haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,135 Commits 15 Branches 30 Tags 2.5 MiB
7ac3060873
Commit Graph

144 Commits

Author SHA1 Message Date
Olivier Chéron
7ac3060873 Better P256.pointMul performance 
Use dedicated function to avoid multiplying the basepoint with 0.
 2020-01-06 18:49:12 +01:00
Olivier Chéron
18c6e37ef1 Merge pull request #300 from ocheron/tc-ecdsa 
ECDSA with a type class
 2019-12-01 08:47:33 +01:00
Brian Wignall
78684bc62b Fix typos 2019-11-30 18:22:26 -05:00
Olivier Chéron
8f75165f8b Time-constant P256 scalar inversion 2019-11-11 17:46:16 +01:00
Olivier Chéron
096e2ec0bd Add XSalsa.derive and example 
This function adds one more HSalsa key derivation to an XSalsa context
that has previously been initialized.  It allows multi-level cascades
like the 2-level done by NaCl crypto_box.
 2019-09-09 19:32:24 +02:00
Olivier Chéron
908f979d44 Add AES-GCM-SIV 2019-08-25 16:38:01 +02:00
Olivier Chéron
0075b57f90 Add internal AES CTR variant with 32-bit counter 
This variant of CTR mode is used by AES-GCM-SIV.  The counter is in
little-endian format and uses the first four bytes of the IV only.
 2019-08-25 08:55:49 +02:00
Olivier Chéron
262252a5c4 Merge pull request #291 from ocheron/p256-point-add 
Faster P256.pointAdd
 2019-08-25 08:51:58 +02:00
Olivier Chéron
4ca77b8cf5 Faster P256.pointAdd 
Convert to projective coordinates without expansive calls to function
'scalar_mult'.
 2019-08-21 09:32:53 +02:00
Olivier Chéron
fc07a8b931 Fix counter wrapping in AES GCM 
The generic and AESNI implementations used different conventions
regarding counter wrapping in GCM.  The generic code was based on
function block128_inc_be, for which the counter is a 128-bit value.
Whereas the AESNI code used intrinsic function _mm_add_epi64, and
therefore wrapping at 2^64.

