aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* test-vectors: Add DH vectors for subgroup MODP groupsMartin Willi2015-04-153-0/+168
|
* test-vectors: Add DH vectors for normal MODP groupsMartin Willi2015-04-153-0/+741
|
* test-vectors: Support testing DH groupsMartin Willi2015-04-151-1/+16
|
* aesni: Avoid loading AES/GHASH round keys into local variablesMartin Willi2015-04-156-1568/+1244
| | | | | | | | | | The performance impact is not measurable, as the compiler loads these variables in xmm registers in unrolled loops anyway. However, we avoid loading these sensitive keys onto the stack. This happens for larger key schedules, where the register count is insufficient. If that key material is not on the stack, we can avoid to wipe it explicitly after crypto operations.
* aesni: Align all class instances to 16 byte boundariesMartin Willi2015-04-157-14/+14
| | | | | | While the required members are aligned in the struct as required, on 32-bit platforms the allocator aligns the structures itself to 8 bytes only. This results in non-aligned struct members, and invalid memory accesses.
* aesni: Calculate GHASH for 4 blocks of associated data in parallelMartin Willi2015-04-151-2/+18
| | | | | While associated data is usually not that large, in some specific cases this can bring a significant performance boost.
* aesni: Calculate GHASH for 4 blocks of encryption data in parallelMartin Willi2015-04-151-40/+180
| | | | Increases performance by another ~30%.
* aesni: Use 4-way parallel en/decryption in GCMMartin Willi2015-04-151-132/+635
| | | | Increases overall performance by ~25%.
* aesni: Use dedicated key size specific en-/decryption functions in GCMMartin Willi2015-04-151-24/+353
| | | | | This gives not much more than ~5% increase in performance, but allows us to improve further.
* aesni: Add a GCM AEAD based on the AES-NI key scheduleMartin Willi2015-04-154-1/+627
|
* aesni: Implement CMAC mode to provide a signer/prfMartin Willi2015-04-154-0/+441
| | | | | Compared to the cmac plugin using AESNI-CBC as backend, this improves performance of AES-CMAC by ~45%.
* aesni: Implement XCBC mode to provide a signer/prfMartin Willi2015-04-154-0/+436
| | | | | Compared to the xcbc plugin using AESNI-CBC as backend, this improves performance of AES-XCBC by ~45%.
* aesni: Partially use separate code paths for different key sizes in CCMMartin Willi2015-04-151-33/+438
| | | | Due to the serial nature of the CBC mac, this brings only a marginal speedup.
* aesni: Add a CCM AEAD reusing the key scheduleMartin Willi2015-04-154-0/+645
|
* aesni: Use 4-way parallel AES-NI instructions for CTR en/decryptionMartin Willi2015-04-151-115/+354
| | | | | | | CTR can be parallelized, and we do so by queueing instructions to the processor pipeline. While we have enough registers for 128-bit decryption, the register count is insufficient to hold all variables with larger key sizes. Nonetheless is 4-way parallelism faster, depending on key size between ~10% and ~25%.
* aesni: Use dedicated round count specific encryption functions in CTR modeMartin Willi2015-04-151-23/+243
| | | | | This allows us to unroll loops and hold the key schedule in local (register) variables. This brings an impressive speedup of ~45%.
* aesni: Implement a AES-NI based CTR crypter using the key scheduleMartin Willi2015-04-154-0/+278
|
* aesni: Use 4-way parallel AES-NI instructions for CBC decryptionMartin Willi2015-04-151-66/+314
| | | | | | | CBC decryption can be parallelized, and we do so by queueing instructions to the processor pipeline. While we have enough registers for 128-bit decryption, the register count is insufficient to hold all variables with larger key sizes. Nonetheless is 4-way parallelism faster, roughly by ~8%.
* aesni: Use separate en-/decryption CBC code paths for different key sizesMartin Willi2015-04-151-22/+290
| | | | | | This allows us to unroll loops, and use local (register) variables for the key schedule. This improves performance slightly for encryption, but a lot for reorderable decryption (>30%).
* aesni: Implement a AES-NI based CBC crypter using the key scheduleMartin Willi2015-04-154-0/+293
|
* aesni: Implement 256-bit key scheduleMartin Willi2015-04-151-0/+77
|
* aesni: Implement 192-bit key scheduleMartin Willi2015-04-151-0/+81
|
* aesni: Implement 128-bit key scheduleMartin Willi2015-04-151-0/+45
|
* aesni: Add a common key schedule class for AESMartin Willi2015-04-153-0/+165
|
* aesni: Provide a plugin stub for AES-NI instruction based crypto primitivesMartin Willi2015-04-153-0/+141
|
* test-vectors: Add some self-made additional AES-GCM test vectorsMartin Willi2015-04-152-0/+157
| | | | | We missed test vectors for 192/256-bit key vectors for ICV8/12, and should also have some for larger associated data chunk.
