haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,181 Commits 15 Branches 30 Tags 2.5 MiB
d0ead79fed
Commit Graph

639 Commits

Author SHA1 Message Date
Olivier Chéron
8e274f8e60 Validate output point when calling P256.pointFromBinary 
Function unsafePointFromBinary is added when validation is not needed.
 2017-07-05 22:24:22 +02:00
Fraser Tweedale
f6c1f21e59 clarify padding requirements for PKCS15 encrypt/decrypt 
The types do not say whether it is necessary to apply pad/unpad to
the input/output of the PKCS15 encrypt/decrypt functions.  Add
comments to clarify that it is not necessary to manually pad/unpad
the message.
 2017-06-26 15:30:01 +02:00
Vincent Hanquez
1bcfa2e087 Merge pull request #167 from ocheron/eddsa-minimal 
Improve Curve448 and add Ed448
 2017-06-19 13:49:07 +01:00
Sergei Trofimovich
d911a34258 fix build failure with -f-support_deepseq disabled 
How to reproduce:

```
$ cabal configure -f-support_deepseq
Resolving dependencies...
Configuring cryptonite-0.23...

$ cabal build
Building cryptonite-0.23...
Preprocessing library cryptonite-0.23...
[114 of 120] Compiling Crypto.PubKey.RSA.Types ( Crypto/PubKey/RSA/Types.hs, dist/build/Crypto/PubKey/RSA/Types

Crypto/PubKey/RSA/Types.hs:48:30: error:
    • No instance for (NFData Integer) arising from a use of ‘rnf’
    • In the first argument of ‘seq’, namely ‘rnf n’
      In the expression: rnf n `seq` rnf e `seq` sz `seq` ()
      In an equation for ‘rnf’:
          rnf (PublicKey sz n e) = rnf n `seq` rnf e `seq` sz `seq` ()
```

The fix is to inctoruce 'NFData Integer' instance to `Crypto/Internal/DeepSeq`.

Closes: https://github.com/haskell-crypto/cryptonite/issues/171
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
 2017-06-19 10:37:23 +01:00
Olivier Chéron
e71d9b135c Derive Show,Data,Typeable when defining curve singletons 2017-06-10 14:26:59 +02:00
Olivier Chéron
5c2988716e Validate P256 point when decoding 
Fixes #165.
 2017-06-10 14:26:59 +02:00
Olivier Chéron
a879845434 Add note about the optional all-zero test 
This is actually a lie: the condition is tested in both curve
implementations but not returned by the Haskell API.  Will be a reminder to
add this in the future.  A function 'allocRetAndFreeze' could be useful.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
75e3bd555e Add Show instances for EdDSA secret keys 
Other algorithms define Show instances for their secrets.
Here ScrubbedBytes will obfuscate the content anyway.

Will be useful for X509.PrivKey, which requires a Show instance.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
6805ddd4f7 Add support for Ed448 
This replaces the Diffie-Hellman API that was previously exported.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
6fb412e2af Use decaf_x448_derive_public_key 2017-06-04 19:25:19 +02:00
Olivier Chéron
23b359d842 Switch Haskell APIs to decaf implementation 
Module 'Curve448' now use decaf.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
ac7eaac523 Simplify Ed25519.generateSecretKey 2017-06-02 19:37:25 +02:00
Olivier Chéron
edd5d94bd4 Make ivAdd more constant-time 
All IV bytes are processed even if accumulator is zero.
 2017-05-31 23:31:29 +02:00
Olivier Chéron
07592ab237 Fix ivAdd overflow behaviour 2017-05-26 09:59:54 +02:00
Olivier Chéron
c6caba88ed Merge pull request #159 from wangbj/patch-1 
Allow sign/verify digest directly
 2017-05-26 09:52:53 +02:00
Baojun Wang
a8902fe119 remove redundant condition test on `hashLen /= B.length mHash` 2017-05-18 21:00:14 -07:00
Elliot Cameron
8971458e06 Fix docs for Argon variants 2017-05-17 17:11:00 -04:00
Baojun Wang
4270f00277 Use `Digest hash` to represent message digest 2017-05-16 10:54:31 -07:00
Baojun Wang
f9a0bc3c53 Allow sign/verify digest directly 
currently sign/verify works on message directly, it would be nice if PSS could sign/verify digest directly. This is useful for:

