haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
919 Commits 15 Branches 30 Tags 2.5 MiB
5e354f9bfc
Commit Graph

104 Commits

Author SHA1 Message Date
Chris Martin
f77994a729 Various documentation copy editing 2017-11-18 14:27:44 -05:00
Olivier Chéron
9b56689885 Check that ECDH and ECIES result is not point-at-infinity 
This guards against invalid public keys when curves have a cofactor.

Fixes #178
 2017-07-05 22:24:22 +02:00
Olivier Chéron
aec6af5de4 Add note about P256 encoding of point-at-infinity 2017-07-05 22:24:22 +02:00
Olivier Chéron
8e274f8e60 Validate output point when calling P256.pointFromBinary 
Function unsafePointFromBinary is added when validation is not needed.
 2017-07-05 22:24:22 +02:00
Fraser Tweedale
f6c1f21e59 clarify padding requirements for PKCS15 encrypt/decrypt 
The types do not say whether it is necessary to apply pad/unpad to
the input/output of the PKCS15 encrypt/decrypt functions.  Add
comments to clarify that it is not necessary to manually pad/unpad
the message.
 2017-06-26 15:30:01 +02:00
Olivier Chéron
a879845434 Add note about the optional all-zero test 
This is actually a lie: the condition is tested in both curve
implementations but not returned by the Haskell API.  Will be a reminder to
add this in the future.  A function 'allocRetAndFreeze' could be useful.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
75e3bd555e Add Show instances for EdDSA secret keys 
Other algorithms define Show instances for their secrets.
Here ScrubbedBytes will obfuscate the content anyway.

Will be useful for X509.PrivKey, which requires a Show instance.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
6805ddd4f7 Add support for Ed448 
This replaces the Diffie-Hellman API that was previously exported.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
6fb412e2af Use decaf_x448_derive_public_key 2017-06-04 19:25:19 +02:00
Olivier Chéron
23b359d842 Switch Haskell APIs to decaf implementation 
Module 'Curve448' now use decaf.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
ac7eaac523 Simplify Ed25519.generateSecretKey 2017-06-02 19:37:25 +02:00
Baojun Wang
a8902fe119 remove redundant condition test on `hashLen /= B.length mHash` 2017-05-18 21:00:14 -07:00
Baojun Wang
4270f00277 Use `Digest hash` to represent message digest 2017-05-16 10:54:31 -07:00
Baojun Wang
f9a0bc3c53 Allow sign/verify digest directly 
currently sign/verify works on message directly, it would be nice if PSS could sign/verify digest directly. This is useful for:

  1) for some signing server it only has a digest (without message)
  2) message could be very large, for cases when client need request a singing server to sign, it may make more sense for the client to compute digest, then ask server to (PSS) sign the digest
  3) openSSL pkeyutl (PSS) sign operation signs with digest only, not the message, it would be nice to work with openSSL more easily 

