| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'aria.c'.
* cipher/aria.c: New.
* cipher/cipher.c (cipher_list, cipher_list_algo301): Add ARIA cipher
specs.
* cipher/mac-cmac.c (map_mac_algo_to_cipher): Add GCRY_MAC_CMAC_ARIA.
(_gcry_mac_type_spec_cmac_aria): New.
* cipher/mac-gmac.c (map_mac_algo_to_cipher): Add GCRY_MAC_GMAC_ARIA.
(_gcry_mac_type_spec_gmac_aria): New.
* cipher/mac-internal.h (_gcry_mac_type_spec_cmac_aria)
(_gcry_mac_type_spec_gmac_aria)
(_gcry_mac_type_spec_poly1305mac_aria): New.
* cipher/mac-poly1305.c (poly1305mac_open): Add GCRY_MAC_GMAC_ARIA.
(_gcry_mac_type_spec_poly1305mac_aria): New.
* cipher/mac.c (mac_list, mac_list_algo201, mac_list_algo401)
(mac_list_algo501): Add ARIA MAC specs.
* configure.ac (available_ciphers): Add 'aria'.
(GCRYPT_CIPHERS): Add 'aria.lo'.
(USE_ARIA): New.
* doc/gcrypt.texi: Add GCRY_CIPHER_ARIA128, GCRY_CIPHER_ARIA192,
GCRY_CIPHER_ARIA256, GCRY_MAC_CMAC_ARIA, GCRY_MAC_GMAC_ARIA and
GCRY_MAC_POLY1305_ARIA.
* src/cipher.h (_gcry_cipher_spec_aria128, _gcry_cipher_spec_aria192)
(_gcry_cipher_spec_aria256): New.
* src/gcrypt.h.in (gcry_cipher_algos): Add GCRY_CIPHER_ARIA128,
GCRY_CIPHER_ARIA192 and GCRY_CIPHER_ARIA256.
(gcry_mac_algos): GCRY_MAC_CMAC_ARIA, GCRY_MAC_GMAC_ARIA and
GCRY_MAC_POLY1305_ARIA.
* tests/basic.c (check_ecb_cipher, check_ctr_cipher)
(check_cfb_cipher, check_ocb_cipher) [USE_ARIA]: Add ARIA test-vectors.
(check_ciphers) [USE_ARIA]: Add GCRY_CIPHER_ARIA128, GCRY_CIPHER_ARIA192
and GCRY_CIPHER_ARIA256.
(main): Also run 'check_bulk_cipher_modes' for 'cipher_modes_only'-mode.
* tests/bench-slope.c (bench_mac_init): Add GCRY_MAC_POLY1305_ARIA
setiv-handling.
* tests/benchmark.c (mac_bench): Likewise.
--
This patch adds ARIA block cipher for libgcrypt. This implementation
is based on work by Taehee Yoo, with following notable changes:
- Integration to libgcrypt, use of bithelp.h and bufhelp.h helper
functions where possible.
- Added lookup table prefetching as is done in AES, GCM and SM4
implementations.
- Changed `get_u8` to return `u32` as returning `byte` caused
sub-optimal code generation with gcc-12/x86-64 (zero extending
from 8-bit to 32-bit register, followed by extraneous sign
extending from 32-bit to 64-bit register).
- Changed 'aria_crypt' loop structure a bit for tiny performance
increase (~1% seen with gcc-12/x86-64/zen4).
Benchmark on AMD Ryzen 9 7900X (x86-64):
ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 3.99 ns/B 239.1 MiB/s 22.43 c/B 5625
ECB dec | 4.00 ns/B 238.4 MiB/s 22.50 c/B 5625
Benchmark on AMD Ryzen 9 7900X (win32):
ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 4.57 ns/B 208.7 MiB/s 25.31 c/B 5538
ECB dec | 4.66 ns/B 204.8 MiB/s 25.39 c/B 5453
Benchmark on ARM Cortex-A53 (aarch64):
ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 74.69 ns/B 12.77 MiB/s 48.40 c/B 647.9
ECB dec | 74.99 ns/B 12.72 MiB/s 48.58 c/B 647.9
Cc: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher.c (cipher_list_algo301): Remove comma at the end
of last entry.
* cipher/mac-gmac.c (map_mac_algo_to_cipher): Add SM4.
(_gcry_mac_type_spec_gmac_sm4): New.
