| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
* cipher/dsa.c (sign): Call mpi_invm before _gcry_dsa_modify_k.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
| |
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
| |
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
| |
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
| |
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
| |
Not yet working.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* configure.ac (LIBGCRYPT_CONFIG_LIBS): Remove DL_LIBS.
* src/libgcrypt.c.in: Distinguish static link use case.
* tests/Makefile.am: Fix use of -lgpg-error.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* src/Makefile.am (libgcrypt_la_LIBADD): Add DL_LIBS.
(mpicalc_LDADD): Remove DL_LIBS.
* tests/Makefile.am (standard_ldadd): Remove DL_LIBS.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* cipher/crc-ppc.c (CRC_VEC_U64_LOAD_BE): Move implementation to...
(asm_vec_u64_load_be): ...here; Add "r0" to clobber list for load
instruction when offset is not zero; Add zero offset path.
--
Register r0 must not be used for RA input for vector load/store
instructions as r0 is not read as register but as value '0'.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
| |
* cipher/rijndael-ppc-common.h (asm_aligned_ld, asm_aligned_st): Use
zero offset instruction variant when input offset is constant zero.
* cipher/rijndael-ppc.c (asm_load_be_noswap)
(asm_store_be_noswap): Likewise.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Add 'rijndael-ppc9le.lo'.
* cipher/Makefile.am: Add 'rijndael-ppc9le.c', 'rijndael-ppc-common.h'
and 'rijndael-ppc-functions.h'.
* cipher/rijndael-internal.h (USE_PPC_CRYPTO_WITH_PPC9LE): New.
(RIJNDAEL_context_s): Add 'use_ppc9le_crypto'.
* cipher/rijndael.c (_gcry_aes_ppc9le_encrypt)
(_gcry_aes_ppc9le_decrypt, _gcry_aes_ppc9le_cfb_enc)
(_gcry_aes_ppc9le_cfb_dec, _gcry_aes_ppc9le_ctr_enc)
(_gcry_aes_ppc9le_cbc_enc, _gcry_aes_ppc9le_cbc_dec)
(_gcry_aes_ppc9le_ocb_crypt, _gcry_aes_ppc9le_ocb_auth)
(_gcry_aes_ppc9le_xts_crypt): New.
(do_setkey, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
(_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
(_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth, _gcry_aes_xts_crypt)
[USE_PPC_CRYPTO_WITH_PPC9LE]: New.
* cipher/rijndael-ppc.c: Split common code to headers
'rijndael-ppc-common.h' and 'rijndael-ppc-functions.h'.
* cipher/rijndael-ppc-common.h: Split from 'rijndael-ppc.c'.
(asm_add_uint64, asm_sra_int64, asm_swap_uint64_halfs): New.
* cipher/rijndael-ppc-functions.h: Split from 'rijndael-ppc.c'.
(CFB_ENC_FUNC, CBC_ENC_FUNC): Unroll loop by 2.
(XTS_CRYPT_FUNC, GEN_TWEAK): Tweak generation without vperm
instruction.
* cipher/rijndael-ppc9le.c: New.
--
Provide POWER9 little-endian optimized variant of PPC vcrypto AES
implementation. This implementation uses 'lxvb16x' and 'stxvb16x'
instructions to load/store vectors directly in big-endian order.