*openSSL command line:
```shell
openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1  -pkeyopt digest:sha256 -sign -inkey "pri.key" -in hmac.bin > sig.bin
openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1  -pkeyopt digest:sha256 -verify -inkey "pri.key" -in hmac.bin -sigfile sig.bin
```
 2017-05-15 19:42:19 -07:00
Parnell Springmeyer
94d67ad86d
ed25519: Adding generateSecretKey and a unit test 2017-05-02 16:18:26 -05:00
Kazu Yamamoto
697fe61f9b using pointSize in withTempPoint to fix #151. 2017-04-11 20:32:57 +09:00
Olivier Chéron
6d4a2bb707 Rename Ed448 to Curve448 
This makes the API uniform for both D-H functions, avoids
confusion and leaves the name Ed448 available for EdDSA.
 2017-01-19 20:26:25 +01:00
Vincent Hanquez
4b34abe310 add support For Ed448 in Crypto.ECC. fix #121 2016-12-09 06:42:50 +00:00
Kazu Yamamoto
9845734b2b fixing P256 endian. 2016-12-05 13:34:54 +09:00
Vincent Hanquez
f627bf437a make a faster and more secure related to memory blits of pointDh for P256 2016-12-02 15:47:51 +00:00
Vincent Hanquez
922bed5ac5 add some documentation to ECIES 2016-12-02 15:03:19 +00:00
Vincent Hanquez
8b5a36f44e fix ECIES to work with the rewrite 2016-12-02 15:03:08 +00:00
Vincent Hanquez
f1ebbff464 fixup haddock markup 2016-12-01 16:55:17 +00:00
Vincent Hanquez
a9e3917334 fix Curve25519 generate secret key to work in the MonadRandom instead of IO 2016-12-01 12:50:31 +00:00
Vincent Hanquez
a5fb2ee23a don't export function that replace existing functionality and by-pass errors handling 2016-12-01 12:50:01 +00:00
Kazu Yamamoto
f84aa5d7ce documentation & relaxing types. 2016-11-30 14:48:49 +09:00
Kazu Yamamoto
be6bf11138 using ScrubbedBytes directly. 2016-11-30 14:41:01 +09:00
Kazu Yamamoto
c0b0846232 implmenting encodePoint and decodePoint for TLS. 2016-11-17 13:08:21 +09:00
Kazu Yamamoto
a6f177352a Eq and Show for Point and Scalar. 2016-11-16 16:53:43 +09:00
Kazu Yamamoto
aa33c00855 adding Curve_X25519. 2016-11-16 13:10:57 +09:00
Vincent Hanquez
60bb2cacb4 [ECC] Improve the code base to allow multiples different implementations 
* Use TypeFamilies; need to see what to do for older GHC versions
* Start implementing some API related to ECIES
 2016-11-15 15:05:58 +09:00
Vincent Hanquez
01892ac494 Merge pull request #102 from ocheron/shamirs-trick 
Implement Shamir's trick
 2016-09-15 21:08:48 +01:00
Olivier Chéron
43233cb911 Double-scalar multiplication using Shamir's trick 2016-09-10 12:05:46 +02:00
Olivier Chéron
5854b092a8 Fix ECDH when scalar and coordinate bit sizes differ 2016-09-10 10:26:41 +02:00
Olivier Chéron
c84230c69a Fixed hash truncation used in ECDSA signature & verification 
The function tHash shifted the hash number to an incorrect number of bits
when the bit string had leading zeros.  This is one of two issues reported
in vincenthz/hs-tls#152.
 2016-08-24 23:29:55 +02:00
Bodigrim
7e53922f4f Fix pointMul with negative factor on CurveF2m 2016-07-24 13:40:24 +02:00
John Galt
e2b0e9ee6b [Ed448] Fixed incorrect base point 2016-04-18 13:25:11 -07:00
Vincent Hanquez
0c3f68929b Fix serialization of ECDH and DH 2016-04-09 17:13:51 +01:00
Vincent Hanquez
fd24980530 [ECC] add Bounded instance to CurveName 2016-04-09 13:46:06 +01:00
Vincent Hanquez
0fa83e32d8 [ECDH][DH] change SharedKey representation to be the usual bytes-like representation 
Prevent mistake when the serialization is not done properly, for example missing
the padding when necessary.
 2016-04-09 13:45:05 +01:00
Vincent Hanquez
e29c8a6fe5 [DH] Keep The field size in bits, in Params 2016-04-09 13:41:40 +01:00
Vincent Hanquez
b07a856127 Merge pull request #62 from clinty/dsa-truncate 
Do DSS truncation on verify
 2016-02-11 08:04:32 +00:00
John Galt
a04b56d2a3 Added Ed448-Goldilocks support 2016-02-09 01:22:55 -07:00
Clint Adams
4c6b774a3d Do DSS truncation on verify 
RFC 4880 and FIPS 186-4 require that DSA signatures truncate the
hash to the size of q.  This changes Crypto.PubKey.DSA.verify
to do so in all cases.
 2016-01-10 17:05:37 -05:00
Vincent Hanquez
2785a50228 Merge pull request #42 from Rufflewind/master 
Document the arguments for DH.generateParams
 2015-11-18 21:51:53 +00:00
Vincent Hanquez
7928198923 [doc] Add missing documentation call 2015-11-04 15:18:05 +00:00
Phil Ruffwind
fba0565d78 Document the arguments for DH.generateParams 
Also fix the formatting in the docs of Serialize.i2ospOf
 2015-11-03 20:20:53 +08:00
Vincent Hanquez
2191dddf5b [Curve25519] use the Crypto.Error api instead of an Either type for parsing types 2015-11-02 11:17:19 +00:00
Vincent Hanquez
c94df41f02 [ECC] fix compilation of missing numBits 2015-09-22 17:48:43 +01:00
Vincent Hanquez
b63dc38c49 [ECC] add generate for ECC generic's scalar and point Base Multiplication helper. 2015-09-22 17:23:22 +01:00