  1) for some signing server it only has a digest (without message)
  2) message could be very large, for cases when client need request a singing server to sign, it may make more sense for the client to compute digest, then ask server to (PSS) sign the digest
  3) openSSL pkeyutl (PSS) sign operation signs with digest only, not the message, it would be nice to work with openSSL more easily 

*openSSL command line:
```shell
openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1  -pkeyopt digest:sha256 -sign -inkey "pri.key" -in hmac.bin > sig.bin
openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1  -pkeyopt digest:sha256 -verify -inkey "pri.key" -in hmac.bin -sigfile sig.bin
```
 2017-05-15 19:42:19 -07:00
Olivier Chéron
554f0fc701 Restore Haddock comment in tutorial module 
Need to use ordinary comments instead of nested comments
because LANGUAGE pragmas were removed otherwise.

Also adds a table of contents.  We may have other examples
in the future.
 2017-05-05 07:21:52 +02:00
Parnell Springmeyer
94d67ad86d
ed25519: Adding generateSecretKey and a unit test 2017-05-02 16:18:26 -05:00
Vincent Hanquez
67dd8ed7fc [Hash] change Digest to use a foundation UArray that have configurable pinnable memory setting 2017-04-25 14:23:13 +01:00
Vincent Hanquez
a9fd1f079d [Hash] update part of Crypto.Hash.IO to ScopeTypeVariable 2017-04-25 14:22:20 +01:00
Vincent Hanquez
53bd6c13b7 Add missing extension 2017-04-25 14:21:53 +01:00
Vincent Hanquez
ba1dfdf66d [Hash] stylistic improvement using ScopedTypeVariables 
remove the inner function with magic argument in favor of direct
call pinning some types with signature
 2017-04-25 14:16:11 +01:00
Dimitri DeFigueiredo
4aec5fc98e Fix issue #154 2017-04-21 13:51:52 -06:00
Vincent Hanquez
4f988181c7 Merge pull request #150 from SamProtas/twofish 
Twofish
 2017-04-12 07:47:19 +01:00
Kazu Yamamoto
697fe61f9b using pointSize in withTempPoint to fix #151. 2017-04-11 20:32:57 +09:00
Sam Protas
04b4c945c0 Add import to fix backwards compatibility 2017-04-10 00:57:49 -04:00
Sam Protas
762d818ec0 Twofish 192 and 256 bit key support 2017-04-10 00:33:54 -04:00
Olivier Chéron
112d2fbb15 Decrease Argon2 maximum output length 
Fixes #148.
 2017-04-09 17:18:26 +02:00
Sam Protas
b658c8a99b Cleanup and performance 2017-04-04 19:29:40 -04:00
Sam Protas
b1a9c7c047 Performance improvements 2017-04-02 19:36:58 -04:00
Sam Protas
7eedbaa112 Initial implementaiton with passing tests 2017-04-02 18:34:10 -04:00
Vincent Hanquez
2d25b27042 Merge pull request #145 from tdietert/tutorial 
Tutorial Improvement
 2017-03-26 09:27:58 +01:00
tdietert
f639ac9f0d
Update tutorial based on suggestions 2017-03-26 00:47:02 +00:00
tdietert
fd75eac415 Fix Crypto.Tutorial module name 2017-03-19 00:37:36 +00:00
tdietert
ec49ea659e Move language pragmas inside haddocks 2017-03-19 00:02:07 +00:00
tdietert
c76217f75d Added more comprehensive tutorial 2017-03-18 23:57:24 +00:00
Nicolas DI PRIMA
8b6bd1ed5e check for at least one byte and at most 256 or 512 (blake2s or blake2b) 2017-03-13 18:53:07 +00:00
Nicolas DI PRIMA
f0286281fb add new constraints 2017-03-13 18:52:24 +00:00