Benchmark on POWER9 (~3.8Ghz):
Before:
AES | nanosecs/byte mebibytes/sec cycles/byte
CBC enc | 1.04 ns/B 918.7 MiB/s 3.94 c/B
CBC dec | 0.222 ns/B 4292 MiB/s 0.844 c/B
CFB enc | 1.04 ns/B 916.9 MiB/s 3.95 c/B
CFB dec | 0.224 ns/B 4252 MiB/s 0.852 c/B
CTR enc | 0.226 ns/B 4218 MiB/s 0.859 c/B
CTR dec | 0.225 ns/B 4233 MiB/s 0.856 c/B
XTS enc | 0.500 ns/B 1907 MiB/s 1.90 c/B
XTS dec | 0.494 ns/B 1932 MiB/s 1.88 c/B
OCB enc | 0.288 ns/B 3312 MiB/s 1.09 c/B
OCB dec | 0.292 ns/B 3266 MiB/s 1.11 c/B
OCB auth | 0.267 ns/B 3567 MiB/s 1.02 c/B
After (ctr & ocb & cbc-dec & cfb-dec ~15% and xts ~8% faster):
AES | nanosecs/byte mebibytes/sec cycles/byte
CBC enc | 1.04 ns/B 914.2 MiB/s 3.96 c/B
CBC dec | 0.191 ns/B 4984 MiB/s 0.727 c/B
CFB enc | 1.03 ns/B 930.0 MiB/s 3.90 c/B
CFB dec | 0.194 ns/B 4906 MiB/s 0.739 c/B
CTR enc | 0.196 ns/B 4868 MiB/s 0.744 c/B
CTR dec | 0.197 ns/B 4834 MiB/s 0.750 c/B
XTS enc | 0.460 ns/B 2075 MiB/s 1.75 c/B
XTS dec | 0.455 ns/B 2097 MiB/s 1.73 c/B
OCB enc | 0.250 ns/B 3812 MiB/s 0.951 c/B
OCB dec | 0.253 ns/B 3764 MiB/s 0.963 c/B
OCB auth | 0.232 ns/B 4106 MiB/s 0.883 c/B
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-internal.h (gcry_cipher_handle): Add
'marks.allow_weak_key' flag.
* cipher/cipher.c (cipher_setkey): Do not handle weak key as error when
weak keys are allowed.
(cipher_reset): Preserve 'marks.allow_weak_key' flag on object reset.
(_gcry_cipher_ctl): Add handling for GCRYCTL_SET_ALLOW_WEAK_KEY.
* src/gcrypt.h.in (gcry_ctl_cmds): Add GCRYCTL_SET_ALLOW_WEAK_KEY.
* tests/basic.c (check_ecb_cipher): Add tests for weak key errors and
for GCRYCTL_SET_ALLOW_WEAK_KEY.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
| |
* random/random-drbg.c: Include config.h earlier.
--
GnuPG-bug-id: 4818
Reported-by: Bruno Haible
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* src/sexp.c (do_vsexp_sscan): Change 'datalen' from 'int' to
'size_t'; Remove &datalen pointer cast to 'size_t *' type.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
| |
* mpi/i386/mpih-add1.S (_gcry_mpih_add_n) [PIC]: Adjust CFI CFA offset
when making call and restoring stack pointer.
* mpi/i386/mpih-sub1.S (_gcry_mpih_sub_n) [PIC]: Ditto.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/i386/mpih-add1.S (_gcry_mpih_add_n): Save and restore
%ebx if IBT is enabed. Add _CET_ENDBR to indirect jump targets
and adjust jump destination for _CET_ENDBR.
* mpi/i386/mpih-sub1.S (_gcry_mpih_sub_n): Likewise.
--
i386 mpih-add1.S and mpih-sub1.S use a trick to implment jump tables
with LEA. We can't use conditional branches nor normal jump tables
since jump table entries use EFLAGS set by jump table index. This
patch adds _CET_ENDBR to indirect jump targets and adjust destination
for _CET_ENDBR.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/camellia-aesni-avx-amd64.S: Always include <config.h>.
* cipher/camellia-aesni-avx2-amd64.S: Likewise.
* cipher/serpent-avx2-amd64.S: Likewise.
--
When Intel CET is enabled, we need to include <cet.h> in assembly
codes to mark Intel CET support even if it is empty. We should
always include <config.h> in cipher amd64 assembly codes so that
they will be marked for Intel CET support when compiling for i686.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
* mpi/config.links: Include <cet.h> in <asm-syntax.h>.
--
When Intel CET is enabled, include <cet.h> in <asm-syntax.h> for
assembly codes to mark Intel CET support.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Include <cet.h> in <config.h> for assembly
codes.
--
When Intel CET is enabled, include <cet.h> in <config.h> for assembly
codes to mark Intel CET support.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
| |
|
|
|
|
| |
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/global.c (_gcry_check_version): Fix missing newline.
* src/basic.c (ALWAYS_INLINE, CLUTTER_REGISTER_*, prepare_vector_data)
(clutter_vector_registers): New.
(progress_handler): Make static function.