In NIST.SP.800-38d the GCM specification mandates to use incrementing
function inc32, wrapping after 2^32 blocks.  This commit changes both
generic and AESNI implementations to align to the specification and
adds a test vector specially crafted to start encryption with IV block
0xfffffffffffffffffffffffffffffffe.
 2019-08-20 10:34:40 +02:00
Olivier Chéron
0d32f9b833 Remove unused variables 2019-08-12 21:11:01 +02:00
Olivier Chéron
91c87deae1 Add Crypto.System.CPU 2019-06-15 09:28:02 +02:00
Olivier Chéron
2cf3b75636 AES CCM: use AESNI in CBC-MAC computation when possible 2019-06-06 06:48:22 +02:00
Olivier Chéron
4df2a95276 AES GCM: use Shoup's method with 4-bit table 2019-06-06 06:48:16 +02:00
Olivier Chéron
5b39ae3e48 Add missing void and const 2019-05-26 11:50:07 +02:00
Olivier Chéron
c8a4e48e0c Remove unused variables 2019-05-26 11:50:07 +02:00
Olivier Chéron
d25e44ea61 Add GHASH implementation with PCLMULQDQ 2019-05-19 11:18:40 +02:00
Olivier Chéron
cddbc2cef9 Remove unopt_gf_mul 2019-05-19 11:16:34 +02:00
Olivier Chéron
1551436111 Add KMAC 2019-04-28 09:14:25 +02:00
Olivier Chéron
47123ed97a Better P256 scalar primitives 
Allows scalars in full range [ 0 .. 2^256-1 ].  Modular reduction is
added a few more operations with conditional selection.
 2019-03-24 08:31:45 +01:00
Olivier Chéron
3253501166 Time-constant P256.scalarAdd and P256.scalarSub 2019-03-21 07:04:01 +01:00
Sibi Prabakaran
af9f9548d6
Update reference blake2 implementation with upstream 2019-02-21 17:16:00 +05:30
Olivier Chéron
1490f080a5 Use aligned block128 functions 
Applies similar changes to what was done in #175.
 2018-02-04 14:36:03 +01:00
Olivier Chéron
4926cbb143 Improve types and indentation, fix typo 2018-02-03 19:05:20 +01:00
Baojun Wang
d5f8348a4b use nonce_len for memcpy 2018-02-03 09:34:57 +01:00
Baojun Wang
e01ef4386e Add AESCCM test vectors for testing 2018-02-03 09:34:57 +01:00
Baojun Wang
035693240d fix wrong condition check in cryptonite_aes_ccm_aad 2018-02-03 09:34:57 +01:00
Baojun Wang
fefe5d75e3 flavor condition checks instead of asserts 2018-02-03 09:34:57 +01:00
Baojun Wang
48770bf79f fix aes ccm decryption cbcmac mis-match 2018-02-03 09:34:57 +01:00
Baojun Wang
55bf620365 add aes ccm support 2018-02-03 09:31:36 +01:00
Olivier Chéron
3217038a1a Add pointMulByCofactor and pointHasPrimeOrder 2017-12-17 11:56:33 +01:00
Olivier Chéron
251f164f47 Apply bugfix to Edwards25519.pointsMulVarTime 2017-12-17 09:46:42 +01:00
Olivier Chéron
8d7e0d236c Add P256.pointNegate 2017-11-20 19:28:17 +01:00
Olivier Chéron
6b3bf37eea Use only fixed-window implementation 2017-11-20 19:28:16 +01:00
Olivier Chéron
d497040ddd Avoid direct indexed access in precomputed table 2017-11-20 19:28:16 +01:00
Olivier Chéron
123e22ec08 Ed25519 scalar multiplication with 4-bit fixed window 2017-11-20 19:28:16 +01:00
Olivier Chéron
5778909761 Add Ed25519.pointsMulVarTime 2017-11-20 19:28:16 +01:00
Olivier Chéron
35f1d20b79 Ed25519 scalar add & multiply 2017-11-20 19:28:15 +01:00
Olivier Chéron
7d61abff03 Ed25519 point negation 2017-11-20 19:28:15 +01:00
Olivier Chéron
9ea718f55e Arithmetic primitives over curve Ed25519 2017-11-20 19:28:15 +01:00
Olivier Chéron
cdc1a1aa17 Fix link error with OpenBSD and strip --strip-unneeded 
Resolves #186
 2017-09-17 18:15:00 +02:00
Olivier Chéron
72c3fa0f6a Update decaf to upstream commit '807a7e6' 
* Don't use vector arithmetic in generic arch_32

* fix comments add/subtract
 2017-09-17 11:45:26 +02:00
James Clarke
2b43be4d84 Fix many cases of unaligned accesses 2017-06-25 18:10:55 +01:00
Steve Langasek
7f0f5bd3fa Actually process unaligned data through trampoline buffer 
Follow-on to commit ba10930, which implemented a trampoline buffer but then
used the unaligned input character array instead.  This commit /actually/
fixes #108, having been tested on an affected architecture :)
 2017-06-23 21:46:43 -07:00
Olivier Chéron
bf0a476187 Update decaf to upstream commit 'b29565f' 
Fix assertion on x448(0)
 2017-06-19 21:15:03 +02:00
Olivier Chéron
8ecde60853 Compilation warnings on Windows 2017-06-04 19:25:19 +02:00
Olivier Chéron
8be9856402 Compilation warnings on OpenBSD 
Replaces unnecessary aligned(32) with aligned(16) instead.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
3c89f0d0b7 Simplify decaf build with Cabal 
Keeping only one finite field, header 'f_field.h' can be included
from Cabal standard 'include-dirs'.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
961dd63eaf Remove decaf code related to SHAKE 
Use cryptonite code instead.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
6b4621b14f Remove previous X448 implementation 
This ensures it is not necessary anymore.
 2017-06-04 19:25:19 +02:00