TYPE_SIGNAL): Remove.
(AC_DECL_SYS_SIGLIST): Remove.
* m4/Makefile.am (EXTRA_DIST): Update.
* m4/onceonly.m4: Remove.
* m4/socklen.m4: Update from gnulib.
* m4/libtool.m4: Update from libgpg-error.
* m4/gpg-error.m4: Update from libgpg-error.
* m4/noexecstack.m4: Use AS_HELP_STRING instead of AC_HELP_STRING.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* configure.ac (byte, ushort, us6, u32, u64): Use AC_CHECK_TYPES.
* cipher/poly1305.c: Use HAVE_TYPE_U64.
* src/hmac256.c: HAVE_TYPE_U32.
* src/types.h: Use HAVE_TYPE_BYTE, HAVE_TYPE_USHORT, HAVE_TYPE_U16,
HAVE_TYPE_U32, and HAVE_TYPE_U64.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/libgcrypt.m4: Replace AC_HELP_STRING to AS_HELP_STRING.
--
Applied the change in gnulib of commit:
fd082b5cdd9f25000a30ba65e295805b8228df3b
by:
Author: Gavin Smith <gavinsmith0123@gmail.com>
Date: Sun Sep 27 21:06:51 2020 +0200
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Accept private
key with removed zeros.
--
We have existing keys of Ed25519, which was created by implementations
before SOS clarification. We should support those keys and
implementations with no SOS support.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* random/random-csprng.c (utf8_to_wchar) [W32]: New.
(any8bitchar) [W32]: New.
(my_open): New. Replace all calls to open with this.
--
Users with account names having an Unicode character in their name may
now create a random_see file without running into an error. Note
that depending on the code page this used to work but for sure no if
more than one byte is required. For testing I used "Ⓐnne".
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
| |
* tests/basic.c: Fix typo in comment.
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rijndael-internal.h (rijndael_prepare_decfn_t): New.
(RIJNDAEL_context_s): New member 'prepare_decryption'.
* cipher/rijndael-padlock.c (_gcry_aes_padlock_prepare_decryption): New.
* cipher/rijndael.c (_gcry_aes_padlock_prepare_decryption): New.
(do_setkey): Setup 'ctx->prepare_decryption' for each acceleration type.
(prepare_decryption): Remove calls to other prepare decryption functions.
(check_decryption_preparation): Call 'ctx->prepare_decryption' instead
of 'prepare_decryption'.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rijndael.c (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
(_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
(_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth, _gcry_aes_xts_crypt): Remove
calls to hardware accelerated AES bulk functions.
--
Patch removes accelerated implementation selection from generic
bulk functions. These are no longer used/needed as setkey
returns accelerated bulk functions for all callers and all
callers have been updated to used those bulk functions.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-internal.h (cipher_mode_ops_t, cipher_bulk_ops_t): New.
(gcry_cipher_handle): Define members 'mode_ops' and 'bulk' using new
types.
* cipher/cipher.c (_gcry_cipher_open_internal): Remove bulk function
setup.
(cipher_setkey): Pass context bulk function pointer to algorithm setkey
function.
* cipher/cipher-selftest.c (_gcry_selftest_helper_cbc)
(_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Remove bulk
function parameter; Use bulk function returned by setkey function.
* cipher/cipher-selftest.h (_gcry_selftest_helper_cbc)
(_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Remove bulk
function parameter.
* cipher/arcfour.c (arcfour_setkey): Change 'hd' parameter to
'bulk_ops'.
* cipher/blowfish.c (bf_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec)
(_gcry_blowfish_cfb_dec): Make static.
(selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
to selftest helper.
(selftest): Pass 'bulk_ops' to setkey function.
* cipher/camellia.c (camellia_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(_gcry_camellia_ctr_enc, _gcry_camellia_cbc_dec)
(_gcry_camellia_cfb_dec, _gcry_camellia_ocb_crypt)
(_gcry_camellia_ocb_auth): Make static.
(selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
to selftest helper.
(selftest): Pass 'bulk_ops' to setkey function.
* cipher/cast5.c (cast_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec, _gcry_cast5_cfb_dec): Make
static.
(selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
to selftest helper.
(selftest): Pass 'bulk_ops' to setkey function.
* cipher/chacha20.c (chacha20_setkey): Change 'hd' parameter to
'bulk_ops'.