(check_bulk_cipher_modes, check_one_cipher_core_reset)
(check_one_cipher_core, check_one_md, check_one_md_multi)
(check_one_md_final, check_one_mac): Clutter vector registers before
gcry_* calls to cipher/md/mac algorithms.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-gcm-armv8-aarch64-ce.S
(_gcry_ghash_setup_armv8_ce_pmull): Set vZZ to zero.
--
Reported by "Marvin W." at https://dev.gnupg.org/D497:
>
> The register vZZ.16b is expected to be always 0 throughout the macros
> in cipher/cipher-gcm-armv8-aarch64-ce.S. The PMUL_128x128 and REDUCTION
> macros are used in gcry_ghash_setup_armv8_ce_pmull function, however that
> function does not set vZZ.16b to zero. If previous use left `vZZ.16b
> non-zero before gcry_ghash_setup_armv8_ce_pmull is called, this will cause
> invalid GCM auth tag results.
>
> The patch resets vZZ.16b to 0 at the beginning of
> gcry_ghash_setup_armv8_ce_pmull.
>
[jk: from differential web-ui to commit]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_pubkey): Add test cases for ecc-sm2.
--
Original change was modified by gniibe to limit only for ECDSA.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (enabled_pubkey_ciphers): Add ecc-sm2.
* cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add ecc-sm2.c.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist,
_gcry_pk_util_preparse_sigval): Add sm2 flags.
* cipher/ecc.c: Support ecc-sm2.
* cipher/ecc-common.h: Add declarations for ecc-sm2.
* cipher/ecc-sm2.c: New.
* src/cipher.h: Define PUBKEY_FLAG_SM2.
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
|
|
|
|
| |
* cipher/ecc-gost.c (_gcry_ecc_gost_sign): Use implemented function.
* cipher/ecc.c (ecc_verify): Remove redundant code.
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
|
|
|
| |
* tests/basic.c (check_pubkey): Fix constants of pubkeys.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (HAVE_ULONG_TYPEDEF): Remove.
* mpi/mpi-div.c (_gcry_mpi_fdiv_r_ui): Use unsigned long.
(_gcry_mpi_divisible_ui): Likewise.
* random/rndunix.c (_gcry_rndunix_gather_random): Likewise.
* random/rndw32.c (_gcry_rndw32_gather_random_fast): Likewise.
(ADDINT): Likewise.
* random/rndw32ce.c (_gcry_rndw32ce_gather_random_fast): Likewise.
* src/mpi.h: Follow the change.
* src/types.h (HAVE_ULONG_TYPEDEF): Remove.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
| |
* doc/gcrypt.texi: Fix GCRYCTL_GET_ALGO_NENC to GCRYCTL_GET_ALGO_NENCR.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Initialize E->G poing
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
|
|
|
| |
* cipher/ecc.c (ecc_generate): Fix wrong flag and elements_enc.
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
| |
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
|
|
|
| |
* cipher/ecc-curves.c (domain_parms): Add sm2p256v1 for SM2.
* tests/curves.c (N_CURVES): Update N_CURVES for SM2.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rijndael-ppc.c (ALIGNED_LOAD, ALIGNED_STORE, VEC_LOAD_BE)
(VEC_STORE_BE): Rewrite.
(VEC_BE_SWAP, VEC_LOAD_BE_NOSWAP, VEC_STORE_BE_NOSWAP): New.
(PRELOAD_ROUND_KEYS, AES_ENCRYPT, AES_DECRYPT): Adjust to new
input parameters for vector load macros.
(ROUND_KEY_VARIABLES_ALL, PRELOAD_ROUND_KEYS_ALL)
(AES_ENCRYPT_ALL): New.
(vec_bswap32_const_neg): New.
(vec_aligned_ld, vec_aligned_st, vec_load_be_const): Rename to...
(asm_aligned_ls, asm_aligned_st, asm_load_be_const): ...these.
(asm_be_swap, asm_vperm1, asm_load_be_noswap)
(asm_store_be_noswap): New.
(vec_add_uint128): Rename to...
(asm_add_uint128): ...this.
(asm_xor, asm_cipher_be, asm_cipherlast_be, asm_ncipher_be)
(asm_ncipherlast_be): New inline assembly functions with volatile
keyword to allow manual instruction ordering.
