Lines Matching +full:fast +full:- +full:charge +full:- +full:safe +full:- +full:current
4 * Permission is hereby granted, free of charge, to any person obtaining
63 * - `br_xxx_BLOCK_SIZE`
69 * - `br_xxx_cbcenc_keys`
76 * - `br_xxx_cbcenc_init(br_xxx_cbcenc_keys *ctx, const void *key, size_t len)`
83 * - `br_xxx_cbcenc_run(const br_xxx_cbcenc_keys *ctx, void *iv, void *data, size_t len)`
91 * - `br_xxx_cbcdec_keys`
98 * - `br_xxx_cbcdec_init(br_xxx_cbcenc_keys *ctx, const void *key, size_t len)`
105 * - `br_xxx_cbcdec_run(const br_xxx_cbcdec_keys *ctx, void *iv, void *data, size_t num_blocks)`
113 * - `br_xxx_ctr_keys`
120 * - `br_xxx_ctr_init(br_xxx_ctr_keys *ctx, const void *key, size_t len)`
127 …* - `br_xxx_ctr_run(const br_xxx_ctr_keys *ctx, const void *iv, uint32_t cc, void *data, size_t …
131 * implements the "standard incrementing function" from NIST SP800-38A,
133 * (i.e. 12 bytes for AES) and the counter is the 32-bit value starting
139 * - `br_xxx_ctrcbc_keys`
143 * CTR encryption/decryption and CBC-MAC, as used in the CCM and EAX
147 * - `br_xxx_ctrcbc_init(br_xxx_ctr_keys *ctx, const void *key, size_t len)`
150 * encryption/decryption and CBC-MAC are computed and written in the
155 …* - `br_xxx_ctrcbc_encrypt(const br_xxx_ctrcbc_keys *ctx, void *ctr, void *cbcmac, void *data, s…
157 * Perform CTR encryption of some data, and CBC-MAC. Processing is
160 * block-size counter (i.e. for 128-bit blocks, the counter is
161 * incremented as a 128-bit value). The 'ctr' array contains the
164 * value shall point to a block-sized value which is used as IV for
165 * CBC-MAC, computed over the encrypted data (output of CTR
166 * encryption); the resulting CBC-MAC is written over 'cbcmac' on
171 …* - `br_xxx_ctrcbc_decrypt(const br_xxx_ctrcbc_keys *ctx, void *ctr, void *cbcmac, void *data, s…
173 * Perform CTR decryption of some data, and CBC-MAC. Processing is
176 * block-size counter (i.e. for 128-bit blocks, the counter is
177 * incremented as a 128-bit value). The 'ctr' array contains the
180 * value shall point to a block-sized value which is used as IV for
181 * CBC-MAC, computed over the encrypted data (input of CTR
182 * encryption); the resulting CBC-MAC is written over 'cbcmac' on
187 * - `br_xxx_ctrcbc_ctr(const br_xxx_ctrcbc_keys *ctx, void *ctr, void *data, size_t len)`
191 * data). A full block-sized counter is applied (i.e. for 128-bit
192 * blocks, the counter is incremented as a 128-bit value). The 'ctr'
199 …* - `br_xxx_ctrcbc_mac(const br_xxx_ctrcbc_keys *ctx, void *cbcmac, const void *data, size_t len…
201 * Compute CBC-MAC over the provided data. The IV for CBC-MAC is
218 * ## Object-Oriented API
225 * - `context_size`
229 * - `block_size`
233 * - `log_block_size`
235 * The base-2 logarithm of cipher block size (e.g. 4 for blocks
238 * - `init`
242 * - `run`
246 * For combined CTR/CBC-MAC encryption, the `vtable` has a slightly
249 * - `context_size`
253 * - `block_size`
257 * - `log_block_size`
259 * The base-2 logarithm of cipher block size (e.g. 4 for blocks
262 * - `init`
266 * - `encrypt`
268 * Pointer to the CTR encryption + CBC-MAC function.
270 * - `decrypt`
272 * Pointer to the CTR decryption + CBC-MAC function.
274 * - `ctr`
278 * - `mac`
280 * Pointer to the CBC-MAC function.
