haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,165 Commits 15 Branches 30 Tags 2.5 MiB
c123752de4
Commit Graph

632 Commits

Author SHA1 Message Date
Olivier Chéron
3c41966b9a Add module Crypto.Number.Nat 
This new module exposes type constraints required by some hash
algorithms and provides functions to check whether the constraints are
satisfied with runtime values.

Resolves #256.
 2019-02-28 07:07:48 +01:00
Olivier Chéron
eccbc11824 Remove Crypto.Internal.Proxy 
Data.Proxy can be used instead now that GHC >= 8.0.  In Data.Proxy the
Proxy type is poly-kinded.
 2019-02-28 07:07:48 +01:00
Olivier Chéron
65932e5a7e Add missing Data instances in Crypto.Hash.Blake2 2019-02-25 06:40:53 +01:00
Crockett
133c6e1b2d Added some redundant constraints for documentation/consistency. Added an INLINABLE pragma to i2ospOf to hopefully increase specializations. 2019-02-24 17:04:10 -08:00
Crockett
0fb8a73d3b Fixed compiler warnings 2019-02-03 16:06:05 -08:00
Crockett
88596509f0 Changed imports to match style of rest of library 2019-02-03 13:51:01 -08:00
Crockett
109600cec2 Added missing imports and removed duplicate imports. Tests pass. 2019-02-03 13:43:54 -08:00
Crockett
c71a6733dd Unified DSA and ECDSA truncate&hash function. 2019-02-03 13:30:56 -08:00
Crockett
d5003a46a6 Fixed hash truncation bug in DSA; added more KATs from RFC 6979. 2019-01-26 15:15:34 -08:00
Olivier Chéron
1d5947f055 Use any instead of not all 2019-01-15 21:24:31 +01:00
Olivier Chéron
f9ae52327c RSASSA-PSS with key of arbitrary length 
Instead of public_size / private_size which are in bytes only, this
uses function numBits to recover the effective length of the modulus
in bits.  The patch also handles removal of unneeded initial byte when
the length is 1 modulo 8.
 2019-01-12 17:43:49 +01:00
Olivier Chéron
274911c608 Accept hlint suggestions 2019-01-12 17:43:49 +01:00
Olivier Chéron
d964064d80 Use heterogeneous equality 2019-01-12 17:43:49 +01:00
Carlos Rodriguez
ddfdbbd4be Removed unnecessary reference to random. 2018-12-18 20:19:14 +01:00
Carlos Rodriguez
cc18bf41ee
Corrected value boundaries in description of function. 2018-11-11 17:14:23 +01:00
Carlos Rodriguez
95f0f3d0c9 Fixed typos in name. 2018-11-03 21:17:46 +01:00
Carlos Rodriguez
3165027840
Fixed typo in name. 2018-11-03 21:12:53 +01:00
Carlos Rodriguez
314a9caba7 Merge branch 'master' of https://github.com/haskell-crypto/cryptonite 
# Conflicts:
#	cryptonite.cabal
#	tests/KAT_PubKey.hs
 2018-11-03 20:23:25 +01:00
Olivier Chéron
9847554392 Fixed comment about expSafe 2018-11-01 09:08:39 +01:00
Olivier Chéron
f4e094aacb Fix PKCS#1 v1.5 padding 
The padding string is at least 8 bytes long + 3 other bytes,
so it should be 11.
 2018-10-29 20:43:02 +01:00
Olivier Chéron
455504b8e2 Implement SHAKE output not divisible by 8 bits 2018-10-23 06:59:07 +02:00
Olivier Chéron
0ab1c41ac8 Add missing Data instances 2018-10-23 06:59:07 +02:00
Olivier Chéron
e10ef06885 Remove unnecessary language extension 2018-10-23 06:59:07 +02:00
Carlos Rodriguez
c285d7f527 Added OAEP scheme and created test vectors for Rabin cryptosystem. 2018-10-06 16:53:22 +02:00
Vincent Hanquez
a8875e462d
Merge pull request #242 from LeifW/derive_data_digest 
Derive a Data instance for Digest.
 2018-09-13 14:31:56 +01:00
Carlos Rodriguez
e7b3abebf8 Implemented Rabin cryptosystem and some of its variations (including Rabin-Williams). 2018-09-06 20:27:32 +02:00
tom-bop
1288127d8e Fix typo in bcrypt example 2018-08-30 17:47:59 +01:00
Leif Warner
8a61d8e5e2 Derive a Data instance for Digest. 2018-06-18 00:20:48 -07:00
Lars Petersen
ff8a1c524d Extend the internal interface of the Blowfish module. 
In preparation of an implementation of the bcrypt_pbkdf (a
variant of PBKDF2 used by OpenSSH) algorithm,
certain low-level operations of the Blowfish algorithm need to
be generalized and exposed.

