cryptonite

haskell/cryptonite

Fork 0

Commit Graph

Author	SHA1	Message	Date
Olivier Chéron	fc07a8b931	Fix counter wrapping in AES GCM The generic and AESNI implementations used different conventions regarding counter wrapping in GCM. The generic code was based on function block128_inc_be, for which the counter is a 128-bit value. Whereas the AESNI code used intrinsic function _mm_add_epi64, and therefore wrapping at 2^64. In NIST.SP.800-38d the GCM specification mandates to use incrementing function inc32, wrapping after 2^32 blocks. This commit changes both generic and AESNI implementations to align to the specification and adds a test vector specially crafted to start encryption with IV block 0xfffffffffffffffffffffffffffffffe.	2019-08-20 10:34:40 +02:00
James Clarke	2b43be4d84	Fix many cases of unaligned accesses	2017-06-25 18:10:55 +01:00
Vincent Hanquez	6195bd40af	merge cipher-aes C files in cryptonite	2015-01-15 04:58:25 -08:00

Author

SHA1

Message

Date

Olivier Chéron

fc07a8b931

Fix counter wrapping in AES GCM

The generic and AESNI implementations used different conventions
regarding counter wrapping in GCM.  The generic code was based on
function block128_inc_be, for which the counter is a 128-bit value.
Whereas the AESNI code used intrinsic function _mm_add_epi64, and
therefore wrapping at 2^64.

In NIST.SP.800-38d the GCM specification mandates to use incrementing
function inc32, wrapping after 2^32 blocks.  This commit changes both
generic and AESNI implementations to align to the specification and
adds a test vector specially crafted to start encryption with IV block
0xfffffffffffffffffffffffffffffffe.

2019-08-20 10:34:40 +02:00

James Clarke

2b43be4d84

Fix many cases of unaligned accesses

2017-06-25 18:10:55 +01:00

Vincent Hanquez

6195bd40af

merge cipher-aes C files in cryptonite

2015-01-15 04:58:25 -08:00

3 Commits