haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
734 Commits 15 Branches 30 Tags 2.5 MiB
typeable
Commit Graph

418 Commits

Author SHA1 Message Date
Vincent Hanquez
18a9634bb7 Merge pull request #92 from Bodigrim/number-f2m 
Arithmetic over F2m
 2016-07-28 20:23:38 +01:00
Luke Taylor
fb66c35f46 Add a check for salt length in bcrypt function 
Raises an error (as the original doc claimed) if the salt is not the
required length of 16 bytes.

validatePasswordEither doesn't require separate checking since the hash
length as a whole is checked, implicitly ensuring the salt is the right
length. Therefore it shouldn't be possible to trigger the error by
calling this function.

Fixes #93.
 2016-07-27 17:45:33 +02:00
Bodigrim
2dec05f48b Restore import of <$> 2016-07-24 14:54:22 +02:00
Bodigrim
7e53922f4f Fix pointMul with negative factor on CurveF2m 2016-07-24 13:40:24 +02:00
Bodigrim
b25df69e26 Speed up squaring 3x (now 10% faster than mul) 2016-07-24 11:00:54 +02:00
Bodigrim
66ae77e805 Fix tests and provide documentation for Crypto.Number.F2m 2016-07-24 11:00:54 +02:00
Bodigrim
e80eaa56f3 Tests for Crypto.Number.F2m 2016-07-24 10:58:50 +02:00
Luke Taylor
de17b66e31 Fix buffer length in scrypt 
The temporary XY buffer passed to the scrypt_smix C function should be
256r+64 bytes in length, but the Haskell code was only allocating 256r
bytes, causing the additional 64 to be written past the end of the
buffer.

See #91.
 2016-06-13 21:08:06 +01:00
Vincent Hanquez
dc8bb8934c Merge pull request #77 from khibino/mp 
Adding miyaguchi-preneel hash construction
 2016-06-13 05:57:44 +01:00
Kei Hibino
7989dc71b0 fix unpad of zero-padding and add tests. 2016-06-08 22:57:35 +09:00
Kei Hibino
ec7e73401f apply zero-padding to miyaguchi-preneel. 2016-06-08 22:26:14 +09:00
Kei Hibino
c2285db4e3 add zero padding and its test. 2016-06-08 22:23:41 +09:00
Kei Hibino
87867b49bc rename definitions which compute miyaguchi-preneel hash. 2016-06-08 01:13:23 +09:00
Kei Hibino
f9c1aa713f drop cipherInit'. 2016-06-02 17:05:17 +09:00
Denis Redozubov
512605d513 fix documentation typo 2016-05-05 19:51:22 +03:00
Yann Esposito (Yogsototh)
92531e8ca6
Just adding an example. Inspired by the Turtle doc 2016-04-28 10:10:10 +02:00
John Galt
e2b0e9ee6b [Ed448] Fixed incorrect base point 2016-04-18 13:25:11 -07:00
Kei Hibino
fce698b821 [MP] Drop data constructor access. 2016-04-12 14:53:16 +09:00
Kei Hibino
0f241e31db [MP] drop the accessor in favor of just using the ByteArrayAccess constraint 2016-04-12 11:00:01 +09:00
Vincent Hanquez
0c3f68929b Fix serialization of ECDH and DH 2016-04-09 17:13:51 +01:00
Vincent Hanquez
fd24980530 [ECC] add Bounded instance to CurveName 2016-04-09 13:46:06 +01:00
Vincent Hanquez
605e5cf6a6 Merge branch 'master' of https://github.com/haskell-crypto/cryptonite 2016-04-09 13:45:18 +01:00
Vincent Hanquez
0fa83e32d8 [ECDH][DH] change SharedKey representation to be the usual bytes-like representation 
Prevent mistake when the serialization is not done properly, for example missing
the padding when necessary.
 2016-04-09 13:45:05 +01:00
Vincent Hanquez
e29c8a6fe5 [DH] Keep The field size in bits, in Params 2016-04-09 13:41:40 +01:00
Vincent Hanquez
a73c1b9171 [CMAC] drop the accessor in favor of just using the ByteArrayAccess constraint 2016-04-09 10:31:13 +01:00
Vincent Hanquez
2b0f0dab9c Merge branch 'master' of https://github.com/haskell-crypto/cryptonite 2016-04-09 08:43:07 +01:00
Vincent Hanquez
d7e26e34ee [random] add a seed capability with export/import from integer. 
It decomposes the drgNew call that was gathering entropy then
initializing a ChaChaDRG, into 2 new calls seedNew and drgNewSeed.

drgNew remains unchanged.

