haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
829 Commits 15 Branches 30 Tags 2.5 MiB
8a9bd75dc7
Commit Graph

469 Commits

Author SHA1 Message Date
Vincent Hanquez
6e1d18f6c2 use the correct compat imports 2016-12-02 16:29:49 +00:00
Vincent Hanquez
a9b722b492 Add missing compatibility modules 2016-12-02 15:48:05 +00:00
Vincent Hanquez
f627bf437a make a faster and more secure related to memory blits of pointDh for P256 2016-12-02 15:47:51 +00:00
Vincent Hanquez
5e52a7ffa2 use binary serializer for P256 instead of going through the simple point layer 2016-12-02 15:28:36 +00:00
Vincent Hanquez
052417e5b1 properly check for point validity before making a point 2016-12-02 15:28:03 +00:00
Vincent Hanquez
922bed5ac5 add some documentation to ECIES 2016-12-02 15:03:19 +00:00
Vincent Hanquez
8b5a36f44e fix ECIES to work with the rewrite 2016-12-02 15:03:08 +00:00
Vincent Hanquez
7e6d7ccb1c complete rewrite of the type class 
Now there's no type created by associated type, it just become a routing type class,
however this has a cost, since the associated type are not injective,
requiring more witness for the curve than before.
 2016-12-02 15:02:48 +00:00
Vincent Hanquez
955f010bff add internal proxy type to create witnesses 2016-12-02 15:00:05 +00:00
Vincent Hanquez
11e42a256d add the binding to get the size by bytes 2016-12-02 14:59:46 +00:00
Vincent Hanquez
422c5fdb09 remove reference to the old api in the documentation 2016-12-02 11:36:48 +00:00
Vincent Hanquez
07b6e80b6d Rewrite EC primitive and types to have the curve as type 2016-12-01 16:56:28 +00:00
Vincent Hanquez
f1ebbff464 fixup haddock markup 2016-12-01 16:55:17 +00:00
Vincent Hanquez
f37d0b79ec remove arithmetic on Curve25519. it's mathematically not possible 2016-12-01 12:53:56 +00:00
Vincent Hanquez
55f385a136 change point decoding to be able to fail explicitely instead of async error call. 2016-12-01 12:51:26 +00:00
Vincent Hanquez
a9e3917334 fix Curve25519 generate secret key to work in the MonadRandom instead of IO 2016-12-01 12:50:31 +00:00
Vincent Hanquez
d80a87da48 add new EC errors 2016-12-01 12:50:10 +00:00
Vincent Hanquez
a5fb2ee23a don't export function that replace existing functionality and by-pass errors handling 2016-12-01 12:50:01 +00:00
Kazu Yamamoto
e9ea55ab57 relaxing types of encodePoint and decodePoint. 2016-11-30 15:34:35 +09:00
Kazu Yamamoto
58151b9965 making PRK an instance of ByteArrayAccess and removing fromPRK/toPRK. 2016-11-30 15:10:48 +09:00
Kazu Yamamoto
f84aa5d7ce documentation & relaxing types. 2016-11-30 14:48:49 +09:00
Kazu Yamamoto
be6bf11138 using ScrubbedBytes directly. 2016-11-30 14:41:01 +09:00
Kazu Yamamoto
3a2eb3c631 using ByteArray(Access) instead of ByteString. 2016-11-30 14:19:39 +09:00
Kazu Yamamoto
39ecb3597a removing a trailing space / a warning. 2016-11-30 14:06:21 +09:00
Kazu Yamamoto
2b9dce2c8a Dropping Show from PRK. 2016-11-28 19:23:20 +09:00
Kazu Yamamoto
c0b0846232 implmenting encodePoint and decodePoint for TLS. 2016-11-17 13:08:21 +09:00
Kazu Yamamoto
a6f177352a Eq and Show for Point and Scalar. 2016-11-16 16:53:43 +09:00
Kazu Yamamoto
aa33c00855 adding Curve_X25519. 2016-11-16 13:10:57 +09:00
Kazu Yamamoto
dea0469c61 adding Curve_P384R1. 2016-11-16 10:02:00 +09:00
Kazu Yamamoto
9a0ec9166a implementing ecdh fpr P256 and P521. 2016-11-15 15:41:00 +09:00
Vincent Hanquez
c29fa82417 add a note about scalarInverse 2016-11-15 15:05:58 +09:00
Vincent Hanquez
f3255c2fa0 fix imports on older versions 2016-11-15 15:05:58 +09:00
Vincent Hanquez
7c833eddfd improve description 2016-11-15 15:05:58 +09:00
Vincent Hanquez
60bb2cacb4 [ECC] Improve the code base to allow multiples different implementations 
* Use TypeFamilies; need to see what to do for older GHC versions
* Start implementing some API related to ECIES
 2016-11-15 15:05:58 +09:00
Kazu Yamamoto
e00c89fb25 adding toByteString and fromByteString to PRK. 2016-11-15 15:04:06 +09:00
Brandon Hamilton
548cbb6f79 Implement the XSalsa20 stream cipher 2016-10-09 15:25:31 +02:00
Vincent Hanquez
01892ac494 Merge pull request #102 from ocheron/shamirs-trick 
Implement Shamir's trick
 2016-09-15 21:08:48 +01:00
Olivier Chéron
43233cb911 Double-scalar multiplication using Shamir's trick 2016-09-10 12:05:46 +02:00
Olivier Chéron
5854b092a8 Fix ECDH when scalar and coordinate bit sizes differ 2016-09-10 10:26:41 +02:00
Olivier Chéron
c84230c69a Fixed hash truncation used in ECDSA signature & verification 
The function tHash shifted the hash number to an incorrect number of bits
when the bit string had leading zeros.  This is one of two issues reported
in vincenthz/hs-tls#152.
 2016-08-24 23:29:55 +02:00
Vincent Hanquez
39a3a6bbcb Merge pull request #95 from glguy/master 
Derive Show instance for CryptoFailable
 2016-07-30 11:08:55 +01:00
Vincent Hanquez
d6608ffc6e Merge pull request #85 from yogsototh/master 
Example of symmetric encryption in documentation.
 2016-07-30 07:10:56 +01:00
Eric Mertens
5b8ae08701 Derive Show instance for CryptoFailable 
Fixes #50