* cipher/cast5.c (do_tripledes_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(_gcry_3des_ctr_enc, _gcry_3des_cbc_dec, _gcry_3des_cfb_dec): Make
static.
(bulk_selftest_setkey): Change 'hd' parameter to 'bulk_ops'.
(selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
to selftest helper.
(do_des_setkey): Change 'hd' parameter to 'bulk_ops'.
* cipher/gost28147.c (gost_setkey): Change 'hd' parameter to
'bulk_ops'.
* cipher/idea.c (idea_setkey): Change 'hd' parameter to 'bulk_ops'.
* cipher/rfc2268.c (do_setkey): Change 'hd' parameter to 'bulk_ops'.
* cipher/rijndael.c (do_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(rijndael_setkey): Change 'hd' parameter to 'bulk_ops'.
(_gcry_aes_cfb_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_enc)
(_gcry_aes_cbc_dec, _gcry_aes_ctr_enc, _gcry_aes_ocb_crypt)
(_gcry_aes_ocb_auth, _gcry_aes_xts_crypt): Make static.
(selftest_basic_128, selftest_basic_192, selftest_basic_256): Pass
'bulk_ops' to setkey function.
(selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
to selftest helper.
* cipher/salsa20.c (salsa20_setkey): Change 'hd' parameter to
'bulk_ops'.
* cipher/seed.c (seed_setkey): Change 'hd' parameter to 'bulk_ops'.
* cipher/serpent.c (serpent_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec, _gcry_serpent_cfb_dec)
(_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Make static.
(selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Do not pass
bulk function to selftest helper.
* cipher/sm4.c (sm4_setkey): Change 'hd' parameter to 'bulk_ops'; Setup
'bulk_ops' with bulk acceleration functions.
(_gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec, _gcry_sm4_cfb_dec)
(_gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth): Make static.
(selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Do not pass
bulk function to selftest helper.
* cipher/twofish.c (twofish_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec)
(_gcry_twofish_cfb_dec, _gcry_twofish_ocb_crypt)
(_gcry_twofish_ocb_auth): Make static.
(selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
to selftest helper.
(selftest, main): Pass 'bulk_ops' to setkey function.
* src/cipher-proto.h: Forward declare 'cipher_bulk_ops_t'.
(gcry_cipher_setkey_t): Replace 'hd' with 'bulk_ops'.
* src/cipher.h: Remove bulk acceleration function prototypes for
'aes', 'blowfish', 'cast5', 'camellia', '3des', 'serpent', 'sm4' and
'twofish'.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
| |
* cipher/rijndael.c (do_setkey): Reduce number of ifdefs by using
function pointer for accelerated key-setup.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rijndael-aesni.c (do_aesni_enc_vec8, do_aesni_dec_vec8): Move
first round key xoring and last round out to caller.
(do_aesni_ctr_4): Change low 8-bit counter overflow check to 8-bit
addition to low-bits and detect overflow from carry flag; Adjust
slow path to restore counter.
(do_aesni_ctr_8): Same as above; Interleave first round key xoring and
first round with CTR generation on fast path; Interleave last round
with output xoring.
(_gcry_aes_aesni_cfb_dec, _gcry_aes_aesni_cbc_dec): Add first round
key xoring; Change order of last round xoring and output xoring
(shorten the dependency path).
(_gcry_aes_aesni_ocb_auth): Add first round key xoring and last round
handling.
--
Benchmark on Ryzen 7 3700X:
Before:
AES | nanosecs/byte mebibytes/sec cycles/byte
CBC dec | 0.113 ns/B 8445 MiB/s 0.407 c/B
CFB dec | 0.114 ns/B 8337 MiB/s 0.412 c/B
CTR enc | 0.112 ns/B 8505 MiB/s 0.404 c/B
CTR dec | 0.113 ns/B 8476 MiB/s 0.405 c/B
After (CBC-dec +21%, CFB-dec +24%, CTR +8% faster):
AES | nanosecs/byte mebibytes/sec cycles/byte
CBC dec | 0.093 ns/B 10277 MiB/s 0.334 c/B
CFB dec | 0.092 ns/B 10372 MiB/s 0.331 c/B
CTR enc | 0.104 ns/B 9209 MiB/s 0.373 c/B
CTR dec | 0.104 ns/B 9192 MiB/s 0.373 c/B
Performance remains the same on Intel Skylake.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
| |
* Makefile.am (sign-release): Read variabales from user configuration.
