kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,176 Commits 12 Branches 0 Tags 38 MiB
1a9bc44127
Commit Graph

7 Commits

Author SHA1 Message Date
Adam Langley
1049e26f6b Support several flavours of AES-192. 
Change-Id: I28d302fad0d3d00fa69d3224a96366207729d8d5
 2015-04-06 16:58:46 -07:00
Adam Langley
087930f5b5 Add OFB mode. 
Change-Id: I267cf7897b5a9f73f8de729971cb9e92937011dd
 2015-04-06 16:58:45 -07:00
Adam Langley
0e782a9eb3 Add AEADs for AES-CTR with HMAC-SHA256. 
Change-Id: Id035d2c6ab9c6ae034326c313ffe35e0d035dec1
Reviewed-on: https://boringssl-review.googlesource.com/3911
Reviewed-by: Adam Langley <agl@google.com>
 2015-03-18 21:16:55 +00:00
David Benjamin
165de16c2e Import additional AES-GCM test vector from upstream. 
Upstream added another test vector in 4e049c52599d4a3fd918ba8570f49d88159e551b.

Change-Id: I17855dd479214657f0698b78f93e183cd6cb912e
Reviewed-on: https://boringssl-review.googlesource.com/3880
Reviewed-by: Adam Langley <agl@google.com>
 2015-03-13 19:41:49 +00:00
David Benjamin
0ebfac554e Add tests for padding variations. 
Test that SSLv3 accepts arbitrary padding bytes (hello, POODLE) and rejects
non-minimal padding, while TLS accepts non-minimal padding but rejects
arbitrary padding bytes.

Also test what happens when the MAC is correct, but there is no padding. This
is the case that triggers a failing padding_ok check after the MAC check
on padding_len = 0 passes.

Change-Id: Ia1444c526437899fc57ceafcbcef9c8f5cb9a6c5
Reviewed-on: https://boringssl-review.googlesource.com/2702
Reviewed-by: Adam Langley <agl@google.com>
 2015-01-14 21:09:16 +00:00
David Benjamin
044abb0aaa Implement SSLv3 ciphers with stateful AEADs. 
This introduces another knob into SSL_AEAD_CTX to omit the version from the ad
parameter. It also allows us to fold a few more SSL3_ENC_METHOD hooks together.

Change-Id: I6540d410d4722f734093554fb434dab6e5217d4f
Reviewed-on: https://boringssl-review.googlesource.com/2698
Reviewed-by: Adam Langley <agl@google.com>
 2015-01-14 20:55:58 +00:00
David Benjamin
ea72bd0b60 Implement all TLS ciphers with stateful AEADs. 
The EVP_CIPHER codepath should no longer be used with TLS. It still exists for
DTLS and SSLv3. The AEAD construction in TLS does not allow for
variable-overhead AEADs, so stateful AEADs do not include the length in the ad
parameter. Rather the AEADs internally append the unpadded length once it is
known. EVP_aead_rc4_md5_tls is modified to account for this.

Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The
cipher tests are all moved into crypto/cipher/test because there's now a lot of
them and they clutter the directory listing.

In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs
with a fixed IV component, and for AEADs which use a random nonce (for the
explicit-IV CBC mode ciphers).

The new implementation fixes a bug/quirk in stateless CBC mode ciphers where
the fixed IV portion of the keyblock was generated regardless. This is at the
end, so it's only relevant for EAP-TLS which generates a MSK from the end of
the key block.

Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334
Reviewed-on: https://boringssl-review.googlesource.com/2692
Reviewed-by: Adam Langley <agl@google.com>
 2015-01-14 20:30:26 +00:00