Matrix A is expensive to calculate.
Usage of ML-KEM/Kyber is
1. First peer generates a key and sends public to second peer.
2. Second peer encapsulates secret with public key and sends to first
peer.
3. First peer decapsulates (including encapsulating to ensure same as
seen) with key from key generation.
Caching A keeps the matrix A for encapsulation part of decapsulation.
The matrix needs to be transposed for encapsulation.
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.
Add new APIs to support passing in an RNG.
Old APIs create a new RNG.
Only needed for the C implementations that are not small.
Modified TLS and OpenSSL compat API implementations to pass in RNG.
Fixed tests and benchmark program to pass in RNG.
Adds two features for SE050:
1. `WOLFSSL_SE050_AUTO_ERASE`. When enabled, this will automatically
erase a key from the SE050 when `wc_ecc_free()` and friends are
called.
2. `WOLFSSL_SE050_NO_RSA`. This stops RSA offloading onto the SE050,
useful for the SE050E which does not have RSA support.
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
The SE050 port won't compile in the latest wolfSSL. This patch:
* Updates the documentation
* Fixes a missing `#ifdef` that breaks the build
* Changes the use of `mp_int` to `MATH_INT_T`
* Fixes compiler error with `ecc.c`
* Adds a tiny bit of extra debugging info
* Correct cmake script to support Open Watcom toolchain (#8167)
* Fix thread start callback prototype for Open Watcom toolchain (#8175)
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
in wolfcrypt/src/coding.c, add ALIGN64 to hexDecode[], and add hexEncode[] for use by Base16_Encode();
in wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h:
move ctMask*() up so that min() and max() can use them, and add ctMaskWord32GTE();
add ALIGN64 to kHexChar[];
add CT implementation of CharIsWhiteSpace();
remove min_size_t() and max_size_t() recently added, but only one user (refactored).
Implemented based on the NIST Initial Public Draft "NIST SP 800-232 ipd". Testing based on KAT's available at https://github.com/ascon/ascon-c. Added configuration for testing in github action.
Fix spaces at start of copyright line in .asm files.
Changed generation of X25519 and Ed448 code to better match changes
already in C code. Fixed formatting in places.