--
In fact a ~/.gnupg-autogen.sh is now required for the sign-release
target.
|
| |
|
|
|
|
|
| |
* tests/basic.c (check_one_hmac): Fix error paths.
(check_pubkey_crypt): Fix wrong call of gcry_sexp_new.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
| |
* cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Avoid null dereference on
error.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/chacha20-aarch64.S (ROTATE2, ROTATE2_8, ROTATE2_16)
(QUARTERROUND2): Replace with...
(ROTATE4, ROTATE4_8, ROTATE4_16, QUARTERROUND4): ...these.
(_gcry_chacha20_aarch64_blocks4)
(_gcry_chacha20_poly1305_aarch64_blocks4): Adjust to use QUARTERROUND4.
--
This change improves chacha20 performance on larger ARM cores, such as
Cortex-A72. Performance on Cortex-A53 stays the same.
Benchmark on AWS Graviton (Cortex-A72):
Before:
CHACHA20 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
STREAM enc | 3.11 ns/B 306.3 MiB/s 7.16 c/B 2300
STREAM dec | 3.12 ns/B 306.0 MiB/s 7.17 c/B 2300
POLY1305 enc | 3.14 ns/B 304.2 MiB/s 7.21 c/B 2300
POLY1305 dec | 3.11 ns/B 306.6 MiB/s 7.15 c/B 2300
POLY1305 auth | 0.929 ns/B 1027 MiB/s 2.14 c/B 2300
After (~41% faster):
CHACHA20 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
STREAM enc | 2.19 ns/B 435.1 MiB/s 5.04 c/B 2300
STREAM dec | 2.20 ns/B 434.1 MiB/s 5.05 c/B 2300
POLY1305 enc | 2.22 ns/B 429.2 MiB/s 5.11 c/B 2300
POLY1305 dec | 2.20 ns/B 434.3 MiB/s 5.05 c/B 2300
POLY1305 auth | 0.931 ns/B 1025 MiB/s 2.14 c/B 2300
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (gcry_cv_have_asm_volatile_memory): Check also if
assembly memory barrier with input/output register is supported.
* tests/bench-slope.c (auto_ghz_bench): Change to use base operation
that takes two CPU cycles and unroll loop by 1024 operations.
--
CPU frequency is now correctly detected on AWS Graviton CPU (2.3Ghz).
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
| |
* configure.ac: Do not force jentsupport to "n/a" on non-x86
architectures.
--
GnuPG-bug-id: 4966
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
| |
* random/jitterentropy-base-user.h (jent_get_nstime): Use 'tv' variable
instead of non-existing 'time'.
--
GnuPG-bug-id: 4966
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/camellia-aesni-avx-amd64.S: Use loop for handling repeating
'(enc|dec)_rounds16/fls16' portions of encryption/decryption.
* cipher/camellia-aesni-avx2-amd64.S: Use loop for handling repeating
'(enc|dec)_rounds32/fls32' portions of encryption/decryption.
--
Use round+fls loop to reduce binary size of Camellia AES-NI/AVX/AVX2
implementations. This also gives small performance boost on AMD Zen2.
Before:
text data bss dec hex filename
63877 0 0 63877 f985 cipher/.libs/camellia-aesni-avx2-amd64.o
59623 0 0 59623 e8e7 cipher/.libs/camellia-aesni-avx-amd64.o
After:
text data bss dec hex filename
22999 0 0 22999 59d7 cipher/.libs/camellia-aesni-avx2-amd64.o
25047 0 0 25047 61d7 cipher/.libs/camellia-aesni-avx-amd64.o
Benchmark on AMD Ryzen 7 3700X:
Before:
Cipher:
CAMELLIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
CBC dec | 0.670 ns/B 1424 MiB/s 2.88 c/B 4300
CFB dec | 0.667 ns/B 1430 MiB/s 2.87 c/B 4300
CTR enc | 0.677 ns/B 1410 MiB/s 2.91 c/B 4300
CTR dec | 0.676 ns/B 1412 MiB/s 2.90 c/B 4300
OCB enc | 0.696 ns/B 1370 MiB/s 2.98 c/B 4275
OCB dec | 0.698 ns/B 1367 MiB/s 2.98 c/B 4275
OCB auth | 0.683 ns/B 1395 MiB/s 2.94 c/B 4300
After (~8% faster):
CAMELLIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
CBC dec | 0.611 ns/B 1561 MiB/s 2.64 c/B 4313
CFB dec | 0.616 ns/B 1549 MiB/s 2.65 c/B 4312
CTR enc | 0.625 ns/B 1525 MiB/s 2.69 c/B 4300
CTR dec | 0.625 ns/B 1526 MiB/s 2.69 c/B 4299
OCB enc | 0.639 ns/B 1493 MiB/s 2.75 c/B 4307
OCB dec | 0.642 ns/B 1485 MiB/s 2.76 c/B 4301
OCB auth | 0.631 ns/B 1512 MiB/s 2.71 c/B 4300
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (gcry_ecc_get_curve): Handle G, differently.