The Blowfish.Primitive module has already been extended to
account for the requirements imposed by the BCrypt algorithm,
but the salt length was limited to 16 bytes and the BCrypt
specific key schedule setup has been hard-coded into the Blowfish
module.

This commit makes a clear distintion between the expandKey and
expandKeyWithSalt operation. Both take arbitrary sized salts
and keys now. The specialized operation for 16 byte salts as used
by BCrypt has been preserved and is selected automatically.
Also, the BCrypt specific parts have been move to the BCrypt
module with regard to separation of concern.

A benchmark for generating BCrypt hashes with cost 10 shows a
performance improvement from 158 to 141ms on average (Intel i5-6500)
after this refactoring.
Further experiments suggest that the specialized expandKeyWithSalt128
does not have any advantage over the generalized version
and might be removed in favour of less branches and exceptional
behaviour.
 2018-05-08 22:08:20 +02:00
Olivier Chéron
d0ac50c1af Additional QA clean-up 2018-04-29 10:43:55 +02:00
Olivier Chéron
b3a1506d82 Remove conditionals related to SHAKE and Blake2 
Not needed anymore now that GHC > 8.0.
 2018-04-28 08:09:25 +02:00
Olivier Chéron
9d961e92e9 Comment about not having Show instance for HMAC 
Closes #232.
 2018-04-22 19:44:29 +02:00
Olivier Chéron
15f63fd849 Enable powModSecInteger with integer-gmp >= 1.0.2.0 2018-04-20 20:40:53 +02:00
Luke Taylor
d27d464627 Fix cost parsing for bcrypt 
The tens value was wrong for values of 20+, as reported in #230.
It should be 10*costTens not 10^costTens. This wasn't detected because
the values are the same when costTens is 1, and using high cost values
is rare with bcrypt because of the performance hit.