* test-vectors: Define some additional CCM test vectorsMartin Willi2015-04-152-1/+84
| | | | | | We don't have any where plain or associated data is not a multiple of the block size, but it is likely to find bugs here. Also, we miss some ICV12 test vectors using 128- and 192-bit key sizes.
* crypto-tester: Use the plugin feature key size to benchmark crypters/aeadsMartin Willi2015-04-151-0/+2
| | | | | | We previously didn't pass the key size during algorithm registration, but this resulted in benchmarking with the "default" key size the crypter uses when passing 0 as key size.
* utils: Use chunk_equals_const() for all cryptographic purposesMartin Willi2015-04-144-4/+4
|
* utils: Use memeq_const() for all cryptographic purposesMartin Willi2015-04-144-6/+5
|
* rdrand: Reuse CPU feature detection to check for RDRAND instructionsMartin Willi2015-04-131-51/+4
|
* padlock: Reuse common CPU feature detection to check for Padlock featuresMartin Willi2015-04-131-80/+17
|
* sqlite: Use our locking mechanism also when sqlite3_threadsafe() returns 0Martin Willi2015-04-131-7/+20
| | | | | | We previously checked for older library versions without locking support at all. But newer libraries can be built in single-threading mode as well, where we have to care about the locking.
* sqlite: Show SQLite library version and thread safety flag during startupMartin Willi2015-04-131-1/+8
|
* openssl: Don't pre-initialize OpenSSL HMAC with an empty keyMartin Willi2015-04-131-6/+16
| | | | | | | | | | With OpenSSL commit 929b0d70c19f60227f89fac63f22a21f21950823 setting an empty key fails if no previous key has been set on that HMAC. In 9138f49e we explicitly added the check we remove now, as HMAC_Update() might crash if HMAC_Init_ex() has not been called yet. To avoid that, we set and check a flag locally to let any get_mac() call fail if set_key() has not yet been called.
* fips-prf: Remove superfluous <arpa/inet.h> includeMartin Willi2015-04-131-2/+0
| | | | | As we make no use of htonl() and friends, this is unneeded, but actually prevents a Windows build.
* Wipe auxiliary key store5.3.0Andreas Steffen2015-03-281-1/+1
|
* fips-prf: Fail when trying to use append mode on FIPS-PRFMartin Willi2015-03-281-1/+6
| | | | | Append mode hardly makes sense for the special stateful FIPS-PRF, which is different to other PRFs.
* cmac: Reset state before doing set_key()Martin Willi2015-03-271-0/+3
|
* af-alg: Reset hmac/xcbc state before doing set_key()Martin Willi2015-03-272-0/+2
|
* xcbc: Reset XCBC state in set_key()Martin Willi2015-03-271-0/+4
| | | | | If some partial data has been appended, a truncated key gets invalid if it is calculated from the pending state.
* hmac: Reset the underlying hasher before doing set_key() with longer keysMartin Willi2015-03-271-1/+2
| | | | | | | The user might have done a non-complete append, having some state in the hasher. Fixes #909.
* diffie-hellman: Verify public DH values in backendsMartin Willi2015-03-235-0/+25
|
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-236-28/+31
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-236-7/+13
|
* diffie-hellman: Use bool instead of status_t as get_shared_secret() return valueMartin Willi2015-03-236-19/+19
| | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations.
* files: Add simple plugin to load files from file:// URIsTobias Brunner2015-03-095-0/+293
|
* plugin-loader: Increase log level for warning about plugin features that ↵Tobias Brunner2015-03-091-3/+3
| | | | | | | | | failed to load Since we can't get rid of all unmet dependencies (at least not in every possible plugin configuration) the message is more confusing than helpful. In particular because a detailed warning about plugin features that failed to load due to unmet dependencies is only logged on level 2.
* pkcs11: Convert RFC 3279 ECDSA signatures when verifyingTobias Brunner2015-03-091-4/+33
| | | | References #873.
* pkcs11: Properly encode RFC 3279 ECDSA signaturesTobias Brunner2015-03-091-2/+19
| | | | Fixes #873.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 09:44:46 +0000