* cipher/ecc-misc.c (_gcry_ecc_sec_decodepoint): Support compressed
representation of EC point. Rename from _gcry_ecc_os2ec.
* cipher/ecc-sm2.c (_gcry_ecc_sm2_decrypt) Follow the change.
* cipher/ecc.c (ecc_decrypt_raw): Likewise.
* mpi/ec.c (_gcry_mpi_ec_set_point): Likewise.
* src/ec-context.h: API change _gcry_ecc_sec_decodepoint from
_gcry_ecc_os2ec.
* tests/basic.c (check_pubkey): Use compressed representation
for two public keys of NIST P192 and NIST P256.
GnuPG-bug-id: 4951
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
| |
* mpi/mpi-cmp.c (do_mpi_cmp): Check size of U an V.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Add one only for
Edwards case.
Fixes-commit: 3386aaf84d4d89b6ff931533df2ff82ed3f7c7f9
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'sm4-aesni-avx2-amd64.S'.
* cipher/sm4-aesni-avx2-amd64.S: New.
* cipher/sm4.c (USE_AESNI_AVX2): New.
(SM4_context) [USE_AESNI_AVX2]: Add 'use_aesni_avx2'.
[USE_AESNI_AVX2] (_gcry_sm4_aesni_avx2_ctr_enc)
(_gcry_sm4_aesni_avx2_cbc_dec, _gcry_sm4_aesni_avx2_cfb_dec)
(_gcry_sm4_aesni_avx2_ocb_enc, _gcry_sm4_aesni_avx2_ocb_dec)
(_gcry_sm4_aesni_avx_ocb_auth): New.
(sm4_setkey): Enable AES-NI/AVX2 if supported by HW.
(_gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec, _gcry_sm4_cfb_dec)
(_gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth) [USE_AESNI_AVX2]: Add
AES-NI/AVX2 bulk functions.
* configure.ac: Add ''sm4-aesni-avx2-amd64.lo'.
--
This patch adds x86-64/AES-NI/AVX2 bulk encryption/decryption. Bulk
functions process 16 blocks in parallel.
Benchmark on AMD Ryzen 7 3700X:
Before:
SM4 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
CBC enc | 8.98 ns/B 106.2 MiB/s 38.62 c/B 4300
CBC dec | 1.55 ns/B 613.7 MiB/s 6.64 c/B 4275
CFB enc | 8.96 ns/B 106.4 MiB/s 38.52 c/B 4300
CFB dec | 1.54 ns/B 617.4 MiB/s 6.60 c/B 4275
CTR enc | 1.57 ns/B 607.8 MiB/s 6.75 c/B 4300
CTR dec | 1.57 ns/B 608.9 MiB/s 6.74 c/B 4300
OCB enc | 1.58 ns/B 603.8 MiB/s 6.75 c/B 4275
OCB dec | 1.57 ns/B 605.7 MiB/s 6.73 c/B 4275
OCB auth | 1.53 ns/B 624.5 MiB/s 6.57 c/B 4300
After (~56% faster than AES-NI/AVX impl.):
SM4 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
CBC enc | 8.93 ns/B 106.8 MiB/s 38.61 c/B 4326
CBC dec | 0.984 ns/B 969.5 MiB/s 4.23 c/B 4300
CFB enc | 8.93 ns/B 106.8 MiB/s 38.62 c/B 4325
CFB dec | 0.983 ns/B 970.3 MiB/s 4.23 c/B 4300
CTR enc | 0.998 ns/B 955.1 MiB/s 4.29 c/B 4300
CTR dec | 0.996 ns/B 957.4 MiB/s 4.28 c/B 4300
OCB enc | 1.00 ns/B 951.8 MiB/s 4.31 c/B 4300
OCB dec | 1.00 ns/B 951.8 MiB/s 4.31 c/B 4300
OCB auth | 0.993 ns/B 960.2 MiB/s 4.28 c/B 4304±2
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'sm4-aesni-avx-amd64.S'.