* cipher/max-internal.h (_gcry_mac_type_spec_gmac_sm4)
(_gcry_mac_type_spec_poly1305mac_sm4): New.
* cipher/mac-poly1305.c (poly1305mac_open): Add SM4.
(_gcry_mac_type_spec_poly1305mac_sm4): New.
* cipher/mac.c (mac_list, mac_list_algo401, mac_list_algo501): Add
GMAC-SM4 and Poly1304-SM4.
(mac_list_algo101): Remove comma at the end of last entry.
* cipher/md.c (digest_list_algo301): Remove comma at the end of
last entry.
* doc/gcrypt.texi: Add GCRY_MAC_GMAC_SM4 and GCRY_MAC_POLY1305_SM4.
* src/gcrypt.h.in (GCRY_MAC_GMAC_SM4, GCRY_MAC_POLY1305_SM4): New.
* tests/bench-slope.c (bench_mac_init): Setup IV for
GCRY_MAC_POLY1305_SM4.
* tests/benchmark.c (mac_bench): Likewise.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/blake2.c: Use const.
* cipher/camellia-glue.c, cipher/cipher.c, cipher/crc.c: Likewise.
* cipher/des.c, cipher/gost28147.c, cipher/gostr3411-94.c: Likewise.
* cipher/keccak.c, cipher/mac-cmac.c, cipher/mac-gmac.c: Likewise.
* cipher/mac-hmac.c, cipher/mac-internal.h: Likewise.
* cipher/mac-poly1305.c, cipher/mac.c, cipher/md.c: Likewise.
* cipher/md.c, cipher/md2.c, cipher/md4.c, cipher/md5.c: Likewise.
* cipher/pubkey.c, cipher/rfc2268.c, cipher/rijndael.c: Likewise.
* cipher/rmd160.c, cipher/seed.c, cipher/serpent.c: Likewise.
* cipher/sha1.c, cipher/sha256.c, cipher/sha512.c: Likewise.
* cipher/sm3.c, cipher/sm4.c, cipher/stribog.c: Likewise.
* cipher/pubkey.c, cipher/rfc2268.c, cipher/rijndael.c: Likewise.
* src/cipher-proto.h, src/cipher.h: Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-proto (cipher_bulk_ops_t): Remove typedef, leave
forward declaration of 'struct cipher_bulk_ops'.
(gcry_cipher_setkey_t): Change 'bulk_ops' to
'struct cipher_bulk_ops *'.
* cipher/arcfour.c: Include 'cipher-internal.h'.
* cipher/gost28147.c: Ditto.
* cipher/idea.c: Ditto.
* cipher/rfc2268.c: Ditto.
* cipher/salsa20.c: Ditto.
* cipher/seed.c: Ditto.
* cipher/mac-internal.h (CTX_MAGIC_NORMAL): Rename to...
(CTX_MAC_MAGIC_NORMAL): ... this.
(CTX_MAGIC_SECURE): Rename to...
(CTX_MAC_MAGIC_SECURE): ... this.
* cipher/mac-cmac.c (cmac_open): Use CTX_MAC_MAGIC_SECURE.
* cipher/mac-gmac.c (gmac_open): Ditto.
* cipher/mac-hmac.c (hmac_open): Ditto.
* cipher/mac-poly1305.c (poly1305mac_open): Ditto.
* cipher/mac.c (mac_open): Use CTX_MAC_MAGIC_SECURE and
CTX_MAC_MAGIC_NORMAL.
--
CTX_MAC_MAGIC_* change is needed since gost28147.c now includes
both 'cipher-internal.h' and 'mac-internal.h' which both defined
CTX_MAC_MAGIC_* with different values.
GnuPG-bug-id: 5264
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Prepare merge of hmac-test.c into mac-hmac.c.
* cipher/hmac-tests.c: Ifdef-out run_selftests and _gcry_hmac_selftest.
* cipher/mac-internal.h: Include cipher-proto.h for selftest.
(gcry_mac_spec_ops): Add selftest field.
* cipher/mac-hmac.c: Include hmac-tests.c for migration.
(hmac_selftest) New.
(hmac_ops): Add hmac_selftest.
* cipher/gost28147.c, cipher/mac-cmac.c: Add new field for selftest.
* cipher/mac-gmac.c, cipher/mac-poly1305.c: Likewise..
