haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
795 Commits 15 Branches 30 Tags 2.5 MiB
b658c8a99b
Commit Graph

449 Commits

Author SHA1 Message Date
Kazu Yamamoto
f84aa5d7ce documentation & relaxing types. 2016-11-30 14:48:49 +09:00
Kazu Yamamoto
be6bf11138 using ScrubbedBytes directly. 2016-11-30 14:41:01 +09:00
Kazu Yamamoto
3a2eb3c631 using ByteArray(Access) instead of ByteString. 2016-11-30 14:19:39 +09:00
Kazu Yamamoto
39ecb3597a removing a trailing space / a warning. 2016-11-30 14:06:21 +09:00
Kazu Yamamoto
2b9dce2c8a Dropping Show from PRK. 2016-11-28 19:23:20 +09:00
Kazu Yamamoto
c0b0846232 implmenting encodePoint and decodePoint for TLS. 2016-11-17 13:08:21 +09:00
Kazu Yamamoto
a6f177352a Eq and Show for Point and Scalar. 2016-11-16 16:53:43 +09:00
Kazu Yamamoto
aa33c00855 adding Curve_X25519. 2016-11-16 13:10:57 +09:00
Kazu Yamamoto
dea0469c61 adding Curve_P384R1. 2016-11-16 10:02:00 +09:00
Kazu Yamamoto
9a0ec9166a implementing ecdh fpr P256 and P521. 2016-11-15 15:41:00 +09:00
Vincent Hanquez
c29fa82417 add a note about scalarInverse 2016-11-15 15:05:58 +09:00
Vincent Hanquez
f3255c2fa0 fix imports on older versions 2016-11-15 15:05:58 +09:00
Vincent Hanquez
7c833eddfd improve description 2016-11-15 15:05:58 +09:00
Vincent Hanquez
60bb2cacb4 [ECC] Improve the code base to allow multiples different implementations 
* Use TypeFamilies; need to see what to do for older GHC versions
* Start implementing some API related to ECIES
 2016-11-15 15:05:58 +09:00
Kazu Yamamoto
e00c89fb25 adding toByteString and fromByteString to PRK. 2016-11-15 15:04:06 +09:00
Brandon Hamilton
548cbb6f79 Implement the XSalsa20 stream cipher 2016-10-09 15:25:31 +02:00
Vincent Hanquez
01892ac494 Merge pull request #102 from ocheron/shamirs-trick 
Implement Shamir's trick
 2016-09-15 21:08:48 +01:00
Olivier Chéron
43233cb911 Double-scalar multiplication using Shamir's trick 2016-09-10 12:05:46 +02:00
Olivier Chéron
5854b092a8 Fix ECDH when scalar and coordinate bit sizes differ 2016-09-10 10:26:41 +02:00
Olivier Chéron
c84230c69a Fixed hash truncation used in ECDSA signature & verification 
The function tHash shifted the hash number to an incorrect number of bits
when the bit string had leading zeros.  This is one of two issues reported
in vincenthz/hs-tls#152.
 2016-08-24 23:29:55 +02:00
Vincent Hanquez
39a3a6bbcb Merge pull request #95 from glguy/master 
Derive Show instance for CryptoFailable
 2016-07-30 11:08:55 +01:00
Vincent Hanquez
d6608ffc6e Merge pull request #85 from yogsototh/master 
Example of symmetric encryption in documentation.
 2016-07-30 07:10:56 +01:00
Eric Mertens
5b8ae08701 Derive Show instance for CryptoFailable 
Fixes #50

The derived instances use precedences to decide when
parentheses are appropriate.
 2016-07-28 14:02:36 -07:00
Vincent Hanquez
18a9634bb7 Merge pull request #92 from Bodigrim/number-f2m 
Arithmetic over F2m
 2016-07-28 20:23:38 +01:00
Luke Taylor
fb66c35f46 Add a check for salt length in bcrypt function 
Raises an error (as the original doc claimed) if the salt is not the
required length of 16 bytes.

validatePasswordEither doesn't require separate checking since the hash
length as a whole is checked, implicitly ensuring the salt is the right
length. Therefore it shouldn't be possible to trigger the error by
calling this function.