* cipher/sm4-aesni-avx-amd64.S: New.
* cipher/sm4.c (USE_AESNI_AVX, ASM_FUNC_ABI): New.
(SM4_context) [USE_AESNI_AVX]: Add 'use_aesni_avx'.
[USE_AESNI_AVX] (_gcry_sm4_aesni_avx_expand_key)
(_gcry_sm4_aesni_avx_crypt_blk1_8, _gcry_sm4_aesni_avx_ctr_enc)
(_gcry_sm4_aesni_avx_cbc_dec, _gcry_sm4_aesni_avx_cfb_dec)
(_gcry_sm4_aesni_avx_ocb_enc, _gcry_sm4_aesni_avx_ocb_dec)
(_gcry_sm4_aesni_avx_ocb_auth, sm4_aesni_avx_crypt_blk1_8): New.
(sm4_expand_key) [USE_AESNI_AVX]: Use AES-NI/AVX key setup.
(sm4_setkey): Enable AES-NI/AVX if supported by HW.
(_gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec, _gcry_sm4_cfb_dec)
(_gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth) [USE_AESNI_AVX]: Add
AES-NI/AVX bulk functions.
* configure.ac: Add ''sm4-aesni-avx-amd64.lo'.
--
This patch adds x86-64/AES-NI/AVX bulk encryption/decryption and key
setup for SM4 cipher. Bulk functions process eight blocks in parallel.
Benchmark on AMD Ryzen 7 3700X:
Before:
SM4 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
CBC enc | 8.94 ns/B 106.7 MiB/s 38.66 c/B 4325
CBC dec | 4.78 ns/B 199.7 MiB/s 20.42 c/B 4275
CFB enc | 8.95 ns/B 106.5 MiB/s 38.72 c/B 4325
CFB dec | 4.81 ns/B 198.2 MiB/s 20.57 c/B 4275
CTR enc | 4.81 ns/B 198.2 MiB/s 20.69 c/B 4300
CTR dec | 4.80 ns/B 198.8 MiB/s 20.63 c/B 4300
GCM auth | 0.116 ns/B 8232 MiB/s 0.504 c/B 4351
OCB enc | 4.88 ns/B 195.5 MiB/s 20.86 c/B 4275
OCB dec | 4.85 ns/B 196.6 MiB/s 20.86 c/B 4301
OCB auth | 4.80 ns/B 198.9 MiB/s 20.62 c/B 4301
After (~3.0x faster):
SM4 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
CBC enc | 8.98 ns/B 106.2 MiB/s 38.62 c/B 4300
CBC dec | 1.55 ns/B 613.7 MiB/s 6.64 c/B 4275
CFB enc | 8.96 ns/B 106.4 MiB/s 38.52 c/B 4300
CFB dec | 1.54 ns/B 617.4 MiB/s 6.60 c/B 4275
CTR enc | 1.57 ns/B 607.8 MiB/s 6.75 c/B 4300
CTR dec | 1.57 ns/B 608.9 MiB/s 6.74 c/B 4300
OCB enc | 1.58 ns/B 603.8 MiB/s 6.75 c/B 4275
OCB dec | 1.57 ns/B 605.7 MiB/s 6.73 c/B 4275
OCB auth | 1.53 ns/B 624.5 MiB/s 6.57 c/B 4300
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
sm4 avx fix
sm4 avx fix
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher.c (_gcry_cipher_open_internal): Add SM4 bulk
functions.
* cipher/sm4.c (ATTR_ALIGNED_64): New.
(sbox): Convert to ...
(sbox_table): ... this structure for sbox hardening as is done
for AES and GCM.
(prefetch_sbox_table): New.
(sm4_t_non_lin_sub): Make inline; Optimize sbox access pattern.
(sm4_key_lin_sub): Make inline; Tune slightly.
(sm4_key_sub, sm4_enc_sub): Make inline.
(sm4_round): Make inline; Take 'x' as separate parameters instead
of array.
(sm4_expand_key): Return void; Drop keylen; Unroll loops by 4;
Wipe sensitive variables at end; Move key-length check to
'sm4_setkey'.
(sm4_setkey): Add initial self-test step; Add key-length check;
Remove burn stack (as variables wiped in 'sm4_expand_key').