(_gcry_aes_ppc8_setkey, aes_ppc8_prepare_decryption)
(_gcry_aes_ppc8_encrypt, _gcry_aes_ppc8_decrypt)
(_gcry_aes_ppc8_cfb_enc, _gcry_aes_ppc8_cbc_enc)
(_gcry_aes_ppc8_ocb_auth): Update to use new&rewritten helper macros.
(_gcry_aes_ppc8_cfb_dec, _gcry_aes_ppc8_cbc_dec)
(_gcry_aes_ppc8_ctr_enc, _gcry_aes_ppc8_ocb_crypt)
(_gcry_aes_ppc8_xts_crypt): Update to use new&rewritten helper
macros; Tune 8-block parallel paths with manual instruction ordering.
--
Benchmarks on POWER8 (ppc64le, ~3.8Ghz):
Before:
AES | nanosecs/byte mebibytes/sec cycles/byte
CBC enc | 1.06 ns/B 902.2 MiB/s 4.02 c/B
CBC dec | 0.208 ns/B 4585 MiB/s 0.790 c/B
CFB enc | 1.06 ns/B 900.4 MiB/s 4.02 c/B
CFB dec | 0.208 ns/B 4588 MiB/s 0.790 c/B
CTR enc | 0.238 ns/B 4007 MiB/s 0.904 c/B
CTR dec | 0.238 ns/B 4009 MiB/s 0.904 c/B
XTS enc | 0.492 ns/B 1937 MiB/s 1.87 c/B
XTS dec | 0.488 ns/B 1955 MiB/s 1.85 c/B
OCB enc | 0.243 ns/B 3928 MiB/s 0.922 c/B
OCB dec | 0.247 ns/B 3858 MiB/s 0.939 c/B
OCB auth | 0.213 ns/B 4482 MiB/s 0.809 c/B
After (cbc-dec & cfb-dec & xts & ocb ~6% faster, ctr ~11% faster):
AES | nanosecs/byte mebibytes/sec cycles/byte
CBC enc | 1.06 ns/B 902.1 MiB/s 4.02 c/B
CBC dec | 0.196 ns/B 4877 MiB/s 0.743 c/B
CFB enc | 1.06 ns/B 902.2 MiB/s 4.02 c/B
CFB dec | 0.195 ns/B 4889 MiB/s 0.741 c/B
CTR enc | 0.214 ns/B 4448 MiB/s 0.815 c/B
CTR dec | 0.214 ns/B 4452 MiB/s 0.814 c/B
XTS enc | 0.461 ns/B 2067 MiB/s 1.75 c/B
XTS dec | 0.456 ns/B 2092 MiB/s 1.73 c/B
OCB enc | 0.227 ns/B 4200 MiB/s 0.863 c/B
OCB dec | 0.234 ns/B 4072 MiB/s 0.890 c/B
OCB auth | 0.207 ns/B 4604 MiB/s 0.787 c/B
Benchmarks on POWER9 (ppc64le, ~3.8Ghz):
Before:
AES | nanosecs/byte mebibytes/sec cycles/byte
CBC enc | 1.04 ns/B 918.7 MiB/s 3.94 c/B
CBC dec | 0.240 ns/B 3982 MiB/s 0.910 c/B
CFB enc | 1.04 ns/B 917.6 MiB/s 3.95 c/B
CFB dec | 0.241 ns/B 3963 MiB/s 0.914 c/B
CTR enc | 0.249 ns/B 3835 MiB/s 0.945 c/B
CTR dec | 0.252 ns/B 3787 MiB/s 0.957 c/B
XTS enc | 0.505 ns/B 1889 MiB/s 1.92 c/B
XTS dec | 0.495 ns/B 1926 MiB/s 1.88 c/B
OCB enc | 0.303 ns/B 3152 MiB/s 1.15 c/B
OCB dec | 0.305 ns/B 3129 MiB/s 1.16 c/B
OCB auth | 0.265 ns/B 3595 MiB/s 1.01 c/B
After (cbc-dec & cfb-dec ~6% faster, ctr ~11% faster, ocb ~4% faster):
AES | nanosecs/byte mebibytes/sec cycles/byte
CBC enc | 1.04 ns/B 917.3 MiB/s 3.95 c/B
CBC dec | 0.225 ns/B 4234 MiB/s 0.856 c/B
CFB enc | 1.04 ns/B 917.8 MiB/s 3.95 c/B
CFB dec | 0.226 ns/B 4214 MiB/s 0.860 c/B
CTR enc | 0.221 ns/B 4306 MiB/s 0.842 c/B
CTR dec | 0.223 ns/B 4271 MiB/s 0.848 c/B
XTS enc | 0.503 ns/B 1897 MiB/s 1.91 c/B
XTS dec | 0.495 ns/B 1928 MiB/s 1.88 c/B
OCB enc | 0.288 ns/B 3309 MiB/s 1.10 c/B
OCB dec | 0.292 ns/B 3266 MiB/s 1.11 c/B
OCB auth | 0.267 ns/B 3570 MiB/s 1.02 c/B
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
| |
* cipher/rijndael-ppc.c (vec_aligned_ld, vec_load_be, vec_aligned_st)
(vec_store_be): Add "r0" to clobber list for load/store instructions.