Fixes #93.
 2016-07-27 17:45:33 +02:00
Bodigrim
2dec05f48b Restore import of <$> 2016-07-24 14:54:22 +02:00
Bodigrim
7e53922f4f Fix pointMul with negative factor on CurveF2m 2016-07-24 13:40:24 +02:00
Bodigrim
b25df69e26 Speed up squaring 3x (now 10% faster than mul) 2016-07-24 11:00:54 +02:00
Bodigrim
66ae77e805 Fix tests and provide documentation for Crypto.Number.F2m 2016-07-24 11:00:54 +02:00
Bodigrim
e80eaa56f3 Tests for Crypto.Number.F2m 2016-07-24 10:58:50 +02:00
Luke Taylor
de17b66e31 Fix buffer length in scrypt 
The temporary XY buffer passed to the scrypt_smix C function should be
256r+64 bytes in length, but the Haskell code was only allocating 256r
bytes, causing the additional 64 to be written past the end of the
buffer.

See #91.
 2016-06-13 21:08:06 +01:00
Vincent Hanquez
dc8bb8934c Merge pull request #77 from khibino/mp 
Adding miyaguchi-preneel hash construction
 2016-06-13 05:57:44 +01:00
Kei Hibino
7989dc71b0 fix unpad of zero-padding and add tests. 2016-06-08 22:57:35 +09:00
Kei Hibino
ec7e73401f apply zero-padding to miyaguchi-preneel. 2016-06-08 22:26:14 +09:00
Kei Hibino
c2285db4e3 add zero padding and its test. 2016-06-08 22:23:41 +09:00
Kei Hibino
87867b49bc rename definitions which compute miyaguchi-preneel hash. 2016-06-08 01:13:23 +09:00
Kei Hibino
f9c1aa713f drop cipherInit'. 2016-06-02 17:05:17 +09:00
Denis Redozubov
512605d513 fix documentation typo 2016-05-05 19:51:22 +03:00
Yann Esposito (Yogsototh)
92531e8ca6
Just adding an example. Inspired by the Turtle doc 2016-04-28 10:10:10 +02:00
John Galt
e2b0e9ee6b [Ed448] Fixed incorrect base point 2016-04-18 13:25:11 -07:00
Kei Hibino
fce698b821 [MP] Drop data constructor access. 2016-04-12 14:53:16 +09:00
Kei Hibino
0f241e31db [MP] drop the accessor in favor of just using the ByteArrayAccess constraint 2016-04-12 11:00:01 +09:00
Luke Taylor
e39c849b18 Drop use of 'time' library from OTP implementation 
It now exposes a type alias for Word64 and relies on the user to supply
a value for the current time, allowing them to use the time library of
their choice.

Also bump memory dep to 0.12 and use fromW64BE from that library.
 2016-04-11 17:52:59 +01:00
Vincent Hanquez
0c3f68929b Fix serialization of ECDH and DH 2016-04-09 17:13:51 +01:00
Vincent Hanquez
fd24980530 [ECC] add Bounded instance to CurveName 2016-04-09 13:46:06 +01:00
Vincent Hanquez
605e5cf6a6 Merge branch 'master' of https://github.com/haskell-crypto/cryptonite 2016-04-09 13:45:18 +01:00
Vincent Hanquez
0fa83e32d8 [ECDH][DH] change SharedKey representation to be the usual bytes-like representation 
Prevent mistake when the serialization is not done properly, for example missing
the padding when necessary.
 2016-04-09 13:45:05 +01:00
Vincent Hanquez
e29c8a6fe5 [DH] Keep The field size in bits, in Params 2016-04-09 13:41:40 +01:00
Vincent Hanquez
a73c1b9171 [CMAC] drop the accessor in favor of just using the ByteArrayAccess constraint 2016-04-09 10:31:13 +01:00
Vincent Hanquez
2b0f0dab9c Merge branch 'master' of https://github.com/haskell-crypto/cryptonite 2016-04-09 08:43:07 +01:00
Vincent Hanquez
d7e26e34ee [random] add a seed capability with export/import from integer. 
It decomposes the drgNew call that was gathering entropy then
initializing a ChaChaDRG, into 2 new calls seedNew and drgNewSeed.

drgNew remains unchanged.

