haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
262252a5c4
cryptonite/cbits/aes
History
Olivier Chéron fc07a8b931 Fix counter wrapping in AES GCM 
The generic and AESNI implementations used different conventions
regarding counter wrapping in GCM.  The generic code was based on
function block128_inc_be, for which the counter is a 128-bit value.
Whereas the AESNI code used intrinsic function _mm_add_epi64, and
therefore wrapping at 2^64.

In NIST.SP.800-38d the GCM specification mandates to use incrementing
function inc32, wrapping after 2^32 blocks.  This commit changes both
generic and AESNI implementations to align to the specification and
adds a test vector specially crafted to start encryption with IV block
0xfffffffffffffffffffffffffffffffe.
2019-08-20 10:34:40 +02:00
..
block128.h Fix counter wrapping in AES GCM 2019-08-20 10:34:40 +02:00
generic.c Fix many cases of unaligned accesses 2017-06-25 18:10:55 +01:00
generic.h cryptonitize AES, and add foreign function interfaces to it (not exported). 2015-04-05 10:44:23 +01:00
gf.c AES GCM: use Shoup's method with 4-bit table 2019-06-06 06:48:16 +02:00
gf.h AES GCM: use Shoup's method with 4-bit table 2019-06-06 06:48:16 +02:00
x86ni_impl.c Fix counter wrapping in AES GCM 2019-08-20 10:34:40 +02:00
x86ni.c AES GCM: use Shoup's method with 4-bit table 2019-06-06 06:48:16 +02:00
x86ni.h AES GCM: use Shoup's method with 4-bit table 2019-06-06 06:48:16 +02:00