(sm4_do_crypt): Return burn stack depth; Unroll loops by 4.
(sm4_encrypt, sm4_decrypt): Prefetch sbox table; Return burn
stack from 'sm4_do_crypt', as allows tail-call optimization
by compiler.
(sm4_do_crypt_blks2): New two parallel block function for greater
instruction level parallelism.
(sm4_crypt_blocks, _gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec)
(_gcry_sm4_cfb_dec, _gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth): New
bulk processing functions.
(selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): New
bulk processing self-tests.
(sm4_selftest): Clear SM4 context before use; Use 'sm4_expand_key'
instead of 'sm4_setkey'; Call bulk processing self-tests.
* src/cipher.h (_gcry_sm4_ctr_enc, _gcry_sm4_ctr_dec)
(_gcry_sm4_cfb_dec, _gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth): New.
* tests/basic.c (check_ocb_cipher): Add SM4-OCB test vector.
--
Benchmark on AMD Ryzen 7 3700X (x86-64):
Before:
SM4 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 17.69 ns/B 53.92 MiB/s 76.50 c/B 4326
ECB dec | 17.74 ns/B 53.77 MiB/s 76.72 c/B 4325
CBC enc | 18.14 ns/B 52.56 MiB/s 78.47 c/B 4325
CBC dec | 18.05 ns/B 52.83 MiB/s 78.09 c/B 4326
CFB enc | 18.19 ns/B 52.44 MiB/s 78.67 c/B 4326
CFB dec | 18.16 ns/B 52.53 MiB/s 78.53 c/B 4326
OFB enc | 16.82 ns/B 56.70 MiB/s 72.96 c/B 4338
OFB dec | 16.87 ns/B 56.53 MiB/s 72.96 c/B 4325
CTR enc | 18.17 ns/B 52.47 MiB/s 78.62 c/B 4326
CTR dec | 18.02 ns/B 52.94 MiB/s 77.92 c/B 4325
XTS enc | 17.70 ns/B 53.87 MiB/s 76.11 c/B 4300
XTS dec | 17.65 ns/B 54.04 MiB/s 76.28 c/B 4323±1
CCM enc | 33.76 ns/B 28.25 MiB/s 146.9 c/B 4350
CCM dec | 34.07 ns/B 27.99 MiB/s 147.4 c/B 4326
CCM auth | 16.97 ns/B 56.19 MiB/s 73.41 c/B 4325
EAX enc | 34.02 ns/B 28.03 MiB/s 147.1 c/B 4325
EAX dec | 36.56 ns/B 26.08 MiB/s 159.1 c/B 4350
EAX auth | 17.02 ns/B 56.03 MiB/s 73.62 c/B 4325
GCM enc | 16.76 ns/B 56.90 MiB/s 72.50 c/B 4325
GCM dec | 18.01 ns/B 52.94 MiB/s 78.37 c/B 4350
GCM auth | 0.120 ns/B 7975 MiB/s 0.517 c/B 4325
OCB enc | 18.19 ns/B 52.43 MiB/s 78.68 c/B 4325
OCB dec | 18.15 ns/B 52.54 MiB/s 78.51 c/B 4325
OCB auth | 16.87 ns/B 56.54 MiB/s 72.95 c/B 4325
After (non-parallalizeble modes ~2.0x faster, parallel modes ~3.8x):
SM4 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 8.28 ns/B 115.1 MiB/s 35.84 c/B 4327±1
ECB dec | 8.33 ns/B 114.4 MiB/s 36.13 c/B 4336±1
CBC enc | 8.94 ns/B 106.7 MiB/s 38.66 c/B 4325
CBC dec | 4.78 ns/B 199.7 MiB/s 20.42 c/B 4275
CFB enc | 8.95 ns/B 106.5 MiB/s 38.72 c/B 4325
CFB dec | 4.81 ns/B 198.2 MiB/s 20.57 c/B 4275
OFB enc | 8.48 ns/B 112.5 MiB/s 36.66 c/B 4325
OFB dec | 8.42 ns/B 113.3 MiB/s 36.41 c/B 4325
CTR enc | 4.81 ns/B 198.2 MiB/s 20.69 c/B 4300
CTR dec | 4.80 ns/B 198.8 MiB/s 20.63 c/B 4300
XTS enc | 8.75 ns/B 109.0 MiB/s 37.83 c/B 4325
XTS dec | 8.86 ns/B 107.7 MiB/s 38.30 c/B 4326
CCM enc | 13.74 ns/B 69.42 MiB/s 59.42 c/B 4325
CCM dec | 13.77 ns/B 69.25 MiB/s 59.57 c/B 4326
CCM auth | 8.87 ns/B 107.5 MiB/s 38.36 c/B 4325
