haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
uni2work
cryptonite/tests/KAT_AES
History
Olivier Chéron fc07a8b931 Fix counter wrapping in AES GCM 
The generic and AESNI implementations used different conventions
regarding counter wrapping in GCM.  The generic code was based on
function block128_inc_be, for which the counter is a 128-bit value.
Whereas the AESNI code used intrinsic function _mm_add_epi64, and
therefore wrapping at 2^64.

In NIST.SP.800-38d the GCM specification mandates to use incrementing
function inc32, wrapping after 2^32 blocks.  This commit changes both
generic and AESNI implementations to align to the specification and
adds a test vector specially crafted to start encryption with IV block
0xfffffffffffffffffffffffffffffffe.
2019-08-20 10:34:40 +02:00
..
KATCBC.hs [tests] expands tabs, and remove redundant binding 2015-08-30 07:49:30 +01:00
KATCCM.hs Improve types and indentation, fix typo 2018-02-03 19:05:20 +01:00
KATECB.hs [tests] expands tabs, and remove redundant binding 2015-08-30 07:49:30 +01:00
KATGCM.hs Fix counter wrapping in AES GCM 2019-08-20 10:34:40 +02:00
KATOCB3.hs [AES] tests: remove dead definitions 2015-04-18 07:59:15 +01:00
KATXTS.hs [AES] tests: remove dead definitions 2015-04-18 07:59:15 +01:00