Nicolas DI PRIMA
c0c33c5254 Use Nat for the Blake2's digest sizes 2017-03-13 00:24:17 +00:00
Nicolas DI PRIMA
cd552ae5f6 move Nat specific to Cryptonite's insternal module 2017-03-13 00:22:53 +00:00
Vincent Hanquez
c4936ce6d8 remove Typeable 2017-02-24 14:03:33 +00:00
Vincent Hanquez
253bf0cb8b Argon2: add working hash function 
* Cleanup argon c files:
  * Remove encoded format and base64 encoder
  * Remove verification code
  * Remove all variants based simple caller
* Add basic hashing function
* Add a simple KAT test
* Define more things at the haskell level
 2017-02-24 13:37:40 +00:00
Vincent Hanquez
26237c5c6d remove spurious header modification 2017-02-19 17:17:49 +00:00
Vincent Hanquez
10d72c8779 remove unneeded extensions 2017-02-19 17:17:35 +00:00
Vincent Hanquez
c342d28436 Compatibility with older version 2017-02-14 23:01:18 +00:00
Vincent Hanquez
343b7593b5 add Constraint for divisibility 2017-02-14 23:01:18 +00:00
Vincent Hanquez
eb661e653e add Typeable for SHAKE 2017-02-14 23:01:18 +00:00
Olivier Chéron
d8ed5ce9f1 Add SHAKE128 and SHAKE256 as HashAlgorithm instances 
Generalizes SHA-3 code for SHAKE support and uses GHC type-level literals
to keep the output length variable.
 2017-02-14 23:01:18 +00:00
Vincent Hanquez
7378fe3f45 add some missing blake2 modes 2017-02-14 16:26:44 +00:00
Vincent Hanquez
634768b2fa add Data also to Hash algorithms 2017-02-14 12:02:26 +00:00
Vincent Hanquez
550a689faf Merge pull request #133 from haskell-crypto/typeable 
add Typeable for all hash algorithms
 2017-02-14 10:37:04 +00:00
Vincent Hanquez
7c33fcedb4 add Typeable to hash algorithm 2017-02-14 10:19:44 +00:00
Vincent Hanquez
e3ef0684f9 Merge pull request #132 from NicolasDP/master 
Add Fast PBKDF2 for SHA1, SHA256 and SHA512
 2017-02-14 09:43:21 +00:00
Nicolas DI PRIMA
002f300021 add fastpbkdf2 with sha512 2017-02-11 14:08:27 +00:00
Nicolas DI PRIMA
4189aa9389 Port Fast PBKDF2 for sha1 and sha256 2017-02-11 14:08:23 +00:00
Vincent Hanquez
d2a8763918 Merge pull request #125 from colatkinson/fix_prime_size 
Fix generated primes being too large
 2017-02-09 07:48:16 +00:00
Vincent Hanquez
e76bbaa8a7 Merge pull request #63 from tekul/otp 
[For Review] HOTP and TOTP implementation
 2017-01-29 20:09:29 +00:00
Olivier Chéron
f832c328d0 Use new module name Crypto.PubKey.Curve448 2017-01-19 20:26:25 +01:00
Olivier Chéron
6d4a2bb707 Rename Ed448 to Curve448 
This makes the API uniform for both D-H functions, avoids
confusion and leaves the name Ed448 available for EdDSA.
 2017-01-19 20:26:25 +01:00
Colin Atkinson
345f4cd141 Fix bug in isProbablyPrime for small numbers 
Fix bug in isProbablyPrime where too many iterations were specified for numbers less than 100

Add clause to isProbablyPrime to use hardcoded values <= 2903
 2017-01-19 00:11:39 -05:00
Colin Atkinson
0cec622ddf Fix generate(Safe)Prime to guarantee prime size 
Add check for size in generatePrime

Add size test in generateSafePrime

Require only that top bit is set, instead of top 2

This is the general standard, see e.g. OpenSSL

Add an error for too few bits being supplied to prime generator, and add documentation