EAX enc | 13.76 ns/B 69.29 MiB/s 59.54 c/B 4326
EAX dec | 13.77 ns/B 69.25 MiB/s 59.57 c/B 4325
EAX auth | 8.89 ns/B 107.3 MiB/s 38.44 c/B 4325
GCM enc | 4.96 ns/B 192.3 MiB/s 21.20 c/B 4275
GCM dec | 4.91 ns/B 194.4 MiB/s 21.10 c/B 4300
GCM auth | 0.116 ns/B 8232 MiB/s 0.504 c/B 4351
OCB enc | 4.88 ns/B 195.5 MiB/s 20.86 c/B 4275
OCB dec | 4.85 ns/B 196.6 MiB/s 20.86 c/B 4301
OCB auth | 4.80 ns/B 198.9 MiB/s 20.62 c/B 4301
Benchmark on ARM Cortex-A53 (aarch64):
Before:
SM4 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 84.08 ns/B 11.34 MiB/s 54.48 c/B 648.0
ECB dec | 84.07 ns/B 11.34 MiB/s 54.47 c/B 648.0
CBC enc | 84.90 ns/B 11.23 MiB/s 55.01 c/B 647.9
CBC dec | 84.69 ns/B 11.26 MiB/s 54.87 c/B 648.0
CFB enc | 84.55 ns/B 11.28 MiB/s 54.79 c/B 648.0
CFB dec | 84.55 ns/B 11.28 MiB/s 54.78 c/B 648.0
OFB enc | 84.45 ns/B 11.29 MiB/s 54.72 c/B 647.9
OFB dec | 84.45 ns/B 11.29 MiB/s 54.72 c/B 648.0
CTR enc | 85.42 ns/B 11.16 MiB/s 55.35 c/B 648.0
CTR dec | 85.42 ns/B 11.16 MiB/s 55.35 c/B 648.0
XTS enc | 88.72 ns/B 10.75 MiB/s 57.49 c/B 648.0
XTS dec | 88.71 ns/B 10.75 MiB/s 57.48 c/B 648.0
CCM enc | 170.2 ns/B 5.60 MiB/s 110.3 c/B 647.9
CCM dec | 170.2 ns/B 5.60 MiB/s 110.3 c/B 648.0
CCM auth | 84.27 ns/B 11.32 MiB/s 54.60 c/B 648.0
EAX enc | 170.6 ns/B 5.59 MiB/s 110.5 c/B 648.0
EAX dec | 170.6 ns/B 5.59 MiB/s 110.5 c/B 648.0
EAX auth | 84.51 ns/B 11.29 MiB/s 54.76 c/B 648.0
GCM enc | 86.99 ns/B 10.96 MiB/s 56.36 c/B 648.0
GCM dec | 87.00 ns/B 10.96 MiB/s 56.37 c/B 648.0
GCM auth | 1.56 ns/B 609.9 MiB/s 1.01 c/B 648.0
OCB enc | 86.77 ns/B 10.99 MiB/s 56.22 c/B 648.0
OCB dec | 86.77 ns/B 10.99 MiB/s 56.22 c/B 648.0
OCB auth | 86.20 ns/B 11.06 MiB/s 55.85 c/B 648.0
After (non-parallalizable modes ~30% faster, parallel modes ~80%):
SM4 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 64.85 ns/B 14.71 MiB/s 42.02 c/B 648.0
ECB dec | 64.78 ns/B 14.72 MiB/s 41.98 c/B 648.0
CBC enc | 64.53 ns/B 14.78 MiB/s 41.81 c/B 647.9
CBC dec | 45.09 ns/B 21.15 MiB/s 29.21 c/B 648.0
CFB enc | 64.56 ns/B 14.77 MiB/s 41.84 c/B 648.0
CFB dec | 45.52 ns/B 20.95 MiB/s 29.49 c/B 647.9
OFB enc | 64.14 ns/B 14.87 MiB/s 41.56 c/B 648.0
OFB dec | 64.14 ns/B 14.87 MiB/s 41.56 c/B 648.0
CTR enc | 45.54 ns/B 20.94 MiB/s 29.51 c/B 648.0
CTR dec | 45.53 ns/B 20.95 MiB/s 29.50 c/B 648.0
XTS enc | 67.88 ns/B 14.05 MiB/s 43.98 c/B 648.0
XTS dec | 67.69 ns/B 14.09 MiB/s 43.86 c/B 648.0
CCM enc | 110.6 ns/B 8.62 MiB/s 71.66 c/B 648.0
CCM dec | 110.2 ns/B 8.65 MiB/s 71.42 c/B 648.0
CCM auth | 64.87 ns/B 14.70 MiB/s 42.04 c/B 648.0
EAX enc | 109.9 ns/B 8.68 MiB/s 71.22 c/B 648.0
EAX dec | 109.9 ns/B 8.68 MiB/s 71.22 c/B 648.0
EAX auth | 64.37 ns/B 14.81 MiB/s 41.71 c/B 648.0
GCM enc | 47.07 ns/B 20.26 MiB/s 30.51 c/B 648.0
GCM dec | 47.08 ns/B 20.26 MiB/s 30.51 c/B 648.0
GCM auth | 1.55 ns/B 614.7 MiB/s 1.01 c/B 648.0
OCB enc | 48.38 ns/B 19.71 MiB/s 31.35 c/B 648.0
OCB dec | 48.11 ns/B 19.82 MiB/s 31.17 c/B 648.0