The integer importing capability, should be used when wanting to bring
reproducibility to a debugging problem or for testing, otherwise it's
probably a bad idea to use.
 2016-04-09 08:33:37 +01:00
Kei Hibino
5d96c804ae Add infered cipher version. 2016-04-08 16:43:55 +09:00
Kei Hibino
3af88f3145 Add smart constructor of MiyaguchiPreneel hash type. 2016-04-08 16:11:17 +09:00
Kei Hibino
285d9fb433 Specify each chunk type. 2016-04-07 14:43:44 +09:00
Kei Hibino
327d75c2d4 Add comments about irreducible binary polynomial. 2016-04-06 11:59:26 +09:00
Kei Hibino
4442744b1d Add the smart constructor of CMAC type. 2016-04-06 09:41:50 +09:00
Kei Hibino
5e4b126fc5 Add implementation of MiyaguchiPreneel. 2016-04-03 05:51:07 +09:00
Kei Hibino
ca0c3830eb Add implementation of CMAC. 2016-04-01 19:25:04 +09:00
Vincent Hanquez
149bfa6010 [HKDF] document a bit better extractSkip 2016-03-29 07:17:24 +01:00
Vincent Hanquez
93fad940e4 Improve context memory usage of Keccak and SHA3 
saves up to 72 bytes per context for SHA3-512
 2016-03-26 10:29:33 +00:00
Vincent Hanquez
f362d50d46 [bcrypt] make the haddock comment reflect what happens to the cost value. 
also fix a tpyo
 2016-02-25 07:48:30 +00:00
Vincent Hanquez
b07a856127 Merge pull request #62 from clinty/dsa-truncate 
Do DSS truncation on verify
 2016-02-11 08:04:32 +00:00
John Galt
a04b56d2a3 Added Ed448-Goldilocks support 2016-02-09 01:22:55 -07:00
Vincent Hanquez
d80a499582 removed bounded names for useless parameter 2016-02-04 07:28:42 +00:00
Clint Adams
4c6b774a3d Do DSS truncation on verify 
RFC 4880 and FIPS 186-4 require that DSA signatures truncate the
hash to the size of q.  This changes Crypto.PubKey.DSA.verify
to do so in all cases.
 2016-01-10 17:05:37 -05:00
Vincent Hanquez
50631d3150 Add support for blake2s(p) 224 bits 2016-01-09 10:09:35 +00:00
Vincent Hanquez
99049cc66e Merge pull request #53 from kinoru/master 
[ChaChaPoly1305] fix type error of example code
 2016-01-05 17:49:58 +00:00
Vincent Hanquez
43890b1175 Add support for HKDF (RFC 5869) 2015-12-28 14:32:07 +00:00
John Galt
26976b1583 [blake2] Added reference implementation 
This commit allows the user to select either the portable reference
implementation or the optimized (SSE) implementation.
 2015-12-16 07:49:30 -06:00
kinoru
5a2809a0f8 [ChaChaPoly1305] fix type error of example code 
The example code had a type mismatch.

    Couldn't match expected type ‘State’
                with actual type ‘CryptoFailable State’
    In the second argument of ‘appendAAD’, namely ‘st1’
    In the second argument of ‘($)’, namely ‘appendAAD hdr st1’

This is due to the following part:

    let st1 = ChaChaPoly1305.initialize key nonce
        st2 = ChaChaPoly1305.finalizeAAD $ ChaChaPoly1305.appendAAD hdr st1

`initialize` returns `CryptoFailable State`, not `State`.