285 * - `br_xxx_cbcenc_vtable`
286 * - `br_xxx_cbcdec_vtable`
287 * - `br_xxx_ctr_vtable`
288 * - `br_xxx_ctrcbc_vtable`
296 * | :-------- | :------- | :----------------: | :-----------------: |
312 * is fast but not constant-time, since it makes data-dependent array
316 * is substantially slower than `aes_big`; it is not constant-time
319 * `aes_ct` is a constant-time implementation of AES; its code is about
321 * that of `aes_small`. However, it is constant-time. This
324 * non-constant-time implementation is safe, or an architecture-specific
325 * constant-time implementation can be used (e.g. using dedicated
328 * `aes_ct64` is another constant-time implementation of AES. It is
329 * similar to `aes_ct` but uses 64-bit values. On 32-bit machines,
331 * a larger footprint; however, on 64-bit architectures, `aes_ct64`
335 * `aes_x86ni` exists only on x86 architectures (32-bit and 64-bit). It
336 * uses the AES-NI opcodes when available.
338 * `aes_pwr8` exists only on PowerPC / POWER architectures (32-bit and
339 * 64-bit, both little-endian and big-endian). It uses the AES opcodes
342 * `des_tab` is a classic, table-based implementation of DES/3DES. It
343 * is not constant-time.
345 * `des_ct` is an constant-time implementation of DES/3DES. It is
355 * - `br_chacha20_run` describes a function that implements ChaCha20
358 * - `br_poly1305_run` describes an implementation of Poly1305,
363 * plain C; it is constant-time, small, and reasonably fast.
369 * construction, where the Poly1305 part is performed with mixed 32-bit
370 * multiplications (operands are 32-bit, result is 64-bit).
372 * `poly1305_ctmul32` implements ChaCha20+Poly1305 using pure 32-bit
373 * multiplications (32-bit operands, 32-bit result). It is slower than
377 * `poly1305_ctmulq` implements ChaCha20+Poly1305 with mixed 64-bit
378 * multiplications (operands are 64-bit, result is 128-bit) on 64-bit
407 * \brief Base-2 logarithm of the size of individual blocks,
463 * \brief Base-2 logarithm of the size of individual blocks,
520 * \brief Base-2 logarithm of the size of individual blocks,
544 * 12 bytes for AES/CTR). The IV is combined with a 32-bit
567 * \brief Class type for combined CTR and CBC-MAC implementations.
571 * decrypting data, along with CBC-MAC.
587 * \brief Base-2 logarithm of the size of individual blocks,
607 * \brief Run the CTR encryption + CBC-MAC.
613 * The `cbcmac` parameter points to the IV for CBC-MAC. The MAC
616 * computed CBC-MAC value is written over the `cbcmac` array.
623 * \param cbcmac IV and output buffer for CBC-MAC.
631 * \brief Run the CTR decryption + CBC-MAC.
637 * The `cbcmac` parameter points to the IV for CBC-MAC. The MAC
640 * computed CBC-MAC value is written over the `cbcmac` array.
647 * \param cbcmac IV and output buffer for CBC-MAC.
673 * \brief Run the CBC-MAC only.
675 * The `cbcmac` parameter points to the IV for CBC-MAC. The MAC
678 * computed CBC-MAC value is written over the `cbcmac` array.
684 * \param cbcmac IV and output buffer for CBC-MAC.
693 * Traditional, table-based AES implementation. It is fast, but uses
695 * 1 kB table for decryption, and a 256-byte table for key schedule),
696 * and it is not constant-time. In contexts where cache-timing attacks
751 * and decryption + CBC-MAC).
782 * \brief Class instance for AES CTR encryption/decryption + CBC-MAC
821 * \brief Context initialisation (key schedule) for AES CTR + CBC-MAC
867 * \brief CTR encryption + CBC-MAC with AES (`aes_big` implementation).
871 * \param cbcmac IV for CBC-MAC (updated).
879 * \brief CTR decryption + CBC-MAC with AES (`aes_big` implementation).
883 * \param cbcmac IV for CBC-MAC (updated).