Also added a simple hash and validate test since the KAT tests only do
validation. This doesn't cover this bug since the cost value is too
high to include in the test. It allows similar issues to be tested
locally though.
 2018-04-17 13:51:04 +01:00
Chris Martin
d2da00445d fix spelling of "exponent" 2018-04-05 21:44:40 -04:00
Olivier Chéron
3e5be5fdf3 Add Read instance for Digest type 2018-02-11 09:15:05 +01:00
Vincent Hanquez
b4add57955 Hash: use Block instead of UArray to reduce memory usage 2018-02-04 23:06:02 +00:00
Olivier Chéron
325c87febf Use pattern matching 2018-02-04 14:35:43 +01:00
Olivier Chéron
4926cbb143 Improve types and indentation, fix typo 2018-02-03 19:05:20 +01:00
Baojun Wang
1e57f41e1d check AESCCM IV length in ccmInit instead of aeadInit 2018-02-03 09:34:57 +01:00
Baojun Wang
f6d9fb0cf1 aeadInit (ccm) returns CryptoError_IvSizeInvalid when iv size is wrong 2018-02-03 09:34:57 +01:00
Baojun Wang
48770bf79f fix aes ccm decryption cbcmac mis-match 2018-02-03 09:34:57 +01:00
Baojun Wang
1e04890d73 Add ccm decrypt 2018-02-03 09:34:57 +01:00
Baojun Wang
55bf620365 add aes ccm support 2018-02-03 09:31:36 +01:00
Alexander Vieth
6dca020660 improve digestFromByteString efficiency 2018-01-09 17:10:12 -05:00
Vincent Hanquez
c02c43bfc7
Merge pull request #205 from osa1/close_dev_handle 
withDev: Close the FD on exception
 2017-12-17 18:15:31 +00:00
Vincent Hanquez
6346b8289c
Merge pull request #202 from ocheron/ed25519-arith-negate 
Ed25519 arithmetic primitives
 2017-12-17 18:12:50 +00:00
Vincent Hanquez
82c22d50c7
Merge pull request #206 from haskell-crypto/replace-foundation-by-basement 
remove dependency on foundation and moving to basement
 2017-12-17 18:12:41 +00:00
Olivier Chéron
3217038a1a Add pointMulByCofactor and pointHasPrimeOrder 2017-12-17 11:56:33 +01:00
Olivier Chéron
b962952c30 Add introduction and warnings about possible pitfalls 2017-12-17 09:46:42 +01:00
Olivier Chéron
0820cd5c38 Simpler Edwards25519.scalarGenerate 2017-12-16 11:33:38 +01:00
Olivier Chéron
fbe1c213e2 Use throwCryptoError 2017-12-11 06:40:41 +01:00
Olivier Chéron
45723e3542 Rename to Edwards25519 2017-12-10 21:14:47 +01:00
Vincent Hanquez
f861a52b1b remove dependency on foundation and moving to basement 2017-11-30 12:08:08 +00:00
Ömer Sinan Ağacan
d7aeb5f545 withDev: Close the FD on exception 2017-11-30 10:30:29 +03:00
Olivier Chéron
3aaa89d52e Add missing NFData instances 2017-11-27 20:43:08 +01:00
Luke Taylor
5e354f9bfc Use "2b" version prefix in bcrypt hashes 
Makes docs and code consistent - the code now generates hashes
with the "2b" prefix instead of "2a". Shouldn't make any difference
in practice since previously generated hashes should still validate.
 2017-11-27 15:19:23 +00:00
Vincent Hanquez
2293c69f87
Merge pull request #200 from NicolasDP/master 
add instance of MonadFailure to CryptoFailable
 2017-11-25 15:25:21 +00:00
Olivier Chéron
8567bacc2e Add pointNegate to class EllipticCurveArith 2017-11-20 19:28:17 +01:00
Olivier Chéron
8d7e0d236c Add P256.pointNegate 2017-11-20 19:28:17 +01:00
Olivier Chéron
b8b59be5a5 Normalize result of ECC.pointNegate 2017-11-20 19:28:17 +01:00
Olivier Chéron
4f7d742461 Export and test ECC.pointNegate 2017-11-20 19:28:16 +01:00
Olivier Chéron
c55dd4d27f Add Curve_Ed25519 2017-11-20 19:28:16 +01:00
Olivier Chéron
6b3bf37eea Use only fixed-window implementation 2017-11-20 19:28:16 +01:00
Olivier Chéron
123e22ec08 Ed25519 scalar multiplication with 4-bit fixed window 2017-11-20 19:28:16 +01:00
Olivier Chéron
5778909761 Add Ed25519.pointsMulVarTime 2017-11-20 19:28:16 +01:00
Olivier Chéron
35f1d20b79 Ed25519 scalar add & multiply 2017-11-20 19:28:15 +01:00
Olivier Chéron
7d61abff03 Ed25519 point negation 2017-11-20 19:28:15 +01:00
Olivier Chéron
9ea718f55e Arithmetic primitives over curve Ed25519 2017-11-20 19:28:15 +01:00
Vincent Hanquez
896382dfbc
Merge pull request #201 from chris-martin/pr/caps 
Various documentation copy editing
 2017-11-19 16:04:40 +00:00
Vincent Hanquez
c26b331c8e
Merge pull request #199 from ocheron/proxy-backend 
Use Proxy for openBackend
 2017-11-19 16:00:41 +00:00
Chris Martin
f77994a729 Various documentation copy editing 2017-11-18 14:27:44 -05:00
Nicolas Di Prima
393d5804b7 add instance of MonadFailure to CryptoFailable 2017-11-16 20:16:29 +00:00
Olivier Chéron
4723dc0b39 Use Proxy in openBackend 
Replaces 'undefined' and fixes #198.
 2017-10-23 20:39:00 +02:00
Vincent Hanquez
84e96d2fa3 Update context size for Blake2bp and Blake2sp 
Also fix Blake2bp to not use blake2sp functions
 2017-10-02 21:05:30 +01:00
Vincent Hanquez
74f1c1872b [BLAKE2] update context size on the haskell to the latest code 2017-10-02 20:44:51 +01:00
Vincent Hanquez
2ecbd5c052 Merge pull request #189 from ocheron/cast5-wordarray 
CAST5 block cipher
 2017-09-18 21:09:49 +09:00
Vincent Hanquez
110ad7b510 Merge pull request #188 from ocheron/hash-tutorial 
More content for Crypto.Tutorial
 2017-09-18 20:54:40 +09:00
Vincent Hanquez
57fc438c83 typo in documentation 2017-09-18 10:32:21 +01:00
Olivier Chéron
bb2363eea7 Add CAST5 aka CAST-128 
Haskell translation of RFC 2144.
 2017-09-17 11:28:56 +02:00
Olivier Chéron
c6c715f465 Add note about Digest implementing ByteArrayAccess 2017-08-22 20:39:29 +02:00
Olivier Chéron
007f69c557 Add Crypto.Hash examples to tutorial 2017-08-22 20:39:27 +02:00
Olivier Chéron
80ed642f85 Add introduction to tutorial 2017-08-22 20:39:24 +02:00
Vincent Hanquez
9d43c332de fix digest size for nat-typed blake2 2017-07-08 07:58:09 +01:00
Vincent Hanquez
ccc3930072 Merge pull request #182 from haskell-crypto/hash-type-nat 
Add HashBlockSize & HashDigestSize & HashInternalContextSize type family
 2017-07-07 21:45:22 +01:00
Vincent Hanquez
d13ce585ab add further unrolling of Div8 to match Mod8 2017-07-07 21:44:29 +01:00
Vincent Hanquez
b18ec653b8 rename bitLen -> bitlen. GHC 8.2 is stricted about name of type variables 2017-07-07 19:26:59 +01:00
Vincent Hanquez
0dc0f30b86 Add HashBlockSize & HashDigestSize & HashInternalContextSize type family for all Hash algorithms 
supercedes PR #158
 2017-07-07 18:28:06 +01:00
Vincent Hanquez
664a37c16d [ChaCha] only required byteArrayAccess and add a way to convert from binary 2017-07-07 17:32:09 +01:00
Vincent Hanquez
f559c7bd9d [ChaCha] only need ByteArrayAccess for initialization 2017-07-07 17:31:30 +01:00
Olivier Chéron
9b56689885 Check that ECDH and ECIES result is not point-at-infinity 
This guards against invalid public keys when curves have a cofactor.

