summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2013-11-29Use <cpuid.h>Matthias Schiffer
fastd will segfault in valgrind otherwise (O_o)
2013-11-29generic-gmac: use HKDF expansion instead of the stream cipher to generate HMatthias Schiffer
2013-11-29Reorder check: avoid undefined behaviour due to negative or to long shiftsMatthias Schiffer
2013-11-29HKDF: add a forgotten const qualifierMatthias Schiffer
2013-11-29Compile with -std=c99 and restructure some code to ensure there is no ↵Matthias Schiffer
invalid aliasing (hopefully)
2013-11-28ghash-pclmulqdq: fix one left usage of a __builtin pclmulqdq instead of the ↵Matthias Schiffer
_mm version
2013-11-28ghash-pclmulqdq: rework implementation to allow both GCC and Clang to ↵Matthias Schiffer
generate fast code
2013-11-28ghash-pclmulqdq: make byteswap a macroMatthias Schiffer
For some reason, this allows clang to optimize the code much better.
2013-11-28ghash-pclmulqdq: speed up multiplication using the Karatsuba algorithmMatthias Schiffer
2013-11-28Add a pclmulqdq ghash implementationMatthias Schiffer
2013-11-28Add CPUID functionMatthias Schiffer
2013-11-27Allow checking if a crypto algorithm is available at runtimeMatthias Schiffer
2013-11-27Add OpenSSL-based aes128-ctr implementationMatthias Schiffer
2013-11-27Correctly initialize OpenSSLMatthias Schiffer
2013-11-25Move crypto algorithm information out of implementationMatthias Schiffer
2013-11-25Move cipher and mac structures to a new headerMatthias Schiffer
2013-11-25Add a new generic-gmac methodMatthias Schiffer
2013-11-25Rename generic-gmac method to composed-gmacMatthias Schiffer
2013-11-21Add salsa20/12 cipherMatthias Schiffer
2013-11-21Add salsa20 cipherMatthias Schiffer
2013-11-20Replace max_packet_size functions by a max_overhead fieldMatthias Schiffer
2013-11-20Slightly simplify method/cipher/MAC definitionsMatthias Schiffer
2013-11-20Add generic-poly1305 methodMatthias Schiffer
2013-11-18generic-gmac: some code simplificationsMatthias Schiffer
2013-11-18Add cipher-test method to measure the raw performance of a cipherMatthias Schiffer
2013-11-18generic-gmac: don't access invalid pointer for the reorder check with null ↵Matthias Schiffer
cipher
2013-11-18blowfish-ctr: formatting fixesMatthias Schiffer
2013-11-18Remove OpenSSL-based blowfish implementationMatthias Schiffer
It doesn't have any advantages over the builtin one.
2013-11-18secure_memzero all cipher and MAC statesMatthias Schiffer
2013-11-18Some work towards a composable GMAC methodMatthias Schiffer
2013-11-18generic-gcm: the method state itself doesn't hold any keys anymore, so we ↵Matthias Schiffer
don't need to secure_memzero it
2013-11-18generic-gcm: cipher_get returns a booleanMatthias Schiffer
2013-11-17Add null cipherMatthias Schiffer
2013-11-17Revert bytewise ghash implementationMatthias Schiffer
The performance gain is negligible, and OpenSSL avoids a bytewise implementation to mitigate timing attacks. This reverts commits d4916544299c28c4fb16da6d3306eea0a6d5d79f and 1b06460aa967e3afcfa6fc8d664874134ab6c739.
2013-11-16ghash: builtin: use bytewise lookup tableMatthias Schiffer
2013-11-16Add "tiny" copy of the builtin ghash implementationMatthias Schiffer
2013-11-16fastd_buffer_alloc: fix output of error message if posix_memalign failsMatthias Schiffer
2013-11-16aes128-ctr: allocate only one piece of memory for the key stateMatthias Schiffer
2013-11-16generic-gcm: fix a GCC uninitialized-use warningMatthias Schiffer
2013-11-16blowfish-ctr: some optimizations to the builtin implementationMatthias Schiffer
2013-11-15Allow using blowfish from OpenSSL on systems where it's available anywaysMatthias Schiffer
2013-11-15config: move check for no configured methodMatthias Schiffer
First check all error conditions before getting to the warnings (this is important for --generate-key). Also, downgrade the exit_bug to exit_error if method `null' is not supported.
2013-11-15methods/common: decrease nonce length to 6, add flags byteMatthias Schiffer
2013-11-14Ensure sessions are invalidated before the nonce wrapsMatthias Schiffer
While it isn't realistic for the nonce to wrap in less than one hour, it's better to check for this.
2013-11-14Move test for initiator in the session refresh check from protocol to methodMatthias Schiffer
2013-11-07CMake: add LINK_LIBRARIES workaround for old CMake versionsMatthias Schiffer
2013-11-07CMake: really avoid target_include_directoriesMatthias Schiffer
2013-11-07CMake: avoid target_include_directories command to stay compatible with ↵Matthias Schiffer
CMake 2.8.9
2013-11-06blowfish-ctr: use the whole 56-byte keyMatthias Schiffer
2013-11-05Generalize cipher/MAC key/IV lengthsMatthias Schiffer