Add some documentation and require highest two bits set

Simplify return syntax in generatePrime and generateSafePrime

Switch exponent to bit-shift for small performance boost
 2017-01-19 00:10:50 -05:00
Vincent Hanquez
fab2ab62f3 Merge pull request #118 from tmciver/master 
Add key length validation to several AES Ciphers.
 2016-12-09 10:59:17 +00:00
Vincent Hanquez
4b34abe310 add support For Ed448 in Crypto.ECC. fix #121 2016-12-09 06:42:50 +00:00
Tim McIver
f5efdee75b Add key length validation to several AES Ciphers. 2016-12-06 22:06:57 -05:00
Kazu Yamamoto
9845734b2b fixing P256 endian. 2016-12-05 13:34:54 +09:00
Kazu Yamamoto
1ba4871032 fixing P256 binary format. 2016-12-05 13:34:33 +09:00
Vincent Hanquez
07bfa10ad7 fix proxy 2016-12-02 21:07:13 +00:00
Vincent Hanquez
6e1d18f6c2 use the correct compat imports 2016-12-02 16:29:49 +00:00
Vincent Hanquez
a9b722b492 Add missing compatibility modules 2016-12-02 15:48:05 +00:00
Vincent Hanquez
f627bf437a make a faster and more secure related to memory blits of pointDh for P256 2016-12-02 15:47:51 +00:00
Vincent Hanquez
5e52a7ffa2 use binary serializer for P256 instead of going through the simple point layer 2016-12-02 15:28:36 +00:00
Vincent Hanquez
052417e5b1 properly check for point validity before making a point 2016-12-02 15:28:03 +00:00
Vincent Hanquez
922bed5ac5 add some documentation to ECIES 2016-12-02 15:03:19 +00:00
Vincent Hanquez
8b5a36f44e fix ECIES to work with the rewrite 2016-12-02 15:03:08 +00:00
Vincent Hanquez
7e6d7ccb1c complete rewrite of the type class 
Now there's no type created by associated type, it just become a routing type class,
however this has a cost, since the associated type are not injective,
requiring more witness for the curve than before.
 2016-12-02 15:02:48 +00:00
Vincent Hanquez
955f010bff add internal proxy type to create witnesses 2016-12-02 15:00:05 +00:00
Vincent Hanquez
11e42a256d add the binding to get the size by bytes 2016-12-02 14:59:46 +00:00
Vincent Hanquez
422c5fdb09 remove reference to the old api in the documentation 2016-12-02 11:36:48 +00:00
Vincent Hanquez
07b6e80b6d Rewrite EC primitive and types to have the curve as type 2016-12-01 16:56:28 +00:00
Vincent Hanquez
f1ebbff464 fixup haddock markup 2016-12-01 16:55:17 +00:00
Vincent Hanquez
f37d0b79ec remove arithmetic on Curve25519. it's mathematically not possible 2016-12-01 12:53:56 +00:00
Vincent Hanquez
55f385a136 change point decoding to be able to fail explicitely instead of async error call. 2016-12-01 12:51:26 +00:00
Vincent Hanquez
a9e3917334 fix Curve25519 generate secret key to work in the MonadRandom instead of IO 2016-12-01 12:50:31 +00:00
Vincent Hanquez
d80a87da48 add new EC errors 2016-12-01 12:50:10 +00:00
Vincent Hanquez
a5fb2ee23a don't export function that replace existing functionality and by-pass errors handling 2016-12-01 12:50:01 +00:00
Kazu Yamamoto
e9ea55ab57 relaxing types of encodePoint and decodePoint. 2016-11-30 15:34:35 +09:00
Kazu Yamamoto
58151b9965 making PRK an instance of ByteArrayAccess and removing fromPRK/toPRK. 2016-11-30 15:10:48 +09:00
Kazu Yamamoto
f84aa5d7ce documentation & relaxing types. 2016-11-30 14:48:49 +09:00
Kazu Yamamoto
be6bf11138 using ScrubbedBytes directly. 2016-11-30 14:41:01 +09:00
Kazu Yamamoto
3a2eb3c631 using ByteArray(Access) instead of ByteString. 2016-11-30 14:19:39 +09:00
Kazu Yamamoto
39ecb3597a removing a trailing space / a warning. 2016-11-30 14:06:21 +09:00
Kazu Yamamoto
2b9dce2c8a Dropping Show from PRK. 2016-11-28 19:23:20 +09:00
Kazu Yamamoto
c0b0846232 implmenting encodePoint and decodePoint for TLS. 2016-11-17 13:08:21 +09:00
Kazu Yamamoto
a6f177352a Eq and Show for Point and Scalar. 2016-11-16 16:53:43 +09:00
Kazu Yamamoto
aa33c00855 adding Curve_X25519. 2016-11-16 13:10:57 +09:00
Kazu Yamamoto
dea0469c61 adding Curve_P384R1. 2016-11-16 10:02:00 +09:00
Kazu Yamamoto
9a0ec9166a implementing ecdh fpr P256 and P521. 2016-11-15 15:41:00 +09:00
Vincent Hanquez
c29fa82417 add a note about scalarInverse 2016-11-15 15:05:58 +09:00
Vincent Hanquez
f3255c2fa0 fix imports on older versions 2016-11-15 15:05:58 +09:00
Vincent Hanquez
7c833eddfd improve description 2016-11-15 15:05:58 +09:00
Vincent Hanquez
60bb2cacb4 [ECC] Improve the code base to allow multiples different implementations 
* Use TypeFamilies; need to see what to do for older GHC versions
* Start implementing some API related to ECIES
 2016-11-15 15:05:58 +09:00
Kazu Yamamoto
e00c89fb25 adding toByteString and fromByteString to PRK. 2016-11-15 15:04:06 +09:00
Brandon Hamilton
548cbb6f79 Implement the XSalsa20 stream cipher 2016-10-09 15:25:31 +02:00
Vincent Hanquez
01892ac494 Merge pull request #102 from ocheron/shamirs-trick 
Implement Shamir's trick
 2016-09-15 21:08:48 +01:00
Olivier Chéron
43233cb911 Double-scalar multiplication using Shamir's trick 2016-09-10 12:05:46 +02:00
Olivier Chéron
5854b092a8 Fix ECDH when scalar and coordinate bit sizes differ 2016-09-10 10:26:41 +02:00
Olivier Chéron
c84230c69a Fixed hash truncation used in ECDSA signature & verification 
The function tHash shifted the hash number to an incorrect number of bits
when the bit string had leading zeros.  This is one of two issues reported
in vincenthz/hs-tls#152.
 2016-08-24 23:29:55 +02:00
Vincent Hanquez
39a3a6bbcb Merge pull request #95 from glguy/master 
Derive Show instance for CryptoFailable
 2016-07-30 11:08:55 +01:00
Vincent Hanquez
d6608ffc6e Merge pull request #85 from yogsototh/master 
Example of symmetric encryption in documentation.
 2016-07-30 07:10:56 +01:00
Eric Mertens
5b8ae08701 Derive Show instance for CryptoFailable 
Fixes #50

