Jaeden Amero
010c2cb456
gf128mul: Inline instead of making a new module
2018-06-13 12:03:29 +01:00
Jaeden Amero
97cc3b1354
gf128mul: Remove the jump table
...
If we're unlucky with memory placement, gf128mul_table_bbe may spread over
two cache lines and this would leak b >> 63 to a cache timing attack.
Instead, take an approach that is less likely to make different memory
loads depending on the value of b >> 63 and is also unlikely to be compiled
to a condition.
2018-06-13 12:03:29 +01:00
Aorimn
5f77801ac3
Implement AES-XTS mode
...
XTS mode is fully known as "xor-encrypt-xor with ciphertext-stealing".
This is the generalization of the XEX mode.
This implementation is limited to an 8-bits (1 byte) boundary, which
doesn't seem to be what was thought considering some test vectors [1].
This commit comes with tests, extracted from [1], and benchmarks.
Although, benchmarks aren't really nice here, as they work with a buffer
of a multiple of 16 bytes, which isn't a challenge for XTS compared to
XEX.
[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
2018-06-13 12:03:27 +01:00
Aorimn
380162c34c
Double perf for AES-XEX
...
As seen from the first benchmark run, AES-XEX was running pourly (even
slower than AES-CBC). This commit doubles the performances of the
current implementation.
2018-06-13 12:02:30 +01:00
Aorimn
daf7045372
Add benchmark for AES-XEX
...
This commit adds benchmark based on what has already been done with
AES-CBC mode.
2018-06-13 12:02:30 +01:00
Aorimn
8bb817a4c1
Add AES-XEX to the version features
2018-06-13 12:02:29 +01:00
Aorimn
9bbe3632e4
Rename exported symbols to please check-names.sh
...
Exported symbols seem to need the "mbedtls_" prefix, which has been
added to be128 and gf128mul_x_ble.
2018-06-13 12:01:50 +01:00
Aorimn
fb67fae83a
Add AES-XEX tests cases
...
The test cases come from the XTS test vectors given by the CAVP initiative
from NIST (see [1]).
As mentioned in a previous commit, XEX is a simpler case of XTS.
Therefore, to construct the test_suite_aes.xex.data file, extraction of
the XEX-possible cases has been done on the given test vectors.
All of the extracted test vectors pass the tests on a Linux x86_64 machine.
[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
2018-06-13 12:01:50 +01:00
Aorimn
75e3661ebe
Add AES-XEX mode to the default config file
...
Adding the AES-XEX mode to the default config file permits this mode to
be compiled, and tested, which may be needed for some programs in the
future.
2018-06-13 12:01:48 +01:00
Aorimn
0089d36ae5
Implement AES-XEX mode
...
XEX mode, known as "xor-encrypt-xor", is the simple case of the XTS
mode, known as "XEX with ciphertext stealing". When the buffers to be
encrypted/decrypted have a length divisible by the length of a standard
AES block (16), XTS is exactly like XEX.
2018-06-13 11:56:03 +01:00
Aorimn
b053658f95
Add 2 files for multiplication in GF(128)
...
Multiplication in GF(128) is required by the AES-XEX mode for computing
X in the XEX formula from
https://en.wikipedia.org/wiki/Disk_encryption_theory#Xor-encrypt-xor_.28XEX.29
2018-06-13 11:56:03 +01:00
Jaeden Amero
9f52aebe2e
tests: Fix name of 33 byte AES cipher tests
...
We named the tests "32 bytes", but actually tested with 33 bytes. Fix the
mistake.
2018-06-13 11:56:03 +01:00
Simon Butcher
4ed3880a10
Fix ChangeLog whitespace errors and add entry for PR #1646
...
PR #1646 is a change to the behaviour of the CMake files therefore should be
recorded in the Changelog.
2018-06-12 17:35:06 +01:00
Simon Butcher
f3987b3b24
Add ChangeLog entry for CCM*
...
CCM* in PR #1667 is a feature and a functional enhancement and was missing a
ChangeLog entry.
2018-06-12 17:07:43 +01:00
Simon Butcher
601144e199
Add entry to ChangeLog for PR #795
...
PR #795 fixes issue #777 , 'check matching issuer crt and key for all algs' and
needs a ChangeLog entry
2018-06-12 17:04:58 +01:00
Simon Butcher
ae4cafa2a6
Merge remote-tracking branch 'public/pr/795' into development
2018-06-12 16:55:47 +01:00
Simon Butcher
c7638fab29
Fix ChangeLog entry after merge of HKDF
...
Fix Changelog entry for the next version of Mbed TLS after merge of HKDF PR,
2018-06-12 16:54:02 +01:00
Simon Butcher
e47d6fd97e
Merge remote-tracking branch 'public/pr/1497' into development
2018-06-12 16:53:04 +01:00
Simon Butcher
ebe23ed738
Fix up the ChangeLog for the new version
...
Fix the ChangeLog for the next version of Mbed TLS following merge of PR #1593 .
2018-06-12 16:46:45 +01:00
Simon Butcher
f0d7629771
Merge remote-tracking branch 'public/pr/1593' into development
2018-06-12 16:41:41 +01:00
Simon Butcher
ebb6427992
Merge remote-tracking branch 'public/pr/1646' into development
2018-06-12 16:41:04 +01:00
Simon Butcher
263498ac36
Merge remote-tracking branch 'public/pr/1667' into development
2018-06-12 16:40:07 +01:00
Simon Butcher
dbe80c6957
Merge remote-tracking branch 'public/pr/1668' into development
2018-06-12 16:39:56 +01:00
Simon Butcher
0b11e75802
Merge remote-tracking branch 'public/pr/1692' into development
2018-06-12 16:39:36 +01:00
Simon Butcher
4844bf2b5c
Add OFB as additional block mode
...