This commit fixes the type mismatch, changes the return type of the
example function to `CryptoFailable ByteString`, and makes the code
to be immediately copy-and-paste-able.
 2015-12-03 18:05:04 +00:00
Maciej Pietrzak
6020bde0e2 Add support_blake2 flag. 2015-11-30 22:17:21 +01:00
Vincent Hanquez
812b5d1aed [blake2] uncapitalize the modules and types as it's not abbreviation. 2015-11-19 14:24:54 +00:00
Vincent Hanquez
fae5f084cf [Blake2] define the algorithm as a multiple algorithm so that the output digest size is explicit in the digest types. 2015-11-19 12:10:14 +00:00
Vincent Hanquez
69f9d225eb [hash] trim hash algorithm with multiple output size. 
The output size is now passed by parameter to the finalize function
instead of being stored in the context. that simplify quite a
bit the passing of this parameter
 2015-11-19 11:52:21 +00:00
Vincent Hanquez
ad285be68c [Hash] tweak internal C API to have the hashlen 2015-11-19 11:37:38 +00:00
Vincent Hanquez
2785a50228 Merge pull request #42 from Rufflewind/master 
Document the arguments for DH.generateParams
 2015-11-18 21:51:53 +00:00
Vincent Hanquez
6ae67d5c91 Merge pull request #46 from centromere/nonce-fix 
Fix endianness of incrementNonce function for ChaChaPoly1305
 2015-11-18 16:52:27 +00:00
Vincent Hanquez
093f1af8e4 Merge pull request #41 from kinoru/master 
Fix typo: Kekkak -> Keccak
 2015-11-18 15:38:19 +00:00
John Galt
53270f1ef6 Removed unused language extension 2015-11-16 13:13:18 -05:00
John Galt
320186cdd1 Fix endianness of incrementNonce function for ChaChaPoly1305 2015-11-16 12:59:01 -05:00
John Galt
880dfae098 Added BLAKE2 support 2015-11-12 12:33:20 -05:00
Vincent Hanquez
da2f445690 [Poly1305] fix size of Authentication tag creation from Bytestring 2015-11-06 22:00:49 +00:00
Vincent Hanquez
d47ae454d5 [Poly1305] Add a way to create AuthTag from ByteArray. 2015-11-05 15:02:50 +00:00
Vincent Hanquez
7928198923 [doc] Add missing documentation call 2015-11-04 15:18:05 +00:00
Vincent Hanquez
7bd3a8f892 [ChaChaPoly1305] Document everything 2015-11-04 15:17:32 +00:00
Phil Ruffwind
fba0565d78 Document the arguments for DH.generateParams 
Also fix the formatting in the docs of Serialize.i2ospOf
 2015-11-03 20:20:53 +08:00
Vincent Hanquez
2191dddf5b [Curve25519] use the Crypto.Error api instead of an Either type for parsing types 2015-11-02 11:17:19 +00:00
kinoru
558c21491e Fix typo: Kekkak -> Keccak 
The SHA-3 winning algorithm's name is Keccak (pronounced "catch-ack"),
not Kekkak.

- <http://keccak.noekeon.org/>
- <http://www.nist.gov/itl/csd/sha-100212.cfm>
- <https://en.wikipedia.org/wiki/SHA-3>
 2015-10-27 14:56:42 +00:00
John Galt
55c6988a6e Added support for incrementing Nonces 2015-10-05 14:08:08 -04:00
Vincent Hanquez
c94df41f02 [ECC] fix compilation of missing numBits 2015-09-22 17:48:43 +01:00
Vincent Hanquez
b63dc38c49 [ECC] add generate for ECC generic's scalar and point Base Multiplication helper. 2015-09-22 17:23:22 +01:00
Vincent Hanquez
08a8155f12 [P256] add function to generate a new scalar, and to get the base point. 2015-09-22 17:22:13 +01:00
Vincent Hanquez
9a1f06e3e8 [ECC] add curveSizeBits 2015-09-22 17:21:35 +01:00
Luke Taylor
6d33b66245 BCrypt module doc updates 
- Add doctest style example usage
- List most relevant functions
- Reformat comments
- Minor corrections and additions
 2015-09-01 15:22:58 +01:00
Vincent Hanquez
71fe77da68 [endianess] fix some issues on non supported arches 2015-08-28 17:10:27 +01:00
Joachim Breitner
507a8f8cea Use mkLE, not LE 
to make sure the conversion to little endian is actually happening. This
fixes a test failure in ChaChaPoly1305. Fixes #31.
 2015-08-27 14:52:37 +02:00
Vincent Hanquez
ea8cb2d45a [blowfish] remove unnecessary list of word32 for the schedule 
Just use the binary's array directly
 2015-08-27 10:57:28 +01:00
Luke Taylor
f346c46243 Add BCrypt module doc and a validatePasswordEither fn 2015-08-26 10:33:36 +01:00
Luke Taylor
39d5eb13fe Add bcrypt password hashing and validation API 2015-08-26 10:33:36 +01:00
Luke Taylor
2566e46185 Implement the eksBlowfish function 
This modifies the standard blowfish key schedule function to accept an
optional salt and cost as used in bcrypt and modifies the algorithm
accordingly to implement the "expensive" version.