The derived instances use precedences to decide when
parentheses are appropriate.
 2016-07-28 14:02:36 -07:00
Vincent Hanquez
18a9634bb7 Merge pull request #92 from Bodigrim/number-f2m 
Arithmetic over F2m
 2016-07-28 20:23:38 +01:00
Luke Taylor
fb66c35f46 Add a check for salt length in bcrypt function 
Raises an error (as the original doc claimed) if the salt is not the
required length of 16 bytes.

validatePasswordEither doesn't require separate checking since the hash
length as a whole is checked, implicitly ensuring the salt is the right
length. Therefore it shouldn't be possible to trigger the error by
calling this function.

Fixes #93.
 2016-07-27 17:45:33 +02:00
Bodigrim
2dec05f48b Restore import of <$> 2016-07-24 14:54:22 +02:00
Bodigrim
7e53922f4f Fix pointMul with negative factor on CurveF2m 2016-07-24 13:40:24 +02:00
Bodigrim
b25df69e26 Speed up squaring 3x (now 10% faster than mul) 2016-07-24 11:00:54 +02:00
Bodigrim
66ae77e805 Fix tests and provide documentation for Crypto.Number.F2m 2016-07-24 11:00:54 +02:00
Bodigrim
e80eaa56f3 Tests for Crypto.Number.F2m 2016-07-24 10:58:50 +02:00
Luke Taylor
de17b66e31 Fix buffer length in scrypt 
The temporary XY buffer passed to the scrypt_smix C function should be
256r+64 bytes in length, but the Haskell code was only allocating 256r
bytes, causing the additional 64 to be written past the end of the
buffer.

