Niels Möller [Wed, 16 Feb 2011 09:33:59 +0000 (10:33 +0100)]
* gcm-aes.c (gcm_aes_set_iv): Use GCM_SET_IV.
(gcm_aes_set_key): Deleted cast.
(gcm_aes_encrypt): Likewise.
(gcm_aes_decrypt): Likewise.
(gcm_aes_digest): Likewise.
(gcm_aes_update): One less argument to GCM_UPDATE.
* gcm.h (GCM_SET_KEY): Added cast to nettle_crypt_func *. Help
compiler type checking despite this cast.
(GCM_ENCRYPT): Likewise.
(GCM_DECRYPT): Likewise.
(GCM_DIGEST): Likewise.
(GCM_SET_IV): New macro, for completeness.
(GCM_UPDATE): Deleted unused argument encrypt.
Niels Möller [Thu, 10 Feb 2011 19:34:09 +0000 (20:34 +0100)]
* examples/nettle-benchmark.c (cgt_works_p): New function.
(cgt_time_start): Likewise.
(cgt_time_end): Likewise.
(clock_time_start): Likewise.
(clock_time_end): Likewise.
(time_function): Read clock via function pointers time_start and
time_end, so we can select method at runtime.
(xalloc): Use die function.
(main): Choose timing function. If available, try clock_gettime,
and fall back to clock if it doesn't exist.
Niels Möller [Wed, 9 Feb 2011 21:57:05 +0000 (22:57 +0100)]
* gcm.c (gcm_hash_sizes): New function.
(gcm_set_iv): Added support for IVs of arbitrary size. Needed
another argument, for the hash subkey.
(gcm_digest): Use gcm_hash_sizes.
Niels Möller [Wed, 9 Feb 2011 21:34:46 +0000 (22:34 +0100)]
* testsuite/gcm-test.c (test_gcm_aes): New function, replacing
test_cipher_gcm and using the new gcm_aes interface.
(test_main): Updated to use test_gcm_aes.
* testsuite/testutils.c (test_cipher_gcm): Deleted function.
Niels Möller [Wed, 9 Feb 2011 21:31:07 +0000 (22:31 +0100)]
* gcm.c (gcm_set_key): Replaced context argument by a struct
gcm_key *.
(gcm_hash): Replaced context argument by a struct gcm_key * and a
pointer to the hashing state block.
(gcm_auth): Added struct gcm_key * argument.
(gcm_encrypt): Likewise.
(gcm_decrypt): Likewise.
(gcm_digest): Likewise.
* gcm.h (struct gcm_key): Moved the key-dependent and
message-independent state to its own struct.
(struct gcm_ctx): ... and removed it here.
(GCM_CTX): New macro.
(GCM_SET_KEY): Likewise.
(GCM_AUTH): Likewise.
(GCM_ENCRYPT): Likewise.
(GCM_DECRYPT): Likewise.
(GCM_DIGEST): Likewise.
(struct gcm_aes_ctx): New struct.
Niels Möller [Tue, 8 Feb 2011 20:07:06 +0000 (21:07 +0100)]
* gcm.c (gcm_gf_shift): Added a separate result argument.
(gcm_gf_mul): Compile bitwise version only when GCM_TABLE_BITS ==
0. Simplified interface with just two arguments pointing to
complete blocks.
(gcm_gf_shift_4, gcm_gf_shift_8): Renamed table-based functions, from...
(gcm_gf_shift_chunk): ... old name.
(gcm_gf_mul): Renamed both table-based versions and made the
argument types compatible with the bitwise gcm_gf_mul.
(gcm_gf_mul_chunk): ... the old name.
(gcm_set_key): Initialize the table using adds and shifts only.
When GCM_TABLE_BITS > 0, this eliminates the only use of the
bitwise multiplication.
(gcm_hash): Simplified, now that we have the same interface for
gcm_gf_mul, regardless of table size.
Niels Möller [Tue, 8 Feb 2011 11:20:38 +0000 (12:20 +0100)]
* gcm.c (GHASH_POLYNOMIAL): Use unsigned long for this constant.
(gcm_gf_shift_chunk): Fixed bugs for the big endian 64-bit case,
e.g., sparc64. For both 4-bit and 8-bit tables.
Niels Möller [Mon, 7 Feb 2011 20:33:10 +0000 (21:33 +0100)]
* gcm.c (gcm_gf_mul_chunk): Special case first and last iteration.
(gcm_gf_add): New function, a special case of memxor. Use it for
all memxor calls with word-aligned 16 byte blocks. Improves
performance to 152 cycles/byte with no tables, 28 cycles per byte
with 4-bit tables and 10.5 cycles per byte with 8-bit tables.
Niels Möller [Sun, 6 Feb 2011 21:02:16 +0000 (22:02 +0100)]
Introduced 4-bit tables. Gives gmac performance of 45 cycles per
byte (still on intel x86_64).
* gcm.c (gcm_gf_shift): Renamed. Tweaked little-endian masks.
(gcm_rightshift): ... old name.
(gcm_gf_mul): New argument for the output. Added length argument
for one of the inputs (implicitly padding with zeros).
(shift_table): New table (in 4-bit and 8-bit versions), generated
by gcmdata.
(gcm_gf_shift_chunk): New function shifting 4 bits at
a time.
(gcm_gf_mul_chunk): New function processing 4 bits at a time.
(gcm_set_key): Generation of 4-bit key table.
(gcm_hash): Use tables, when available.
Niels Möller [Sun, 6 Feb 2011 17:15:04 +0000 (18:15 +0100)]
* gcm.c (gcm_rightshift): Moved the reduction of the shifted out
bit here.
(gcm_gf_mul): Updated for gcm_rightshift change. Improves gmac
performance to 181 cycles/byte.
Niels Möller [Sun, 6 Feb 2011 14:41:09 +0000 (15:41 +0100)]
(gcm_gf_mul): Rewrote. Still uses the bitwise algorithm from the
specification, but with separate byte and bit loops. Improves gmac
performance a bit further, to 227 cycles/byte.
Niels Möller [Sun, 6 Feb 2011 14:07:33 +0000 (15:07 +0100)]
(gcm_rightshift): Complete rewrite, to use word rather
than byte operations. Improves gmac performance from 830 cycles /
byte to (still poor) 268 cycles per byte on intel x86_64.
Niels Möller [Fri, 26 Nov 2010 22:25:02 +0000 (23:25 +0100)]
Reapplied optimizations (150% speedup on x86_32) and other fixes,
relicensing them as LGPL.
* blowfish.c (do_encrypt): Renamed, to...
(encrypt): ...new name.
(F): Added context argument. Shift input explicitly, instead of
reading individual bytes via memory.
(R): Added context argument.
(encrypt): Deleted a bunch of local variables. Using the context
pointer for everything should consume less registers.
(decrypt): Likewise.
(initial_ctx): Arrange constants into a struct, to simplify key setup.
(blowfish_set_key): Some simplification.
projects / thirdparty / nettle.git / log
