Portable C implementations of the AEGIS family of high-performance authenticated ciphers (AEGIS-128L, AEGIS-128X2, AEGIS-128X4, AEGIS-256, AEGIS-256X2, AEGIS-256X4), with runtime CPU detection.
- AEGIS-128L with 16 and 32 bytes tags (software, AES-NI, ARM Crypto)
- AEGIS-128X2 with 16 and 32 bytes tags (software, VAES + AVX2, AES-NI, ARM Crypto)
- AEGIS-128X4 with 16 and 32 bytes tags (software, AVX512, VAES + AVX2, AES-NI, ARM Crypto)
- AEGIS-256 with 16 and 32 bytes tags (software, AES-NI, ARM Crypto)
- AEGIS-256X2 with 16 and 32 bytes tags (software, VAES + AVX2, AES-NI, ARM Crypto)
- AEGIS-256X4 with 16 and 32 bytes tags (software, AVX512, VAES + AVX2, AES-NI, ARM Crypto)
- All variants of AEGIS-MAC, supporting incremental updates and key commitment
- Encryption and decryption with attached and detached tags
- Incremental encryption and decryption
- Unauthenticated encryption and decryption (not recommended - only implemented for specific protocols)
- Deterministic pseudorandom stream generation.
Note that the compiler makes a difference. Zig (or a recent clang
with target-specific options such as -march=native
) produces more efficient code than gcc
.
zig build -Drelease
The library and headers are installed in the zig-out
folder.
To favor performance over side-channel mitigations on WebAssembly and on devices without hardware acceleration, add -Dfavor-performance
:
zig build -Drelease -Dfavor-performance
A benchmark can also be built with the -Dwith-benchmark
option:
zig build -Drelease -Dwith-benchmark
mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX=/install/prefix ..
make install
To favor performance over side-channel mitigations on WebAssembly and on devices without hardware acceleration, add -DFAVOR_PERFORMANCE
.
Copy everything in src
directly into your project, and compile everything like regular C code. No special configuration is required.
Include <aegis.h>
and call aegis_init()
prior to doing anything else with the library.
aegis_init()
checks the CPU capabilities in order to later use the fastest implementations.
aegis
is a set of bindings for Rust.
fizz
is Facebook's implementation of TLS 1.3.picotls
is a TLS 1.3 implementation in C, with support for the AEGIS cipher suites.h2o
is an HTTP/{1,2,3} serverwith support for the AEGIS cipher suites.
AEGIS is very fast on CPUs with parallel execution pipelines and AES support.