Fixes #178
 2017-07-05 22:24:22 +02:00
Olivier Chéron
aec6af5de4 Add note about P256 encoding of point-at-infinity 2017-07-05 22:24:22 +02:00
Olivier Chéron
adc192ac17 Add constAllZero 2017-07-05 22:24:22 +02:00
Olivier Chéron
8e274f8e60 Validate output point when calling P256.pointFromBinary 
Function unsafePointFromBinary is added when validation is not needed.
 2017-07-05 22:24:22 +02:00
Fraser Tweedale
f6c1f21e59 clarify padding requirements for PKCS15 encrypt/decrypt 
The types do not say whether it is necessary to apply pad/unpad to
the input/output of the PKCS15 encrypt/decrypt functions.  Add
comments to clarify that it is not necessary to manually pad/unpad
the message.
 2017-06-26 15:30:01 +02:00
Vincent Hanquez
1bcfa2e087 Merge pull request #167 from ocheron/eddsa-minimal 
Improve Curve448 and add Ed448
 2017-06-19 13:49:07 +01:00
Sergei Trofimovich
d911a34258 fix build failure with -f-support_deepseq disabled 
How to reproduce:

```
$ cabal configure -f-support_deepseq
Resolving dependencies...
Configuring cryptonite-0.23...

$ cabal build
Building cryptonite-0.23...
Preprocessing library cryptonite-0.23...
[114 of 120] Compiling Crypto.PubKey.RSA.Types ( Crypto/PubKey/RSA/Types.hs, dist/build/Crypto/PubKey/RSA/Types

Crypto/PubKey/RSA/Types.hs:48:30: error:
    • No instance for (NFData Integer) arising from a use of ‘rnf’
    • In the first argument of ‘seq’, namely ‘rnf n’
      In the expression: rnf n `seq` rnf e `seq` sz `seq` ()
      In an equation for ‘rnf’:
          rnf (PublicKey sz n e) = rnf n `seq` rnf e `seq` sz `seq` ()
```

The fix is to inctoruce 'NFData Integer' instance to `Crypto/Internal/DeepSeq`.

Closes: https://github.com/haskell-crypto/cryptonite/issues/171
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
 2017-06-19 10:37:23 +01:00
Olivier Chéron
e71d9b135c Derive Show,Data,Typeable when defining curve singletons 2017-06-10 14:26:59 +02:00
Olivier Chéron
5c2988716e Validate P256 point when decoding 
Fixes #165.
 2017-06-10 14:26:59 +02:00
Olivier Chéron
a879845434 Add note about the optional all-zero test 
This is actually a lie: the condition is tested in both curve
implementations but not returned by the Haskell API.  Will be a reminder to
add this in the future.  A function 'allocRetAndFreeze' could be useful.
 2017-06-04 19:25:19 +02:00