The derived instances use precedences to decide when
parentheses are appropriate.
 2016-07-28 14:02:36 -07:00
Vincent Hanquez
18a9634bb7 Merge pull request #92 from Bodigrim/number-f2m 
Arithmetic over F2m
 2016-07-28 20:23:38 +01:00
Luke Taylor
fb66c35f46 Add a check for salt length in bcrypt function 
Raises an error (as the original doc claimed) if the salt is not the
required length of 16 bytes.

validatePasswordEither doesn't require separate checking since the hash
length as a whole is checked, implicitly ensuring the salt is the right
length. Therefore it shouldn't be possible to trigger the error by
calling this function.

Fixes #93.
 2016-07-27 17:45:33 +02:00
Bodigrim
2dec05f48b Restore import of <$> 2016-07-24 14:54:22 +02:00
Bodigrim
7e53922f4f Fix pointMul with negative factor on CurveF2m 2016-07-24 13:40:24 +02:00
Bodigrim
b25df69e26 Speed up squaring 3x (now 10% faster than mul) 2016-07-24 11:00:54 +02:00
Bodigrim
66ae77e805 Fix tests and provide documentation for Crypto.Number.F2m 2016-07-24 11:00:54 +02:00
Bodigrim
e80eaa56f3 Tests for Crypto.Number.F2m 2016-07-24 10:58:50 +02:00
Luke Taylor
de17b66e31 Fix buffer length in scrypt 
The temporary XY buffer passed to the scrypt_smix C function should be
256r+64 bytes in length, but the Haskell code was only allocating 256r
bytes, causing the additional 64 to be written past the end of the
buffer.