See #91.
 2016-06-13 21:08:06 +01:00
Vincent Hanquez
dc8bb8934c Merge pull request #77 from khibino/mp 
Adding miyaguchi-preneel hash construction
 2016-06-13 05:57:44 +01:00
Kei Hibino
7989dc71b0 fix unpad of zero-padding and add tests. 2016-06-08 22:57:35 +09:00
Kei Hibino
ec7e73401f apply zero-padding to miyaguchi-preneel. 2016-06-08 22:26:14 +09:00
Kei Hibino
c2285db4e3 add zero padding and its test. 2016-06-08 22:23:41 +09:00
Kei Hibino
87867b49bc rename definitions which compute miyaguchi-preneel hash. 2016-06-08 01:13:23 +09:00
Kei Hibino
f9c1aa713f drop cipherInit'. 2016-06-02 17:05:17 +09:00
Denis Redozubov
512605d513 fix documentation typo 2016-05-05 19:51:22 +03:00
Yann Esposito (Yogsototh)
92531e8ca6
Just adding an example. Inspired by the Turtle doc 2016-04-28 10:10:10 +02:00
John Galt
e2b0e9ee6b [Ed448] Fixed incorrect base point 2016-04-18 13:25:11 -07:00
Kei Hibino
fce698b821 [MP] Drop data constructor access. 2016-04-12 14:53:16 +09:00
Kei Hibino
0f241e31db [MP] drop the accessor in favor of just using the ByteArrayAccess constraint 2016-04-12 11:00:01 +09:00
Luke Taylor
e39c849b18 Drop use of 'time' library from OTP implementation 
It now exposes a type alias for Word64 and relies on the user to supply
a value for the current time, allowing them to use the time library of
their choice.

Also bump memory dep to 0.12 and use fromW64BE from that library.
 2016-04-11 17:52:59 +01:00
Vincent Hanquez
0c3f68929b Fix serialization of ECDH and DH 2016-04-09 17:13:51 +01:00
Vincent Hanquez
fd24980530 [ECC] add Bounded instance to CurveName 2016-04-09 13:46:06 +01:00
Vincent Hanquez
605e5cf6a6 Merge branch 'master' of https://github.com/haskell-crypto/cryptonite 2016-04-09 13:45:18 +01:00
Vincent Hanquez
0fa83e32d8 [ECDH][DH] change SharedKey representation to be the usual bytes-like representation 
Prevent mistake when the serialization is not done properly, for example missing
the padding when necessary.
 2016-04-09 13:45:05 +01:00
Vincent Hanquez
e29c8a6fe5 [DH] Keep The field size in bits, in Params 2016-04-09 13:41:40 +01:00
Vincent Hanquez
a73c1b9171 [CMAC] drop the accessor in favor of just using the ByteArrayAccess constraint 2016-04-09 10:31:13 +01:00
Vincent Hanquez
2b0f0dab9c Merge branch 'master' of https://github.com/haskell-crypto/cryptonite 2016-04-09 08:43:07 +01:00
Vincent Hanquez
d7e26e34ee [random] add a seed capability with export/import from integer. 
It decomposes the drgNew call that was gathering entropy then
initializing a ChaChaDRG, into 2 new calls seedNew and drgNewSeed.

drgNew remains unchanged.