OCB auth | 46.71 ns/B 20.42 MiB/s 30.27 c/B 648.0
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
| |
* cipher/ecc.c (ecc_sign): Ed448 is only for EdDSA.
Hash algo is determined by the curve.
(ecc_verify): Likewise.
* tests/t-ed448.c (one_test): Don't specify (flags eddsa).
Don't specify hash-algo.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): It may be
the encoding context which determines EdDSA. Hash-algo can be
omitted. Flags are OR-ed.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_compute_h_d): Simplify.
(DOM4_0_NONE, DOM4_0_NONE_LEN): Remove.
(DOM25519, DOM25519_LEN): New.
(DOM448, DOM448_LEN): New.
(_gcry_ecc_eddsa_sign): Support EdDSA with context and PH.
(_gcry_ecc_eddsa_verify): Likewise.
* tests/t-ed448.c: Add tests with context and PH=1.
* tests/t-ed448.inp: Add test data.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* cipher/ecc-common.h (_gcry_ecc_eddsa_sign): Last arg is CTX.
(_gcry_ecc_eddsa_verify): Ditto.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Get hash algo from CTX.
(_gcry_ecc_eddsa_verify): Ditto.
* cipher/ecc.c (ecc_sign, ecc_verify): Follow the change.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
| |
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Handle ctx->label.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
| |
* cipher/ecc.c (ecc_sign): Initialize key at first.
(ecc_verify): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
| |
* src/cipher.h (PUBKEY_FLAG_PREHASH): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse it.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* cipher/ecc.c (check_secret_key): Ed448 means EdDSA.
(ecc_generate): Likewise.
* tests/t-ed448.c (one_test): Remove the flag in key.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
| |
* cipher/ecc-misc.c (_gcry_ecc_compute_public): Handle Ed448.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_ciphers): Add SM4 check and test-vectors.
--
The added test vectors are from:
https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10#appendix-A.2
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add sm4.c.
* cipher/cipher.c (cipher_list, cipher_list_algo301): Add
_gcry_cipher_spec_sm4.
* cipher/mac-cmac.c (map_mac_algo_to_cipher): Add cmac SM4.
(_gcry_mac_type_spec_cmac_sm4): Add cmac SM4.
* cipher/mac-internal.h: Declare spec_cmac_sm4.
* cipher/mac.c (mac_list, mac_list_algo201): Add cmac SM4.
* cipher/sm4.c: New.
* configure.ac (available_ciphers): Add sm4.
* doc/gcrypt.texi: Add SM4 document.
* src/cipher.h: Add declarations for SM4 and cmac SM4.
* src/gcrypt.h.in (gcry_cipher_algos): Add algorithm ID for SM4.
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
[jk: add missing mapping in mac-cmac.c:map_mac_algo_to_cipher]
[jk: add GCRY_MAC_CMAC_SM4 to gcrypt.texi]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
| |
* doc/gcrypt.texi: add GCRY_MD_SM3, GCRY_MAC_HMAC_SM3 and
GCRY_MAC_GOST28147_IMIT.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