See #91.
 2016-06-13 21:08:06 +01:00
Vincent Hanquez
dc8bb8934c Merge pull request #77 from khibino/mp 
Adding miyaguchi-preneel hash construction
 2016-06-13 05:57:44 +01:00
Kei Hibino
7989dc71b0 fix unpad of zero-padding and add tests. 2016-06-08 22:57:35 +09:00
Kei Hibino
ec7e73401f apply zero-padding to miyaguchi-preneel. 2016-06-08 22:26:14 +09:00
Kei Hibino
c2285db4e3 add zero padding and its test. 2016-06-08 22:23:41 +09:00
Kei Hibino
87867b49bc rename definitions which compute miyaguchi-preneel hash. 2016-06-08 01:13:23 +09:00
Kei Hibino
f9c1aa713f drop cipherInit'. 2016-06-02 17:05:17 +09:00
Denis Redozubov
512605d513 fix documentation typo 2016-05-05 19:51:22 +03:00
Yann Esposito (Yogsototh)
92531e8ca6
Just adding an example. Inspired by the Turtle doc 2016-04-28 10:10:10 +02:00
John Galt
e2b0e9ee6b [Ed448] Fixed incorrect base point 2016-04-18 13:25:11 -07:00
Kei Hibino
fce698b821 [MP] Drop data constructor access. 2016-04-12 14:53:16 +09:00
Kei Hibino
0f241e31db [MP] drop the accessor in favor of just using the ByteArrayAccess constraint 2016-04-12 11:00:01 +09:00
Luke Taylor
e39c849b18 Drop use of 'time' library from OTP implementation 
It now exposes a type alias for Word64 and relies on the user to supply
a value for the current time, allowing them to use the time library of
their choice.

Also bump memory dep to 0.12 and use fromW64BE from that library.
 2016-04-11 17:52:59 +01:00
Vincent Hanquez
0c3f68929b Fix serialization of ECDH and DH 2016-04-09 17:13:51 +01:00
Vincent Hanquez
fd24980530 [ECC] add Bounded instance to CurveName 2016-04-09 13:46:06 +01:00
Vincent Hanquez
605e5cf6a6 Merge branch 'master' of https://github.com/haskell-crypto/cryptonite 2016-04-09 13:45:18 +01:00
Vincent Hanquez
0fa83e32d8 [ECDH][DH] change SharedKey representation to be the usual bytes-like representation 
Prevent mistake when the serialization is not done properly, for example missing
the padding when necessary.
 2016-04-09 13:45:05 +01:00
Vincent Hanquez
e29c8a6fe5 [DH] Keep The field size in bits, in Params 2016-04-09 13:41:40 +01:00
Vincent Hanquez
a73c1b9171 [CMAC] drop the accessor in favor of just using the ByteArrayAccess constraint 2016-04-09 10:31:13 +01:00
Vincent Hanquez
2b0f0dab9c Merge branch 'master' of https://github.com/haskell-crypto/cryptonite 2016-04-09 08:43:07 +01:00
Vincent Hanquez
d7e26e34ee [random] add a seed capability with export/import from integer. 
It decomposes the drgNew call that was gathering entropy then
initializing a ChaChaDRG, into 2 new calls seedNew and drgNewSeed.

drgNew remains unchanged.

The integer importing capability, should be used when wanting to bring
reproducibility to a debugging problem or for testing, otherwise it's
probably a bad idea to use.
 2016-04-09 08:33:37 +01:00
Kei Hibino
5d96c804ae Add infered cipher version. 2016-04-08 16:43:55 +09:00
Kei Hibino
3af88f3145 Add smart constructor of MiyaguchiPreneel hash type. 2016-04-08 16:11:17 +09:00
Kei Hibino
285d9fb433 Specify each chunk type. 2016-04-07 14:43:44 +09:00
Kei Hibino
327d75c2d4 Add comments about irreducible binary polynomial. 2016-04-06 11:59:26 +09:00
Kei Hibino
4442744b1d Add the smart constructor of CMAC type. 2016-04-06 09:41:50 +09:00
Kei Hibino
5e4b126fc5 Add implementation of MiyaguchiPreneel. 2016-04-03 05:51:07 +09:00
Kei Hibino
ca0c3830eb Add implementation of CMAC. 2016-04-01 19:25:04 +09:00
Vincent Hanquez
149bfa6010 [HKDF] document a bit better extractSkip 2016-03-29 07:17:24 +01:00
Vincent Hanquez
93fad940e4 Improve context memory usage of Keccak and SHA3 
saves up to 72 bytes per context for SHA3-512
 2016-03-26 10:29:33 +00:00
Vincent Hanquez
f362d50d46 [bcrypt] make the haddock comment reflect what happens to the cost value. 
also fix a tpyo
 2016-02-25 07:48:30 +00:00
Vincent Hanquez
b07a856127 Merge pull request #62 from clinty/dsa-truncate 
Do DSS truncation on verify
 2016-02-11 08:04:32 +00:00
John Galt
a04b56d2a3 Added Ed448-Goldilocks support 2016-02-09 01:22:55 -07:00
Vincent Hanquez
d80a499582 removed bounded names for useless parameter 2016-02-04 07:28:42 +00:00
Clint Adams
4c6b774a3d Do DSS truncation on verify 
RFC 4880 and FIPS 186-4 require that DSA signatures truncate the
hash to the size of q.  This changes Crypto.PubKey.DSA.verify
to do so in all cases.
 2016-01-10 17:05:37 -05:00
Luke Taylor
f2e5942246 Add totpVerify function 
Also adds a ClockSkew type which limits the acceptable clock skew window
to a limited number of time steps.
 2016-01-10 18:19:53 +00:00
Vincent Hanquez
50631d3150 Add support for blake2s(p) 224 bits 2016-01-09 10:09:35 +00:00
Vincent Hanquez
99049cc66e Merge pull request #53 from kinoru/master 
[ChaChaPoly1305] fix type error of example code
 2016-01-05 17:49:58 +00:00
Luke Taylor
0be97fc5ca Add hash parameter to hotp function 
While HOTP only mentions SHA1, TOTP allows the use of different hash
functions, which implicitly requires that the HOTP implementation support
them too.