The integer importing capability, should be used when wanting to bring
reproducibility to a debugging problem or for testing, otherwise it's
probably a bad idea to use.
 2016-04-09 08:33:37 +01:00
Kei Hibino
5d96c804ae Add infered cipher version. 2016-04-08 16:43:55 +09:00
Kei Hibino
3af88f3145 Add smart constructor of MiyaguchiPreneel hash type. 2016-04-08 16:11:17 +09:00
Kei Hibino
285d9fb433 Specify each chunk type. 2016-04-07 14:43:44 +09:00
Kei Hibino
327d75c2d4 Add comments about irreducible binary polynomial. 2016-04-06 11:59:26 +09:00
Kei Hibino
4442744b1d Add the smart constructor of CMAC type. 2016-04-06 09:41:50 +09:00
Kei Hibino
5e4b126fc5 Add implementation of MiyaguchiPreneel. 2016-04-03 05:51:07 +09:00
Kei Hibino
ca0c3830eb Add implementation of CMAC. 2016-04-01 19:25:04 +09:00
Vincent Hanquez
149bfa6010 [HKDF] document a bit better extractSkip 2016-03-29 07:17:24 +01:00
Vincent Hanquez
93fad940e4 Improve context memory usage of Keccak and SHA3 
saves up to 72 bytes per context for SHA3-512
 2016-03-26 10:29:33 +00:00
Vincent Hanquez
f362d50d46 [bcrypt] make the haddock comment reflect what happens to the cost value. 
also fix a tpyo
 2016-02-25 07:48:30 +00:00
Vincent Hanquez
b07a856127 Merge pull request #62 from clinty/dsa-truncate 
Do DSS truncation on verify
 2016-02-11 08:04:32 +00:00
John Galt
a04b56d2a3 Added Ed448-Goldilocks support 2016-02-09 01:22:55 -07:00
Vincent Hanquez
d80a499582 removed bounded names for useless parameter 2016-02-04 07:28:42 +00:00
Clint Adams
4c6b774a3d Do DSS truncation on verify 
RFC 4880 and FIPS 186-4 require that DSA signatures truncate the
hash to the size of q.  This changes Crypto.PubKey.DSA.verify
to do so in all cases.
 2016-01-10 17:05:37 -05:00
Luke Taylor
f2e5942246 Add totpVerify function 
Also adds a ClockSkew type which limits the acceptable clock skew window
to a limited number of time steps.
 2016-01-10 18:19:53 +00:00
Vincent Hanquez
50631d3150 Add support for blake2s(p) 224 bits 2016-01-09 10:09:35 +00:00
Vincent Hanquez
99049cc66e Merge pull request #53 from kinoru/master 
[ChaChaPoly1305] fix type error of example code
 2016-01-05 17:49:58 +00:00
Luke Taylor
0be97fc5ca Add hash parameter to hotp function 
While HOTP only mentions SHA1, TOTP allows the use of different hash
functions, which implicitly requires that the HOTP implementation support
them too.

This will also allow users to use HOTP with another hash if they so choose,
though it would not be compatible with most client applications, such as
Google authenticator.
 2016-01-04 19:04:38 +00:00
Luke Taylor
47d202a90f Add TOTParams data type 
Reduce the arguments to the totp function (most people will use defaults)
and allows validation of the time step value.

Added a top-level module overview.
 2015-12-28 17:23:26 +00:00
Vincent Hanquez
43890b1175 Add support for HKDF (RFC 5869) 2015-12-28 14:32:07 +00:00
Luke Taylor
88a2cd80f6 Add TOTP function and KATs 
Just uses SHA1 for now. HashAlgorithm is ignored.
 2015-12-27 19:13:22 +00:00
Luke Taylor
48f0598cc7 Make OTP resynch values a tuple 
This is clearer than having two separate arguments.
 2015-12-27 18:43:00 +00:00
Luke Taylor
c5b3622562 Add an OTP resynchronize function 
Allows server to reset its counter to the client's current value, given
a sequence of one or more OTP values.
 2015-12-20 23:33:52 +00:00
Luke Taylor
476f7c10d5 One-time password (OTP) implementation 
Initial commit

- Implementation of HOTP algorithm as defined in RFC 4226
- Tests using values from the spec
 2015-12-20 23:04:14 +00:00
John Galt
26976b1583 [blake2] Added reference implementation 
This commit allows the user to select either the portable reference
implementation or the optimized (SSE) implementation.
 2015-12-16 07:49:30 -06:00
kinoru
5a2809a0f8 [ChaChaPoly1305] fix type error of example code 
The example code had a type mismatch.

