summaryrefslogtreecommitdiffstats
path: root/src/method_aes128_gcm.c
AgeCommit message (Collapse)Author
2013-08-27Introduce new log level debug2 for potentially very frequent messagesMatthias Schiffer
2013-08-20Prevent zero-before-free operations from being optimized outMatthias Schiffer
2013-08-20Fix lots of -Wextra warningsMatthias Schiffer
Everything clang and GCC warn about, except GCC's missing-field-initializers which are just stupid as they don't allow {} syntax to zero a field.
2013-08-08aes128-gcm: don't restore buffer on verification failureMatthias Schiffer
The buffer descriptor is a local variable and no buffer data is changed, so there is nothing to restore before returning
2013-03-02Print error message on aborts due to buffer push/pull errorsMatthias Schiffer
2013-02-23Subtract splay time to key refresh intervalMatthias Schiffer
A random splay time of up to 5 minutes will ensure that simultaneous handshakes with many peers are desynchronized as fast as possible.
2013-01-21Add error message for OOM on buffer allocMatthias Schiffer
2013-01-05Adjust copyright yearsMatthias Schiffer
2012-12-18Convert type names to _t conventionMatthias Schiffer
2012-11-01Move unistd.h include to fastd.hMatthias Schiffer
2012-09-21Nicely encapsulate different crypto algorithm implementationsMatthias Schiffer
2012-09-16Fix alignment for NaCl's core2 assembler implementation of AES128-CTRMatthias Schiffer
2012-09-15Use inline function for alignmentMatthias Schiffer
2012-09-15Add support for kernel AES implementationsMatthias Schiffer
This gives AES128 a slight boost on my system, but it is still slower than XSalsa20... I should probably write userspace code that can make use of AES-NI and CLMUL. Or directly jump to the kernel space with the whole forwarding code. Nevertheless, this might run nicely on Geode CPUs and similar hardware with AES acceleration, at least if the context switches aren't too expensive...
2012-09-15Add support for using kernel implementations of GHASHMatthias Schiffer
This doesn't really improve performance on my Intel CPU (I guess due to the context switches), but more tests have to be made, in combination with offloading the AES to the kernel as well, and on different hardware.
2012-09-15Rework some parts of the AES128-GCM methodMatthias Schiffer
These changes improve the performance of the AES128-GCM method by ~10% on my Intel CPU when compiled with -O2. Furthermore, the AES and the GHASH parts are separated now, allowing to switch to other implementations of the algorithms more easily.
2012-09-14Critical: fix various problems in the AES128-GCM methodMatthias Schiffer
There were several bugs in the code that were severely lowering the expected security and completely breaking compatiblity with alternative implementations. The fixed version is checked against the test vectors specified in [1], and should thus be correct. [1] http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
2012-06-27Remove unneeded size bytes from GCM to suppress warningsMatthias Schiffer
2012-06-27Implement GCM with lookup tableMatthias Schiffer
2012-06-27Optimized GCM implementationMatthias Schiffer
2012-06-27Primitive aes128-gcm implementationMatthias Schiffer