* cipher/mac.c (_gcry_mac_selftest): New.
* src/fips.c (run_mac_selftests): Rename from run_hmac_selftests.
Use GCRY_MAC_HMAC_*, and call _gcry_mac_selftest.
(_gcry_fips_run_selftests): Use run_mac_selftests.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/mac-internal.h (gcry_mac_spec_ops_t): add set_extra_info field
for providing additional settings.
* cipher/mac.c (_gcry_mac_ctl): support GCRYCTL_SET_SBOX call.
* cipher/mac-cmac.c (cmac_ops): set set_extra_info to NULL.
* cipher/mac-gmac.c (gmac_ops): the same.
* cipher/mac-hmac.c (hmac_ops): the same.
* cipher/mac-poly1305.c (poly1305mac_ops): the same.
--
New MAC GOST28147-IMIT needs info about S-Box to be used. This info can
be passed via a call to gcry_mac_ctl(GCRYCTL_SET_SBOX, ...).
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-gcm.c: Do not copy zero bytes from an empty buffer. Let
the function continue to add padding as needed though.
* cipher/mac-poly1305.c: If the caller requested to finish the hash
function without a copy of the result, return immediately.
--
Caught by UndefinedBehaviorSanitizer.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/mac-internal.h (_gcry_mac_type_spec_poly1305_aes)
(_gcry_mac_type_spec_poly1305_camellia)
(_gcry_mac_type_spec_poly1305_twofish)
(_gcry_mac_type_spec_poly1305_serpent)
(_gcry_mac_type_spec_poly1305_seed): New.
* cipher/mac-poly1305.c (poly1305mac_context_s): Add 'hd' and
'nonce_set'.
(poly1305mac_open, poly1305mac_close, poly1305mac_setkey): Add handling
for Poly1305-*** MACs.
(poly1305mac_prepare_key, poly1305mac_setiv): New.
(poly1305mac_reset, poly1305mac_write, poly1305mac_read): Add handling
for 'nonce_set'.
(poly1305mac_ops): Add 'poly1305mac_setiv'.
(_gcry_mac_type_spec_poly1305_aes)
(_gcry_mac_type_spec_poly1305_camellia)
(_gcry_mac_type_spec_poly1305_twofish)
(_gcry_mac_type_spec_poly1305_serpent)
(_gcry_mac_type_spec_poly1305_seed): New.
* cipher/mac.c (mac_list): Add Poly1305-AES, Poly1305-Twofish,
Poly1305-Serpent, Poly1305-SEED and Poly1305-Camellia.
* src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305_AES',
'GCRY_MAC_POLY1305_CAMELLIA', 'GCRY_MAC_POLY1305_TWOFISH',
'GCRY_MAC_POLY1305_SERPENT' and 'GCRY_MAC_POLY1305_SEED'.
* tests/basic.c (check_mac): Add Poly1305-AES test vectors.
* tests/bench-slope.c (bench_mac_init): Set IV for Poly1305-*** MACs.
* tests/bench-slope.c (mac_bench): Set IV for Poly1305-*** MACs.
--
Patch adds Bernstein's Poly1305-AES message authentication code to libgcrypt
and other variants of Poly1305-<128-bit block cipher>.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/Makefile.am: Add 'mac-poly1305.c', 'poly1305.c' and
'poly1305-internal.h'.
* cipher/mac-internal.h (poly1305mac_context_s): New.
(gcry_mac_handle): Add 'u.poly1305mac'.
(_gcry_mac_type_spec_poly1305mac): New.
* cipher/mac-poly1305.c: New.
* cipher/mac.c (mac_list): Add Poly1305.
* cipher/poly1305-internal.h: New.
* cipher/poly1305.c: New.
* src/gcrypt.h.in: Add 'GCRY_MAC_POLY1305'.
* tests/basic.c (check_mac): Add Poly1035 test vectors; Allow
overriding lengths of data and key buffers.
* tests/bench-slope.c (mac_bench): Increase max algo number from 500 to
600.
* tests/benchmark.c (mac_bench): Ditto.
--
Patch adds Bernstein's Poly1305 message authentication code to libgcrypt.
Implementation is based on Andrew Moon's public domain implementation
from: https://github.com/floodyberry/poly1305-opt
The algorithm added by this patch is the plain Poly1305 without AES and
takes 32-bit key that must not be reused.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|