This will also allow users to use HOTP with another hash if they so choose,
though it would not be compatible with most client applications, such as
Google authenticator.
 2016-01-04 19:04:38 +00:00
Luke Taylor
47d202a90f Add TOTParams data type 
Reduce the arguments to the totp function (most people will use defaults)
and allows validation of the time step value.

Added a top-level module overview.
 2015-12-28 17:23:26 +00:00
Vincent Hanquez
43890b1175 Add support for HKDF (RFC 5869) 2015-12-28 14:32:07 +00:00
Luke Taylor
88a2cd80f6 Add TOTP function and KATs 
Just uses SHA1 for now. HashAlgorithm is ignored.
 2015-12-27 19:13:22 +00:00
Luke Taylor
48f0598cc7 Make OTP resynch values a tuple 
This is clearer than having two separate arguments.
 2015-12-27 18:43:00 +00:00
Luke Taylor
c5b3622562 Add an OTP resynchronize function 
Allows server to reset its counter to the client's current value, given
a sequence of one or more OTP values.
 2015-12-20 23:33:52 +00:00
Luke Taylor
476f7c10d5 One-time password (OTP) implementation 
Initial commit

- Implementation of HOTP algorithm as defined in RFC 4226
- Tests using values from the spec
 2015-12-20 23:04:14 +00:00
John Galt
26976b1583 [blake2] Added reference implementation 
This commit allows the user to select either the portable reference
implementation or the optimized (SSE) implementation.
 2015-12-16 07:49:30 -06:00
kinoru
5a2809a0f8 [ChaChaPoly1305] fix type error of example code 
The example code had a type mismatch.

    Couldn't match expected type ‘State’
                with actual type ‘CryptoFailable State’
    In the second argument of ‘appendAAD’, namely ‘st1’
    In the second argument of ‘($)’, namely ‘appendAAD hdr st1’

This is due to the following part:

    let st1 = ChaChaPoly1305.initialize key nonce
        st2 = ChaChaPoly1305.finalizeAAD $ ChaChaPoly1305.appendAAD hdr st1

`initialize` returns `CryptoFailable State`, not `State`.

This commit fixes the type mismatch, changes the return type of the
example function to `CryptoFailable ByteString`, and makes the code
to be immediately copy-and-paste-able.
 2015-12-03 18:05:04 +00:00
Maciej Pietrzak
6020bde0e2 Add support_blake2 flag. 2015-11-30 22:17:21 +01:00
Vincent Hanquez
812b5d1aed [blake2] uncapitalize the modules and types as it's not abbreviation. 2015-11-19 14:24:54 +00:00
Vincent Hanquez
fae5f084cf [Blake2] define the algorithm as a multiple algorithm so that the output digest size is explicit in the digest types. 2015-11-19 12:10:14 +00:00