--
Register r0 must not be used for RA input for vector load/store
instructions as r0 is not read as register but as value '0'.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
| |
* cipher/cipher.c (_gcry_cipher_encrypt): Fix log "cipher_decrypt: ..."
to "cipher_encrypt: ...".
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/gost28147.c (gost_val): mark function as inline
--
This improves the speed of the cipher
Cipher:
GOST28147 | nanosecs/byte mebibytes/sec cycles/byte
Before:
ECB enc | 18.89 ns/B 50.48 MiB/s - c/B
ECB dec | 18.71 ns/B 50.96 MiB/s - c/B
After:
ECB enc | 17.83 ns/B 53.48 MiB/s - c/B
ECB dec | 17.38 ns/B 54.89 MiB/s - c/B
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* cipher/gost28147.c (_gcry_gost_enc_data): remove unused context
argument
* cipher/gostr3411-94.c (GOSTR3411_CONTEXT, gostr3411_init,
do_hash_step): remove unused GOST 28147-89 context.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/gost28147.c (gost_val, _gost_encrypt_data): don't use gost
context internally
* cipher/gost28147.c (gost_encrypt_block, gost_decrypt_block,
_gcry_gost_enc_data): adapt to internal changes.
--
This saves us one memcpy in _gcry_gost_enc_data(), thus speeding up
GOST R 34.11-94.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/gostr3411-94.c (do_p): unroll loop for a small spedup
--
Before:
GOSTR3411_94 | 25.12 ns/B 37.96 MiB/s - c/B
GOSTR3411_CP | 25.14 ns/B 37.93 MiB/s - c/B
After:
GOSTR3411_94 | 24.57 ns/B 38.81 MiB/s - c/B
GOSTR3411_CP | 24.59 ns/B 38.79 MiB/s - c/B
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (domain_parms): rename GOST 2012 curves to contain
curve bit size
(curve_aliases): rename curves, provide backwards-compatible
aliases, add new OIDs and two new curves.
* cipher/ecc-curves.c (curve_aliases): add new OIDs and aliases for
* tests/basic.c (check_pubkey): use new name for GOST2012 512-bit test
curve.
* tests/benchmark.c (ecc_bench): use new name for GOST2012 512-bit test
curve.
--
Rename old GOST2012 curves to specifically mention that they are 512-bit
curves, add new OIDs for old curves and add two new curves.
Signed-off-by: Paul Wolneykien <manowar@altlinux.org>
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/ec.c (ec_mulm_448): Cast constants to (mpi_limb_t) before
shifting left by 32.