The integer importing capability, should be used when wanting to bring
reproducibility to a debugging problem or for testing, otherwise it's
probably a bad idea to use.
 2016-04-09 08:33:37 +01:00
Kei Hibino
5d96c804ae Add infered cipher version. 2016-04-08 16:43:55 +09:00
Kei Hibino
3af88f3145 Add smart constructor of MiyaguchiPreneel hash type. 2016-04-08 16:11:17 +09:00
Kei Hibino
285d9fb433 Specify each chunk type. 2016-04-07 14:43:44 +09:00
Kei Hibino
327d75c2d4 Add comments about irreducible binary polynomial. 2016-04-06 11:59:26 +09:00
Kei Hibino
4442744b1d Add the smart constructor of CMAC type. 2016-04-06 09:41:50 +09:00
Kei Hibino
5e4b126fc5 Add implementation of MiyaguchiPreneel. 2016-04-03 05:51:07 +09:00
Kei Hibino
ca0c3830eb Add implementation of CMAC. 2016-04-01 19:25:04 +09:00
Vincent Hanquez
149bfa6010 [HKDF] document a bit better extractSkip 2016-03-29 07:17:24 +01:00
Vincent Hanquez
93fad940e4 Improve context memory usage of Keccak and SHA3 
saves up to 72 bytes per context for SHA3-512
 2016-03-26 10:29:33 +00:00
Vincent Hanquez
f362d50d46 [bcrypt] make the haddock comment reflect what happens to the cost value. 
also fix a tpyo
 2016-02-25 07:48:30 +00:00
Vincent Hanquez
b07a856127 Merge pull request #62 from clinty/dsa-truncate 
Do DSS truncation on verify
 2016-02-11 08:04:32 +00:00
John Galt
a04b56d2a3 Added Ed448-Goldilocks support 2016-02-09 01:22:55 -07:00
Vincent Hanquez
d80a499582 removed bounded names for useless parameter 2016-02-04 07:28:42 +00:00
Clint Adams
4c6b774a3d Do DSS truncation on verify 
RFC 4880 and FIPS 186-4 require that DSA signatures truncate the
hash to the size of q.  This changes Crypto.PubKey.DSA.verify
to do so in all cases.
 2016-01-10 17:05:37 -05:00
Luke Taylor
f2e5942246 Add totpVerify function 
Also adds a ClockSkew type which limits the acceptable clock skew window
to a limited number of time steps.
 2016-01-10 18:19:53 +00:00
Vincent Hanquez
50631d3150 Add support for blake2s(p) 224 bits 2016-01-09 10:09:35 +00:00
Vincent Hanquez
99049cc66e Merge pull request #53 from kinoru/master 
[ChaChaPoly1305] fix type error of example code
 2016-01-05 17:49:58 +00:00
Luke Taylor
0be97fc5ca Add hash parameter to hotp function 
While HOTP only mentions SHA1, TOTP allows the use of different hash
functions, which implicitly requires that the HOTP implementation support
them too.

This will also allow users to use HOTP with another hash if they so choose,
though it would not be compatible with most client applications, such as
Google authenticator.
 2016-01-04 19:04:38 +00:00
Luke Taylor
47d202a90f Add TOTParams data type 
Reduce the arguments to the totp function (most people will use defaults)
and allows validation of the time step value.

Added a top-level module overview.
 2015-12-28 17:23:26 +00:00
Vincent Hanquez
43890b1175 Add support for HKDF (RFC 5869) 2015-12-28 14:32:07 +00:00
Luke Taylor
88a2cd80f6 Add TOTP function and KATs 
Just uses SHA1 for now. HashAlgorithm is ignored.
 2015-12-27 19:13:22 +00:00
Luke Taylor
48f0598cc7 Make OTP resynch values a tuple 
This is clearer than having two separate arguments.
 2015-12-27 18:43:00 +00:00
Luke Taylor
c5b3622562 Add an OTP resynchronize function 
Allows server to reset its counter to the client's current value, given
a sequence of one or more OTP values.
 2015-12-20 23:33:52 +00:00
Luke Taylor
476f7c10d5 One-time password (OTP) implementation 
Initial commit

- Implementation of HOTP algorithm as defined in RFC 4226
- Tests using values from the spec
 2015-12-20 23:04:14 +00:00
John Galt
26976b1583 [blake2] Added reference implementation 
This commit allows the user to select either the portable reference
implementation or the optimized (SSE) implementation.
 2015-12-16 07:49:30 -06:00
kinoru
5a2809a0f8 [ChaChaPoly1305] fix type error of example code 
The example code had a type mismatch.

