kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,515 Commits 12 Branches 0 Tags 38 MiB
8de7aef05e
Commit Graph

7 Commits

Author SHA1 Message Date
Adam Langley
8de7aef05e Add a GCM test with non-standard nonce length. 
AES-GCM should have a 12-byte nonce. However, non-standard nonce sizes
are defined by NIST and, although they are a bad idea, people have used
them because they've confused an IV with an nonce and passed in a
16-byte nonce.

This change adds a test for this.

Change-Id: If1efa1aaa19f0119ad4cab9a02a6417c040f45b2
 2015-06-18 17:35:59 -07:00
David Benjamin
4690bb5fc3 Port cipher_test to file_test. 
Derived from upstream's new evp_test. The tests were taken from upstream
but tweaked so the diff from the old cipher_test.txt is more obvious.

Change-Id: Ic82593a8bb6aaee9b69fdc42a8b75516b03c1c5a
Reviewed-on: https://boringssl-review.googlesource.com/4707
Reviewed-by: Adam Langley <agl@google.com>
 2015-05-13 17:00:55 +00:00
Adam Langley
5dca031ca1 Add AES-192 ECB. 
I tried so hard to get rid of AES-192, but it's called from too many
places. I suspect that those places don't actually use it, but it's
dangerous to assume that.

Change-Id: I6208b64a463e3539973532abd21882e0e4c55a1c
 2015-05-04 17:52:24 -07:00
Adam Langley
1049e26f6b Support several flavours of AES-192. 
Change-Id: I28d302fad0d3d00fa69d3224a96366207729d8d5
 2015-04-06 16:58:46 -07:00
Adam Langley
087930f5b5 Add OFB mode. 
Change-Id: I267cf7897b5a9f73f8de729971cb9e92937011dd
 2015-04-06 16:58:45 -07:00
David Benjamin
165de16c2e Import additional AES-GCM test vector from upstream. 
Upstream added another test vector in 4e049c52599d4a3fd918ba8570f49d88159e551b.

Change-Id: I17855dd479214657f0698b78f93e183cd6cb912e
Reviewed-on: https://boringssl-review.googlesource.com/3880
Reviewed-by: Adam Langley <agl@google.com>
 2015-03-13 19:41:49 +00:00
David Benjamin
ea72bd0b60 Implement all TLS ciphers with stateful AEADs. 
The EVP_CIPHER codepath should no longer be used with TLS. It still exists for
DTLS and SSLv3. The AEAD construction in TLS does not allow for
variable-overhead AEADs, so stateful AEADs do not include the length in the ad
parameter. Rather the AEADs internally append the unpadded length once it is
known. EVP_aead_rc4_md5_tls is modified to account for this.

Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The
cipher tests are all moved into crypto/cipher/test because there's now a lot of
them and they clutter the directory listing.

In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs
with a fixed IV component, and for AEADs which use a random nonce (for the
explicit-IV CBC mode ciphers).

The new implementation fixes a bug/quirk in stateless CBC mode ciphers where
the fixed IV portion of the keyblock was generated regardless. This is at the
end, so it's only relevant for EAP-TLS which generates a MSK from the end of
the key block.

Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334
Reviewed-on: https://boringssl-review.googlesource.com/2692
Reviewed-by: Adam Langley <agl@google.com>
 2015-01-14 20:30:26 +00:00