902 * \brief CBC-MAC with AES (`aes_big` implementation).
905 * \param cbcmac IV for CBC-MAC (updated).
914 * traditional table-based AES implementation, but requires much less
915 * code. It still uses data-dependent table accesses (albeit within a
916 * much smaller 256-byte table), which makes it conceptually vulnerable
917 * to cache-timing attacks.
971 * and decryption + CBC-MAC).
1002 * \brief Class instance for AES CTR encryption/decryption + CBC-MAC
1041 * \brief Context initialisation (key schedule) for AES CTR + CBC-MAC
1087 * \brief CTR encryption + CBC-MAC with AES (`aes_small` implementation).
1091 * \param cbcmac IV for CBC-MAC (updated).
1099 * \brief CTR decryption + CBC-MAC with AES (`aes_small` implementation).
1103 * \param cbcmac IV for CBC-MAC (updated).
1122 * \brief CBC-MAC with AES (`aes_small` implementation).
1125 * \param cbcmac IV for CBC-MAC (updated).
1133 * Constant-time AES implementation. Its size is similar to that of
1135 * decryption, slower encryption). However, it is constant-time, i.e.
1136 * immune to cache-timing and similar attacks.
1190 * and decryption + CBC-MAC).
1221 * \brief Class instance for AES CTR encryption/decryption + CBC-MAC
1260 * \brief Context initialisation (key schedule) for AES CTR + CBC-MAC
1306 * \brief CTR encryption + CBC-MAC with AES (`aes_ct` implementation).
1310 * \param cbcmac IV for CBC-MAC (updated).
1318 * \brief CTR decryption + CBC-MAC with AES (`aes_ct` implementation).
1322 * \param cbcmac IV for CBC-MAC (updated).
1341 * \brief CBC-MAC with AES (`aes_ct` implementation).
1344 * \param cbcmac IV for CBC-MAC (updated).
1352 * 64-bit constant-time AES implementation. It is similar to 'aes_ct'
1353 * but uses 64-bit registers, making it about twice faster than 'aes_ct'
1354 * on 64-bit platforms, while remaining constant-time and with a similar
1356 * and CTR mode; CBC encryption is non-parallel and cannot benefit from
1411 * and decryption + CBC-MAC).
1442 * \brief Class instance for AES CTR encryption/decryption + CBC-MAC
1481 * \brief Context initialisation (key schedule) for AES CTR + CBC-MAC
1527 * \brief CTR encryption + CBC-MAC with AES (`aes_ct64` implementation).
1531 * \param cbcmac IV for CBC-MAC (updated).
1539 * \brief CTR decryption + CBC-MAC with AES (`aes_ct64` implementation).
1543 * \param cbcmac IV for CBC-MAC (updated).
1562 * \brief CBC-MAC with AES (`aes_ct64` implementation).
1565 * \param cbcmac IV for CBC-MAC (updated).
1573 * AES implementation using AES-NI opcodes (x86 platform).
1633 * and decryption + CBC-MAC).
1653 * AES opcode unavailable on the current CPU, a pointer to this class
1662 * AES opcode unavailable on the current CPU, a pointer to this class
1672 * AES opcode unavailable on the current CPU, a pointer to this class
1678 * \brief Class instance for AES CTR encryption/decryption + CBC-MAC
1682 * AES opcode unavailable on the current CPU, a pointer to this class
1721 * \brief Context initialisation (key schedule) for AES CTR + CBC-MAC
1767 * \brief CTR encryption + CBC-MAC with AES (`aes_x86ni` implementation).
1771 * \param cbcmac IV for CBC-MAC (updated).
1779 * \brief CTR decryption + CBC-MAC with AES (`aes_x86ni` implementation).
1783 * \param cbcmac IV for CBC-MAC (updated).
1802 * \brief CBC-MAC with AES (`aes_x86ni` implementation).
1805 * \param cbcmac IV for CBC-MAC (updated).
1813 * \brief Obtain the `aes_x86ni` AES-CBC (encryption) implementation, if
1821 * \return the `aes_x86ni` AES-CBC (encryption) implementation, or `NULL`.