    Couldn't match expected type ‘State’
                with actual type ‘CryptoFailable State’
    In the second argument of ‘appendAAD’, namely ‘st1’
    In the second argument of ‘($)’, namely ‘appendAAD hdr st1’

This is due to the following part:

    let st1 = ChaChaPoly1305.initialize key nonce
        st2 = ChaChaPoly1305.finalizeAAD $ ChaChaPoly1305.appendAAD hdr st1

`initialize` returns `CryptoFailable State`, not `State`.

This commit fixes the type mismatch, changes the return type of the
example function to `CryptoFailable ByteString`, and makes the code
to be immediately copy-and-paste-able.
 2015-12-03 18:05:04 +00:00
Maciej Pietrzak
6020bde0e2 Add support_blake2 flag. 2015-11-30 22:17:21 +01:00
Vincent Hanquez
812b5d1aed [blake2] uncapitalize the modules and types as it's not abbreviation. 2015-11-19 14:24:54 +00:00
Vincent Hanquez
fae5f084cf [Blake2] define the algorithm as a multiple algorithm so that the output digest size is explicit in the digest types. 2015-11-19 12:10:14 +00:00
Vincent Hanquez
69f9d225eb [hash] trim hash algorithm with multiple output size. 
The output size is now passed by parameter to the finalize function
instead of being stored in the context. that simplify quite a
bit the passing of this parameter
 2015-11-19 11:52:21 +00:00
Vincent Hanquez
ad285be68c [Hash] tweak internal C API to have the hashlen 2015-11-19 11:37:38 +00:00
Vincent Hanquez
2785a50228 Merge pull request #42 from Rufflewind/master 
Document the arguments for DH.generateParams
 2015-11-18 21:51:53 +00:00
Vincent Hanquez
6ae67d5c91 Merge pull request #46 from centromere/nonce-fix 
Fix endianness of incrementNonce function for ChaChaPoly1305
 2015-11-18 16:52:27 +00:00
Vincent Hanquez
093f1af8e4 Merge pull request #41 from kinoru/master 
Fix typo: Kekkak -> Keccak
 2015-11-18 15:38:19 +00:00
John Galt
53270f1ef6 Removed unused language extension 2015-11-16 13:13:18 -05:00
John Galt
320186cdd1 Fix endianness of incrementNonce function for ChaChaPoly1305 2015-11-16 12:59:01 -05:00
John Galt
880dfae098 Added BLAKE2 support 2015-11-12 12:33:20 -05:00
Vincent Hanquez
da2f445690 [Poly1305] fix size of Authentication tag creation from Bytestring 2015-11-06 22:00:49 +00:00
Vincent Hanquez
d47ae454d5 [Poly1305] Add a way to create AuthTag from ByteArray. 2015-11-05 15:02:50 +00:00
Vincent Hanquez
7928198923 [doc] Add missing documentation call 2015-11-04 15:18:05 +00:00
Vincent Hanquez
7bd3a8f892 [ChaChaPoly1305] Document everything 2015-11-04 15:17:32 +00:00
Phil Ruffwind
fba0565d78 Document the arguments for DH.generateParams 
Also fix the formatting in the docs of Serialize.i2ospOf
 2015-11-03 20:20:53 +08:00
Vincent Hanquez
2191dddf5b [Curve25519] use the Crypto.Error api instead of an Either type for parsing types 2015-11-02 11:17:19 +00:00
kinoru
558c21491e Fix typo: Kekkak -> Keccak 
The SHA-3 winning algorithm's name is Keccak (pronounced "catch-ack"),
not Kekkak.

- <http://keccak.noekeon.org/>
- <http://www.nist.gov/itl/csd/sha-100212.cfm>
- <https://en.wikipedia.org/wiki/SHA-3>
 2015-10-27 14:56:42 +00:00
John Galt
55c6988a6e Added support for incrementing Nonces 2015-10-05 14:08:08 -04:00
Vincent Hanquez
c94df41f02 [ECC] fix compilation of missing numBits 2015-09-22 17:48:43 +01:00
Vincent Hanquez
b63dc38c49 [ECC] add generate for ECC generic's scalar and point Base Multiplication helper. 2015-09-22 17:23:22 +01:00
Vincent Hanquez
08a8155f12 [P256] add function to generate a new scalar, and to get the base point. 2015-09-22 17:22:13 +01:00
Vincent Hanquez
9a1f06e3e8 [ECC] add curveSizeBits 2015-09-22 17:21:35 +01:00