1. 01 Mar, 2019 1 commit
  2. 07 Feb, 2019 13 commits
  3. 29 Aug, 2018 1 commit
  4. 11 Jun, 2018 1 commit
  5. 07 Jun, 2018 1 commit
    • Manuel Pégourié-Gonnard's avatar
      Add option to avoid 64-bit multiplication · 2adb375c
      Manuel Pégourié-Gonnard authored
      Motivation is similar to NO_UDBL_DIVISION.
      
      The alternative implementation of 64-bit mult is straightforward and aims at
      obvious correctness. Also, visual examination of the generate assembly show
      that it's quite efficient with clang, armcc5 and arm-clang. However current
      GCC generates fairly inefficient code for it.
      
      I tried to rework the code in order to make GCC generate more efficient code.
      Unfortunately the only way to do that is to get rid of 64-bit add and handle
      the carry manually, but this causes other compilers to generate less efficient
      code with branches, which is not acceptable from a side-channel point of view.
      
      So let's keep the obvious code that works for most compilers and hope future
      versions of GCC learn to manage registers in a sensible way in that context.
      
      See https://bugs.launchpad.net/gcc-arm-embedded/+bug/1775263
      2adb375c
  6. 24 May, 2018 4 commits
    • Manuel Pégourié-Gonnard's avatar
      Rename aead_chacha20_poly1305 to chachapoly · dca3a5d8
      Manuel Pégourié-Gonnard authored
      While the old name is explicit and aligned with the RFC, it's also very long,
      so with the mbedtls_ prefix prepended we get a 31-char prefix to each
      identifier, which quickly conflicts with our 80-column policy.
      
      The new name is shorter, it's what a lot of people use when speaking about
      that construction anyway, and hopefully should not introduce confusion at
      it seems unlikely that variants other than 20/1305 be standardised in the
      foreseeable future.
      dca3a5d8
    • Daniel King's avatar
      Implement AEAD-ChaCha20-Poly1305. · b8025c58
      Daniel King authored
      This implementation is based off the description in RFC 7539.
      
      The ChaCha20 code is also updated to provide a means of generating
      keystream blocks with arbitrary counter values. This is used to
      generated the one-time Poly1305 key in the AEAD construction.
      b8025c58
    • Daniel King's avatar
      Add Poly1305 authenticator algorithm (RFC 7539) · adc32c0b
      Daniel King authored
      Test vectors are included from RFC 7539.
      
      Poly1305 is also added to the benchmark program.
      adc32c0b
    • Daniel King's avatar
      Initial implementation of ChaCha20 · 34b822ce
      Daniel King authored
      34b822ce
  7. 16 Apr, 2018 1 commit
  8. 12 Apr, 2018 2 commits
  9. 06 Apr, 2018 1 commit
  10. 04 Apr, 2018 1 commit
  11. 21 Mar, 2018 1 commit
  12. 15 Mar, 2018 1 commit
  13. 13 Mar, 2018 1 commit
  14. 09 Mar, 2018 1 commit
  15. 27 Feb, 2018 2 commits
  16. 22 Feb, 2018 1 commit
  17. 26 Jan, 2018 1 commit
    • Gilles Peskine's avatar
      Error codes for hardware accelerator failures · 7ecab3df
      Gilles Peskine authored
      Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography
      modules where the software implementation can be replaced by a hardware
      implementation.
      
      This does not include the individual message digest modules since they
      currently have no way to return error codes.
      
      This does include the higher-level md, cipher and pk modules since
      alternative implementations and even algorithms can be plugged in at
      runtime.
      7ecab3df
  18. 25 Jan, 2018 1 commit
  19. 21 Dec, 2017 3 commits
  20. 17 Oct, 2017 2 commits