Niels Möller [Wed, 1 Jun 2011 21:17:14 +0000 (23:17 +0200)]
* serpent.c (ROUNDS): Deleted macro.
(serpent_block_t): Deleted array typedef.
(KEYXOR): New macro, replacing BLOCK_XOR.
(BLOCK_COPY, SBOX, SBOX_INVERSE): Deleted macros.
(LINEAR_TRANSFORMATION): Use four separate arguments.
(LINEAR_TRANSFORMATION_INVERSE): Likewise.
(ROUND): Take separate arguments for all input and output words.
(ROUND_INVERSE): Likewise.
(ROUND_LAST, ROUND_FIRST_INVERSE): Deleted macros.
(serpent_set_key): Moved loop termination test.
(serpent_encrypt): Rewrote with unrolling of just eight rounds,
and without serpent_block_t.
(serpent_decrypt): Likewise.
Niels Möller [Wed, 1 Jun 2011 20:04:31 +0000 (22:04 +0200)]
Added do { ... } while (0) around block macros.
(serpent_key_t): Deleted array typedef.
(ROL32, ROR32): Renamed macros, were rol and ror.
(KS_RECURRENCE, KS): New macros.
(serpent_key_pad): Renamed, from...
(serpent_key_prepare): ...old name.
(serpent_subkeys_generate): Deleted function.
(serpent_set_key): Rewrote the generation of subkeys. Reduced both
temporary storage and code size (less unrolling)
(decode_hex_reverse): New function.
(RH, RHL): New macros.
(test_main): Byte reverse inputs and outputs for the testvectors
taken from the serpent submission package. Enable test vectors
from http://www.cs.technion.ac.il/~biham/Reports/Serpent/.
Niels Möller [Wed, 16 Feb 2011 09:33:59 +0000 (10:33 +0100)]
* gcm-aes.c (gcm_aes_set_iv): Use GCM_SET_IV.
(gcm_aes_set_key): Deleted cast.
(gcm_aes_encrypt): Likewise.
(gcm_aes_decrypt): Likewise.
(gcm_aes_digest): Likewise.
(gcm_aes_update): One less argument to GCM_UPDATE.
* gcm.h (GCM_SET_KEY): Added cast to nettle_crypt_func *. Help
compiler type checking despite this cast.
(GCM_ENCRYPT): Likewise.
(GCM_DECRYPT): Likewise.
(GCM_DIGEST): Likewise.
(GCM_SET_IV): New macro, for completeness.
(GCM_UPDATE): Deleted unused argument encrypt.
Niels Möller [Thu, 10 Feb 2011 19:34:09 +0000 (20:34 +0100)]
* examples/nettle-benchmark.c (cgt_works_p): New function.
(cgt_time_start): Likewise.
(cgt_time_end): Likewise.
(clock_time_start): Likewise.
(clock_time_end): Likewise.
(time_function): Read clock via function pointers time_start and
time_end, so we can select method at runtime.
(xalloc): Use die function.
(main): Choose timing function. If available, try clock_gettime,
and fall back to clock if it doesn't exist.
Niels Möller [Wed, 9 Feb 2011 21:57:05 +0000 (22:57 +0100)]
* gcm.c (gcm_hash_sizes): New function.
(gcm_set_iv): Added support for IVs of arbitrary size. Needed
another argument, for the hash subkey.
(gcm_digest): Use gcm_hash_sizes.
Niels Möller [Wed, 9 Feb 2011 21:34:46 +0000 (22:34 +0100)]
* testsuite/gcm-test.c (test_gcm_aes): New function, replacing
test_cipher_gcm and using the new gcm_aes interface.
(test_main): Updated to use test_gcm_aes.
* testsuite/testutils.c (test_cipher_gcm): Deleted function.
Niels Möller [Wed, 9 Feb 2011 21:31:07 +0000 (22:31 +0100)]
* gcm.c (gcm_set_key): Replaced context argument by a struct
gcm_key *.
(gcm_hash): Replaced context argument by a struct gcm_key * and a
pointer to the hashing state block.
(gcm_auth): Added struct gcm_key * argument.
(gcm_encrypt): Likewise.
(gcm_decrypt): Likewise.
(gcm_digest): Likewise.
* gcm.h (struct gcm_key): Moved the key-dependent and
message-independent state to its own struct.
(struct gcm_ctx): ... and removed it here.
(GCM_CTX): New macro.
(GCM_SET_KEY): Likewise.
(GCM_AUTH): Likewise.
(GCM_ENCRYPT): Likewise.
(GCM_DECRYPT): Likewise.
(GCM_DIGEST): Likewise.
(struct gcm_aes_ctx): New struct.
Niels Möller [Tue, 8 Feb 2011 20:07:06 +0000 (21:07 +0100)]
* gcm.c (gcm_gf_shift): Added a separate result argument.
(gcm_gf_mul): Compile bitwise version only when GCM_TABLE_BITS ==
0. Simplified interface with just two arguments pointing to
complete blocks.
(gcm_gf_shift_4, gcm_gf_shift_8): Renamed table-based functions, from...
(gcm_gf_shift_chunk): ... old name.
(gcm_gf_mul): Renamed both table-based versions and made the
argument types compatible with the bitwise gcm_gf_mul.
(gcm_gf_mul_chunk): ... the old name.
(gcm_set_key): Initialize the table using adds and shifts only.
When GCM_TABLE_BITS > 0, this eliminates the only use of the
bitwise multiplication.
(gcm_hash): Simplified, now that we have the same interface for
gcm_gf_mul, regardless of table size.
Niels Möller [Tue, 8 Feb 2011 11:20:38 +0000 (12:20 +0100)]
* gcm.c (GHASH_POLYNOMIAL): Use unsigned long for this constant.
(gcm_gf_shift_chunk): Fixed bugs for the big endian 64-bit case,
e.g., sparc64. For both 4-bit and 8-bit tables.
Niels Möller [Mon, 7 Feb 2011 20:33:10 +0000 (21:33 +0100)]
* gcm.c (gcm_gf_mul_chunk): Special case first and last iteration.
(gcm_gf_add): New function, a special case of memxor. Use it for
all memxor calls with word-aligned 16 byte blocks. Improves
performance to 152 cycles/byte with no tables, 28 cycles per byte
with 4-bit tables and 10.5 cycles per byte with 8-bit tables.
Niels Möller [Sun, 6 Feb 2011 21:02:16 +0000 (22:02 +0100)]
Introduced 4-bit tables. Gives gmac performance of 45 cycles per
byte (still on intel x86_64).
* gcm.c (gcm_gf_shift): Renamed. Tweaked little-endian masks.
(gcm_rightshift): ... old name.
(gcm_gf_mul): New argument for the output. Added length argument
for one of the inputs (implicitly padding with zeros).
(shift_table): New table (in 4-bit and 8-bit versions), generated
by gcmdata.
(gcm_gf_shift_chunk): New function shifting 4 bits at
a time.
(gcm_gf_mul_chunk): New function processing 4 bits at a time.
(gcm_set_key): Generation of 4-bit key table.
(gcm_hash): Use tables, when available.
Niels Möller [Sun, 6 Feb 2011 17:15:04 +0000 (18:15 +0100)]
* gcm.c (gcm_rightshift): Moved the reduction of the shifted out
bit here.
(gcm_gf_mul): Updated for gcm_rightshift change. Improves gmac
performance to 181 cycles/byte.
projects / thirdparty / nettle.git / log
