haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,015 Commits 15 Branches 30 Tags 2.5 MiB
314a9caba7
Commit Graph

115 Commits

Author SHA1 Message Date
Carlos Rodriguez
314a9caba7 Merge branch 'master' of https://github.com/haskell-crypto/cryptonite 
# Conflicts:
#	cryptonite.cabal
#	tests/KAT_PubKey.hs
 2018-11-03 20:23:25 +01:00
Olivier Chéron
f4e094aacb Fix PKCS#1 v1.5 padding 
The padding string is at least 8 bytes long + 3 other bytes,
so it should be 11.
 2018-10-29 20:43:02 +01:00
Carlos Rodriguez
c285d7f527 Added OAEP scheme and created test vectors for Rabin cryptosystem. 2018-10-06 16:53:22 +02:00
Carlos Rodriguez
e7b3abebf8 Implemented Rabin cryptosystem and some of its variations (including Rabin-Williams). 2018-09-06 20:27:32 +02:00
Olivier Chéron
d0ac50c1af Additional QA clean-up 2018-04-29 10:43:55 +02:00
Chris Martin
d2da00445d fix spelling of "exponent" 2018-04-05 21:44:40 -04:00
Vincent Hanquez
6346b8289c
Merge pull request #202 from ocheron/ed25519-arith-negate 
Ed25519 arithmetic primitives
 2017-12-17 18:12:50 +00:00
Olivier Chéron
3aaa89d52e Add missing NFData instances 2017-11-27 20:43:08 +01:00
Olivier Chéron
8d7e0d236c Add P256.pointNegate 2017-11-20 19:28:17 +01:00
Olivier Chéron
b8b59be5a5 Normalize result of ECC.pointNegate 2017-11-20 19:28:17 +01:00
Olivier Chéron
4f7d742461 Export and test ECC.pointNegate 2017-11-20 19:28:16 +01:00
Chris Martin
f77994a729 Various documentation copy editing 2017-11-18 14:27:44 -05:00
Olivier Chéron
9b56689885 Check that ECDH and ECIES result is not point-at-infinity 
This guards against invalid public keys when curves have a cofactor.

Fixes #178
 2017-07-05 22:24:22 +02:00
Olivier Chéron
aec6af5de4 Add note about P256 encoding of point-at-infinity 2017-07-05 22:24:22 +02:00
Olivier Chéron
8e274f8e60 Validate output point when calling P256.pointFromBinary 
Function unsafePointFromBinary is added when validation is not needed.
 2017-07-05 22:24:22 +02:00
Fraser Tweedale
f6c1f21e59 clarify padding requirements for PKCS15 encrypt/decrypt 
The types do not say whether it is necessary to apply pad/unpad to
the input/output of the PKCS15 encrypt/decrypt functions.  Add
comments to clarify that it is not necessary to manually pad/unpad
the message.
 2017-06-26 15:30:01 +02:00
Olivier Chéron
a879845434 Add note about the optional all-zero test 
This is actually a lie: the condition is tested in both curve
implementations but not returned by the Haskell API.  Will be a reminder to
add this in the future.  A function 'allocRetAndFreeze' could be useful.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
75e3bd555e Add Show instances for EdDSA secret keys 
Other algorithms define Show instances for their secrets.
Here ScrubbedBytes will obfuscate the content anyway.

Will be useful for X509.PrivKey, which requires a Show instance.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
6805ddd4f7 Add support for Ed448 
This replaces the Diffie-Hellman API that was previously exported.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
6fb412e2af Use decaf_x448_derive_public_key 2017-06-04 19:25:19 +02:00
Olivier Chéron
23b359d842 Switch Haskell APIs to decaf implementation 
Module 'Curve448' now use decaf.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
ac7eaac523 Simplify Ed25519.generateSecretKey 2017-06-02 19:37:25 +02:00
Baojun Wang
a8902fe119 remove redundant condition test on `hashLen /= B.length mHash` 2017-05-18 21:00:14 -07:00
Baojun Wang
4270f00277 Use `Digest hash` to represent message digest 2017-05-16 10:54:31 -07:00
Baojun Wang
f9a0bc3c53 Allow sign/verify digest directly 
currently sign/verify works on message directly, it would be nice if PSS could sign/verify digest directly. This is useful for:

  1) for some signing server it only has a digest (without message)
  2) message could be very large, for cases when client need request a singing server to sign, it may make more sense for the client to compute digest, then ask server to (PSS) sign the digest
  3) openSSL pkeyutl (PSS) sign operation signs with digest only, not the message, it would be nice to work with openSSL more easily 

*openSSL command line:
```shell
openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1  -pkeyopt digest:sha256 -sign -inkey "pri.key" -in hmac.bin > sig.bin
openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1  -pkeyopt digest:sha256 -verify -inkey "pri.key" -in hmac.bin -sigfile sig.bin
```
 2017-05-15 19:42:19 -07:00
Parnell Springmeyer
94d67ad86d
ed25519: Adding generateSecretKey and a unit test 2017-05-02 16:18:26 -05:00
Kazu Yamamoto
697fe61f9b using pointSize in withTempPoint to fix #151. 2017-04-11 20:32:57 +09:00
Olivier Chéron
6d4a2bb707 Rename Ed448 to Curve448 
This makes the API uniform for both D-H functions, avoids
confusion and leaves the name Ed448 available for EdDSA.
 2017-01-19 20:26:25 +01:00
Vincent Hanquez
4b34abe310 add support For Ed448 in Crypto.ECC. fix #121 2016-12-09 06:42:50 +00:00
Kazu Yamamoto
9845734b2b fixing P256 endian. 2016-12-05 13:34:54 +09:00
Vincent Hanquez
f627bf437a make a faster and more secure related to memory blits of pointDh for P256 2016-12-02 15:47:51 +00:00
Vincent Hanquez
922bed5ac5 add some documentation to ECIES 2016-12-02 15:03:19 +00:00
Vincent Hanquez
8b5a36f44e fix ECIES to work with the rewrite 2016-12-02 15:03:08 +00:00
Vincent Hanquez
f1ebbff464 fixup haddock markup 2016-12-01 16:55:17 +00:00
Vincent Hanquez
a9e3917334 fix Curve25519 generate secret key to work in the MonadRandom instead of IO 2016-12-01 12:50:31 +00:00
Vincent Hanquez
a5fb2ee23a don't export function that replace existing functionality and by-pass errors handling 2016-12-01 12:50:01 +00:00
Kazu Yamamoto
f84aa5d7ce documentation & relaxing types. 2016-11-30 14:48:49 +09:00
Kazu Yamamoto
be6bf11138 using ScrubbedBytes directly. 2016-11-30 14:41:01 +09:00
Kazu Yamamoto
c0b0846232 implmenting encodePoint and decodePoint for TLS. 2016-11-17 13:08:21 +09:00
Kazu Yamamoto
a6f177352a Eq and Show for Point and Scalar. 2016-11-16 16:53:43 +09:00
Kazu Yamamoto
aa33c00855 adding Curve_X25519. 2016-11-16 13:10:57 +09:00
Vincent Hanquez
60bb2cacb4 [ECC] Improve the code base to allow multiples different implementations 
* Use TypeFamilies; need to see what to do for older GHC versions
* Start implementing some API related to ECIES
 2016-11-15 15:05:58 +09:00
Vincent Hanquez
01892ac494 Merge pull request #102 from ocheron/shamirs-trick 
Implement Shamir's trick
 2016-09-15 21:08:48 +01:00
Olivier Chéron
43233cb911 Double-scalar multiplication using Shamir's trick 2016-09-10 12:05:46 +02:00
Olivier Chéron
5854b092a8 Fix ECDH when scalar and coordinate bit sizes differ 2016-09-10 10:26:41 +02:00
Olivier Chéron
c84230c69a Fixed hash truncation used in ECDSA signature & verification 
The function tHash shifted the hash number to an incorrect number of bits
when the bit string had leading zeros.  This is one of two issues reported
in vincenthz/hs-tls#152.
 2016-08-24 23:29:55 +02:00
Bodigrim
7e53922f4f Fix pointMul with negative factor on CurveF2m 2016-07-24 13:40:24 +02:00
John Galt
e2b0e9ee6b [Ed448] Fixed incorrect base point 2016-04-18 13:25:11 -07:00
Vincent Hanquez
0c3f68929b Fix serialization of ECDH and DH 2016-04-09 17:13:51 +01:00
Vincent Hanquez
fd24980530 [ECC] add Bounded instance to CurveName 2016-04-09 13:46:06 +01:00