--
Patch fixes following warnings:
.../libgcrypt/mpi/ec.c: In function 'ec_mulm_448':
.../libgcrypt/mpi/ec.c:563:35: warning: left shift count >= width of type [-Wshift-count-overflow]
563 | b0[LIMB_SIZE_HALF_448-1] &= (1UL<<32)-1;
| ^~
.../libgcrypt/mpi/ec.c:564:35: warning: left shift count >= width of type [-Wshift-count-overflow]
564 | a2[LIMB_SIZE_HALF_448-1] &= (1UL<<32)-1;
| ^~
.../libgcrypt/mpi/ec.c:576:29: warning: left shift count >= width of type [-Wshift-count-overflow]
576 | b1_rest = b1v & ((1UL <<32)-1);
| ^~
.../libgcrypt/mpi/ec.c:577:29: warning: left shift count >= width of type [-Wshift-count-overflow]
577 | a3_rest = a3v & ((1UL <<32)-1);
| ^~
.../libgcrypt/mpi/ec.c:586:37: warning: left shift count >= width of type [-Wshift-count-overflow]
586 | wp[LIMB_SIZE_HALF_448-1] &= ((1UL <<32)-1);
| ^~
.../libgcrypt/mpi/ec.c:603:29: warning: left shift count >= width of type [-Wshift-count-overflow]
603 | b1_rest = b1v & ((1UL <<32)-1);
| ^~
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
| |
* mpi/amd64/mpih-lshift.S: Convert to SSE2.
* mpi/amd64/mpih-rshift.S: Ditto.
--
On current Intel processors, MMX instructions is slower than SSE2. Switch
lshift and rshift functions to use SSE2 registers instead of MMX.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* LICENSES: Add 'sha512-ssse3-i386.c'.
* configure.ac: Add 'sha512-ssse3-i386.lo'.
* cipher/Makefile.am: Add 'sha512-ssse3-i386.c'.
* cipher/sha512-ssse3-i386.c: New.
* cipher/sha512.c (USE_SSSE3_I386, _gcry_sha512_transform_i386_ssse3)
(do_sha512_transform_i386_ssse3): New.
(_gcry_sha512_transform_arm) [USE_SSSE3_I386]: Use i386/SSSE3 transform
function if supported by CPU.
--
Benchmark on AMD Ryzen 7 3700X:
Before:
| nanosecs/byte mebibytes/sec cycles/byte auto Mhz
SHA512 | 12.58 ns/B 75.79 MiB/s 55.06 c/B 4375
After (~4.5x faster):
| nanosecs/byte mebibytes/sec cycles/byte auto Mhz
SHA512 | 2.78 ns/B 343.3 MiB/s 12.09 c/B 4351
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
| |
--
The only author of the code has been me and thus I change the license
to LGPL for practical reasons. Note that my peronal as well as the
g10 Code copyright assignments with the FSF have been terminated in
2010. Note further that for clarity I also added an additional
copyright notice for my company.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (domain_parms): Add X448.
* cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Support X448.
* mpi/ec.c (ec_addm_448, ec_subm_448, ec_mulm_448): New.
(ec_mul2_448, ec_pow2_448): New.
(field_table): Add for X448.
(curve448_bad_points): New.
(bad_points_table): New.
(ec_p_init): Use bad_points_table.
* tests/Makefile.am (t-x448): Add.
* tests/curves.c (N_CURVES): Update.
* tests/t-x448.c: New.
--
Note that it uses new practice of ECC_DIALECT_SAFECURVE (that is:
native for the algorithm; fixed-size and little-endian) for its point
representation and secret representation. It uses new practice in
public key, secret key, and ephemeral key in ECDH.
In future, when it will be applied to EdDSA, it will use new practice
also in "s" (integer) in signature, as well as "r" (point) in
signature.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/mpi.h (ECC_DIALECT_SAFECURVE): New.
* cipher/ecc-misc.c (_gcry_ecc_dialect2str): Support the new dialect.
* cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Support opaque
MPI handling of secret 'd' for ECC_DIALECT_SAFECURVE.
* cipher/ecc.c (nist_generate_key): Support opaque secret for
ECC_DIALECT_SAFECURVE.
(test_ecdh_only_keys): Likewise.
(ecc_generate): Support native point representation for
ECC_DIALECT_SAFECURVE.
(ecc_encrypt_raw): Support opaque MPI handling of secret and
native point representation for ECC_DIALECT_SAFECURVE.
(ecc_decrypt_raw): Support native point representation for
ECC_DIALECT_SAFECURVE.
(_gcry_pk_ecc_get_sexp): Likewise.
--
Possibly, in future, when we will change Ed25519 support
by ECC_DIALECT_SAFECURVE, for backward compatibility, we
will add left-padding zeros in mpi_ec_setup_elliptic_curve.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
