jedisct1 / libaegis Goto Github PK

View Code? Open in Web Editor NEW

50.0 5.0 9.0 932 KB

Portable C implementations of the AEGIS family of high-performance authenticated encryption algorithms.

Home Page: https://datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead/

License: MIT License

Zig 11.99% C 87.44% CMake 0.57%

aead aegis aegis128l aegis256 cipher cryptography libaegis aegis128x aegis256x

libaegis's Introduction

libaegis

Portable C implementations of the AEGIS family of high-performance authenticated ciphers (AEGIS-128L, AEGIS-128X2, AEGIS-128X4, AEGIS-256, AEGIS-256X2, AEGIS-256X4), with runtime CPU detection.

Features

AEGIS-128L with 16 and 32 bytes tags (software, AES-NI, ARM Crypto)
AEGIS-128X2 with 16 and 32 bytes tags (software, VAES + AVX2, AES-NI, ARM Crypto)
AEGIS-128X4 with 16 and 32 bytes tags (software, AVX512, VAES + AVX2, AES-NI, ARM Crypto)
AEGIS-256 with 16 and 32 bytes tags (software, AES-NI, ARM Crypto)
AEGIS-256X2 with 16 and 32 bytes tags (software, VAES + AVX2, AES-NI, ARM Crypto)
AEGIS-256X4 with 16 and 32 bytes tags (software, AVX512, VAES + AVX2, AES-NI, ARM Crypto)
All variants of AEGIS-MAC, supporting incremental updates and key commitment
Encryption and decryption with attached and detached tags
Incremental encryption and decryption
Unauthenticated encryption and decryption (not recommended - only implemented for specific protocols)
Deterministic pseudorandom stream generation.

Installation

Note that the compiler makes a difference. Zig (or a recent clang with target-specific options such as -march=native) produces more efficient code than gcc.

Compilation with `zig`:

zig build -Drelease

The library and headers are installed in the zig-out folder.

To favor performance over side-channel mitigations on WebAssembly and on devices without hardware acceleration, add -Dfavor-performance:

zig build -Drelease -Dfavor-performance

A benchmark can also be built with the -Dwith-benchmark option:

zig build -Drelease -Dwith-benchmark

Compilation with `cmake`:

mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX=/install/prefix ..
make install

To favor performance over side-channel mitigations on WebAssembly and on devices without hardware acceleration, add -DFAVOR_PERFORMANCE.

Direct inclusion

Copy everything in src directly into your project, and compile everything like regular C code. No special configuration is required.

Usage

Include <aegis.h> and call aegis_init() prior to doing anything else with the library.

aegis_init() checks the CPU capabilities in order to later use the fastest implementations.

Bindings

aegis is a set of bindings for Rust.

Libaegis users

fizz is Facebook's implementation of TLS 1.3.
picotls is a TLS 1.3 implementation in C, with support for the AEGIS cipher suites.
h2o is an HTTP/{1,2,3} serverwith support for the AEGIS cipher suites.

Benchmarks

AEGIS is very fast on CPUs with parallel execution pipelines and AES support.

Encryption (16 KB)

Authentication (64 KB)

libaegis's People

Contributors

Stargazers

Watchers

Forkers

kirgene kazuho sthagen dmgolembiowski huilinchen98 mingtaoy webstorage119 lucain5959 mfrischknecht

libaegis's Issues

GCC 13.1.1 wants #include <errno.h>

i added the header where it wanted it and it compiled fine, but idk when that header requirement came into existence so idk how this would break backwards compatibility or not or across compilers so that's why i didn't PR this.

-- The C compiler identification is GNU 13.1.1
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/gcc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Configuring done (0.2s)
-- Generating done (0.0s)
-- Build files have been written to: /root/libaegis/build
[  8%] Building C object CMakeFiles/aegis.dir/src/aegis128l/aegis128l.c.o
[ 16%] Building C object CMakeFiles/aegis.dir/src/aegis128l/aegis128l_aesni.c.o
[ 25%] Building C object CMakeFiles/aegis.dir/src/aegis128l/aegis128l_armcrypto.c.o
[ 33%] Building C object CMakeFiles/aegis.dir/src/aegis128l/aegis128l_soft.c.o
[ 41%] Building C object CMakeFiles/aegis.dir/src/aegis256/aegis256.c.o
[ 50%] Building C object CMakeFiles/aegis.dir/src/aegis256/aegis256_aesni.c.o
[ 58%] Building C object CMakeFiles/aegis.dir/src/aegis256/aegis256_armcrypto.c.o
[ 66%] Building C object CMakeFiles/aegis.dir/src/aegis256/aegis256_soft.c.o
[ 75%] Building C object CMakeFiles/aegis.dir/src/common/common.c.o
/root/libaegis/src/common/common.c: In function ‘aegis_init’:
/root/libaegis/src/common/common.c:49:9: error: ‘errno’ undeclared (first use in this function)
   49 |         errno = ENOSYS;
      |         ^~~~~
/root/libaegis/src/common/common.c:6:1: note: ‘errno’ is defined in header ‘<errno.h>’; did you forget to ‘#include <errno.h>’?
    5 | #include "cpu.h"
  +++ |+#include <errno.h>
    6 | 
/root/libaegis/src/common/common.c:49:9: note: each undeclared identifier is reported only once for each function it appears in
   49 |         errno = ENOSYS;
      |         ^~~~~
/root/libaegis/src/common/common.c:49:17: error: ‘ENOSYS’ undeclared (first use in this function)
   49 |         errno = ENOSYS;
      |                 ^~~~~~
/root/libaegis/src/common/common.c:52:9: warning: implicit declaration of function ‘aegis128_pick_best_implementation’; did you mean ‘aegis128l_pick_best_implementatio’? [-Wimplicit-function-declaration]
   52 |     if (aegis128_pick_best_implementation() != 0 || aegis256_pick_best_implementation() != 0) {
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |         aegis128l_pick_best_implementation
make[2]: *** [CMakeFiles/aegis.dir/build.make:188: CMakeFiles/aegis.dir/src/common/common.c.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:83: CMakeFiles/aegis.dir/all] Error 2
make: *** [Makefile:136: all] Error 2

documentation errors

all the documentation in src/include/aegis128l.h claims 32 byte keys and nonces

 * npub: nonce input buffer (32 bytes)
 * k: key input buffer (32 bytes)