Following rebasing on the development branch which introduced the ARIA cipher,
OFB was missing as a block mode from some cipher tables.
2018-06-11 15:21:05 +01:00
Jaeden Amero
cb2c935a54
aes: Clarify IV requirements for OFB mode
...
Combine the two "must be unique" phrases into one for clarity. An IV
that is universally unique is also unique for each encryption operation.
2018-06-11 14:03:22 +01:00
Simon Butcher
5db13621ec
Clarify documentation for AES OFB
...
1. Changed reference/link to NIST SP800-38A
2. Clarified language around AES-OFB usage
2018-06-11 14:03:22 +01:00
Simon Butcher
33cb519cda
Add decrypt tests to AES OFB Cipher module
...
Adds additional tests for AES-128, AES-192, and AES-256, for OFB block mode, for
the cipher wrapper module.
2018-06-11 14:03:22 +01:00
Simon Butcher
b7836e1e8c
Change AES OFB tests to memset sizeof buffer
2018-06-11 14:03:22 +01:00
Simon Butcher
e416bf93d2
Reduce stack usage for AES OFB tests
...
Reduced the size of allocated buffers to the minimum for OFB tests.
2018-06-11 14:03:22 +01:00
Simon Butcher
968646c079
Clarify comments on use of AES OFB block mode
2018-06-11 14:03:22 +01:00
Simon Butcher
00131446be
Fix style and formatting for OFB feature
2018-06-11 14:03:22 +01:00
Simon Butcher
374bcd4255
Add to OFB cipher tests AES-192 and AES-256 OFB
2018-06-11 14:03:22 +01:00
Simon Butcher
dbe7fbf391
Remove unused variable in AES OFB test suite
...
Remove iv_len, an unused variable, in AES OFB test suite function, to fix gcc
compiler warning.
2018-06-11 14:03:22 +01:00
Simon Butcher
6873c845e8
Update cipher.h for OFB block mode documentation
...
Raises the doxygen comments for OFB to the same level as other block modes.
2018-06-11 14:03:22 +01:00
Simon Butcher
ad4e4938d1
Fix AES-OFB support for errors, tests and self-test
...
Adds error handling into mbedtls_aes_crypt_ofb for AES errors, a self-test
for the OFB mode using NIST SP 800-38A test vectors and adds a check to
potential return errors in setting the AES encryption key in the OFB test
suite.
2018-06-11 14:03:22 +01:00
Simon Butcher
7487c5b2c8
Add missing OFB entry to null ciphersuite
...
The OFB entry has been omitted from the the null cipher suite definition,
null_base_info.
2018-06-11 14:03:22 +01:00
Simon Butcher
8c0fd1e881
Add cipher abstraction and test cases for OFB block mode
...
Adds OFB as additional block mode in the cipher abstraction, and additional
test cases for that block mode.
2018-06-11 14:03:22 +01:00
Simon Butcher
0301884f00
Add test cases for AES OFB block mode
...
Adds test cases from NIST SP800-38A for OFB block mode to AES-128/192/256, for
the configuration of MBEDTLS_CIPHER_MODE_OFB.
2018-06-11 14:03:22 +01:00
Simon Butcher
76a5b22973
Add OFB block mode to AES-128/192/256
...
Adds a new configuration of MBEDTLS_CIPHER_MODE_OFB and OFB mode to AES.
2018-06-11 14:03:22 +01:00
Jaeden Amero
10e0e4d4ff
hkdf: Add negative tests
...
Test for the expected bad input parameter error when given specific sets of
bad input parameters.
2018-06-11 13:10:14 +01:00
Jaeden Amero
3618962cab
hkdf: Add tests for extract and expand
...
Add tests for mbedtls_hkdf_extract() and mbedtls_hkdf_expand() from the
test vectors in Appendix A of RFC 5869.
2018-06-11 13:10:14 +01:00
Jaeden Amero
798363e4dc
Add ChangeLog entry for HKDF
2018-06-11 13:10:14 +01:00
Thomas Fossati
656864b360
Add an HKDF (RFC 5869) implementation
2018-06-11 13:10:14 +01:00
Simon Butcher
fcfa4c21c1
Merge remote-tracking branch 'public/pr/1699' into development
2018-06-11 11:24:33 +01:00
Darryl Green
2a1edacb1b
Change symlink to hardlink to avoid permission issues
2018-06-08 10:07:32 +01:00
Gilles Peskine
0a0e08a618
mbedtls_gcm_crypt_and_tag: clarify what each mode does and doesn't do
2018-06-07 14:47:38 +02:00
Darryl Green
d75ee64c1f
Fix out-of-tree testing symlinks on Windows
2018-06-07 11:55:50 +01:00
Gilles Peskine
80f679b938
Correct and clarify the documentation of GCM whole-message functions
...
Clarify the roles of the buffer parameter and their sizes.
Remove a statement about input size restrictions that only applies to
mbedtls_gcm_update, not to the whole-message functions.
Document the possible error codes.
Warn that mbedtls_gcm_crypt_and_tag in decrypt mode does not
authenticate the data and recommend using mbedtls_gcm_auth_decrypt
instead.
2018-06-06 16:55:41 +02:00
Simon Butcher
c041435fcf
Merge remote-tracking branch 'public/pr/1694' into development
2018-06-06 15:17:03 +01:00