The standard blowfish version is just the same but with a salt value of
zero and a single call to the expandKey function. See the original
bcrypt paper for more details.
 2015-08-26 10:33:35 +01:00
Luke Taylor
08ebde2f09 Modify creation of Blowfish key schedule 
Changes to create it from an array of Word32, instead of using
mutableArray32FromAddrBE, which seems to reverse the words.
 2015-08-26 10:33:35 +01:00
Vincent Hanquez
cd8f70e062 [Padding] add PKCS5/PKCS7 padding/unpadding methods 2015-08-18 12:03:05 +01:00
Vincent Hanquez
4653f36d19 [Poly1305] add NFData for Tag. 2015-07-30 14:40:35 +01:00
Vincent Hanquez
ead424f793 [Scrypt] reduce line size of comment 2015-07-29 10:03:43 +01:00
Vincent Hanquez
8a0bacfc6d [Poly1305] make initialize explicitely failable 2015-07-29 09:49:49 +01:00
Vincent Hanquez
4af8185d65 add new MAC key error 2015-07-29 09:45:51 +01:00
Vincent Hanquez
e064af5cba [chachapoly1305] properly handle the decryption, and change combine to encrypt. 2015-07-29 07:24:46 +01:00
Vincent Hanquez
ce849fb0d2 [ChaChaPoly1305] add implementation and simple KAT test 2015-07-19 17:53:56 +01:00
Vincent Hanquez
5dab0190ac [Poly1305] Rename Ctx to State 2015-07-19 17:51:46 +01:00
Vincent Hanquez
ce043f49a1 [AES] fix wrongly indented comment 2015-07-19 17:51:00 +01:00
Andrey Sverdlichenko
4581a737d7 Use non-blocking IO with /dev/random. 
Do not wait for data to appear from /dev/random, otherwise server is blocked
for a few seconds if there is no entropy left.
 2015-06-29 07:32:42 +00:00
Vincent Hanquez
b37ee01636 [random] add a System "DRG" 2015-06-20 15:51:42 +01:00
Vincent Hanquez
25526e24a1 Merge branch 'hashdescr' 2015-06-19 11:06:11 +01:00
Vincent Hanquez
0b6b2d661c [Random] allow drgNew to be run in any MonadRandom directly. 
this allow cascading, create a DRG from another DRG
 2015-06-19 11:05:54 +01:00
Vincent Hanquez
0d2290a4a1 [RSA] allow data to be passed as is, instead of hashed 2015-06-19 11:04:37 +01:00
Vincent Hanquez
39cf449ba7 add some missing instance of HashAlgorithmASN1 2015-06-19 11:04:17 +01:00
Tobias Florek
ff36164305 copy withRandomBytes from crypto-random 2015-06-12 20:52:15 +02:00
Vincent Hanquez
a9df2a2180 [RSA] remove hashdescr in favor of just specifying the algorithm directly 
The extra information is embedded in the HashAlgorithmASN1 class
that allow a digest to ASN1 structured.
 2015-06-10 12:27:37 +01:00
Vincent Hanquez
0900f3b1b0 Merge pull request #9 from tekul/aescleanup 
Remove unused AES primitives functions and exports
 2015-06-09 15:17:51 +01:00
Vincent Hanquez
fb4006b41a Merge branch 'master' of https://github.com/vincenthz/cryptonite 2015-06-09 14:39:33 +01:00
Vincent Hanquez
35bad8c241 [hash] properly display Digest just like cryptohash. 
fix #8
 2015-06-09 14:35:23 +01:00
Luke Taylor
875b80107c Remove unused AES primitives functions and exports 
The code for initializing different AEAD modes is now encapsulated in
the BlockCipher type and the individual mode encryption and decryption
functions have been replaced by generalized versions, so are no longer
used.
 2015-06-09 11:45:39 +02:00
Luke Taylor
4e1437d4fd Minor haddock fixes 
Fix some incorrect parameter descriptions and spelling/typos.
 2015-06-07 13:26:26 +02:00
Vincent Hanquez
7301c719bf [P256] use ScrubbedBytes for Scalar 2015-06-02 14:22:48 +01:00