1826 * \brief Obtain the `aes_x86ni` AES-CBC (decryption) implementation, if
1834 * \return the `aes_x86ni` AES-CBC (decryption) implementation, or `NULL`.
1839 * \brief Obtain the `aes_x86ni` AES-CTR implementation, if available.
1846 * \return the `aes_x86ni` AES-CTR implementation, or `NULL`.
1851 * \brief Obtain the `aes_x86ni` AES-CTR + CBC-MAC implementation, if
1859 * \return the `aes_x86ni` AES-CTR implementation, or `NULL`.
1924 * and decryption + CBC-MAC).
1944 * AES opcode unavailable on the current CPU, a pointer to this class
1953 * AES opcode unavailable on the current CPU, a pointer to this class
1963 * AES opcode unavailable on the current CPU, a pointer to this class
1969 * \brief Class instance for AES CTR encryption/decryption + CBC-MAC
1973 * AES opcode unavailable on the current CPU, a pointer to this class
2012 * \brief Context initialisation (key schedule) for AES CTR + CBC-MAC
2058 * \brief CTR encryption + CBC-MAC with AES (`aes_pwr8` implementation).
2062 * \param cbcmac IV for CBC-MAC (updated).
2070 * \brief CTR decryption + CBC-MAC with AES (`aes_pwr8` implementation).
2074 * \param cbcmac IV for CBC-MAC (updated).
2093 * \brief CBC-MAC with AES (`aes_pwr8` implementation).
2096 * \param cbcmac IV for CBC-MAC (updated).
2104 * \brief Obtain the `aes_pwr8` AES-CBC (encryption) implementation, if
2112 * \return the `aes_pwr8` AES-CBC (encryption) implementation, or `NULL`.
2117 * \brief Obtain the `aes_pwr8` AES-CBC (decryption) implementation, if
2125 * \return the `aes_pwr8` AES-CBC (decryption) implementation, or `NULL`.
2130 * \brief Obtain the `aes_pwr8` AES-CTR implementation, if available.
2137 * \return the `aes_pwr8` AES-CTR implementation, or `NULL`.
2142 * \brief Obtain the `aes_pwr8` AES-CTR + CBC-MAC implementation, if
2150 * \return the `aes_pwr8` AES-CTR implementation, or `NULL`.
2198 * subkeys (CTR encryption/decryption + CBC-MAC) for all AES implementations.
2211 * Traditional, table-based implementation for DES/3DES. Since tables are
2212 * used, cache-timing attacks are conceptually possible.
2303 * Constant-time implementation for DES/3DES. It is substantially slower
2304 * (by a factor of about 4x), but also immune to cache-timing attacks.
2424 * - Key is 256 bits (`key` points to exactly 32 bytes).
2426 * - IV is 96 bits (`iv` points to exactly 12 bytes).
2428 * - Block counter is over 32 bits and starts at value `cc`; the
2434 * works only as long as each non-final chunk has a length multiple of 64).
2446 * \brief ChaCha20 implementation (straightforward C code, constant-time).
2460 * \brief ChaCha20 implementation (SSE2 code, constant-time).
2463 * compiler support. Moreover, in 32-bit mode, it might not actually run,
2465 * 64-bit mode, SSE2 is part of the ABI, so if the code could be compiled
2511 * \param encrypt non-zero for encryption, zero for decryption.
2518 * \brief ChaCha20+Poly1305 AEAD implementation (mixed 32-bit multiplications).
2530 * \param encrypt non-zero for encryption, zero for decryption.
2537 * \brief ChaCha20+Poly1305 AEAD implementation (pure 32-bit multiplications).
2549 * \param encrypt non-zero for encryption, zero for decryption.
2559 * (which uses pure 32-bit multiplications). As such, it may save a
2574 * \param encrypt non-zero for encryption, zero for decryption.
2583 * This implementation uses 64-bit multiplications (result over 128 bits).
2585 * practice, 64-bit architectures). Use `br_poly1305_ctmulq_get()` to
2598 * \param encrypt non-zero for encryption, zero for decryption.
2608 * function if supported on the current platform; otherwise, it returns 0.