    Couldn't match expected type ‘State’
                with actual type ‘CryptoFailable State’
    In the second argument of ‘appendAAD’, namely ‘st1’
    In the second argument of ‘($)’, namely ‘appendAAD hdr st1’

This is due to the following part:

    let st1 = ChaChaPoly1305.initialize key nonce
        st2 = ChaChaPoly1305.finalizeAAD $ ChaChaPoly1305.appendAAD hdr st1

`initialize` returns `CryptoFailable State`, not `State`.

This commit fixes the type mismatch, changes the return type of the
example function to `CryptoFailable ByteString`, and makes the code
to be immediately copy-and-paste-able.
 2015-12-03 18:05:04 +00:00
Maciej Pietrzak
6020bde0e2 Add support_blake2 flag. 2015-11-30 22:17:21 +01:00
Vincent Hanquez
812b5d1aed [blake2] uncapitalize the modules and types as it's not abbreviation. 2015-11-19 14:24:54 +00:00
Vincent Hanquez
fae5f084cf [Blake2] define the algorithm as a multiple algorithm so that the output digest size is explicit in the digest types. 2015-11-19 12:10:14 +00:00
Vincent Hanquez
69f9d225eb [hash] trim hash algorithm with multiple output size. 
The output size is now passed by parameter to the finalize function
instead of being stored in the context. that simplify quite a
bit the passing of this parameter
 2015-11-19 11:52:21 +00:00
Vincent Hanquez
ad285be68c [Hash] tweak internal C API to have the hashlen 2015-11-19 11:37:38 +00:00
Vincent Hanquez
2785a50228 Merge pull request #42 from Rufflewind/master 
Document the arguments for DH.generateParams
 2015-11-18 21:51:53 +00:00
Vincent Hanquez
6ae67d5c91 Merge pull request #46 from centromere/nonce-fix 
Fix endianness of incrementNonce function for ChaChaPoly1305
 2015-11-18 16:52:27 +00:00
Vincent Hanquez
093f1af8e4 Merge pull request #41 from kinoru/master 
Fix typo: Kekkak -> Keccak
 2015-11-18 15:38:19 +00:00
John Galt
53270f1ef6 Removed unused language extension 2015-11-16 13:13:18 -05:00
John Galt
320186cdd1 Fix endianness of incrementNonce function for ChaChaPoly1305 2015-11-16 12:59:01 -05:00
John Galt
880dfae098 Added BLAKE2 support 2015-11-12 12:33:20 -05:00
Vincent Hanquez
da2f445690 [Poly1305] fix size of Authentication tag creation from Bytestring 2015-11-06 22:00:49 +00:00
Vincent Hanquez
d47ae454d5 [Poly1305] Add a way to create AuthTag from ByteArray. 2015-11-05 15:02:50 +00:00
Vincent Hanquez
7928198923 [doc] Add missing documentation call 2015-11-04 15:18:05 +00:00
Vincent Hanquez
7bd3a8f892 [ChaChaPoly1305] Document everything 2015-11-04 15:17:32 +00:00
Phil Ruffwind
fba0565d78 Document the arguments for DH.generateParams 
Also fix the formatting in the docs of Serialize.i2ospOf
 2015-11-03 20:20:53 +08:00
Vincent Hanquez
2191dddf5b [Curve25519] use the Crypto.Error api instead of an Either type for parsing types 2015-11-02 11:17:19 +00:00
kinoru
558c21491e Fix typo: Kekkak -> Keccak 
The SHA-3 winning algorithm's name is Keccak (pronounced "catch-ack"),
not Kekkak.

- <http://keccak.noekeon.org/>
- <http://www.nist.gov/itl/csd/sha-100212.cfm>
- <https://en.wikipedia.org/wiki/SHA-3>
 2015-10-27 14:56:42 +00:00
John Galt
55c6988a6e Added support for incrementing Nonces 2015-10-05 14:08:08 -04:00
Vincent Hanquez
c94df41f02 [ECC] fix compilation of missing numBits 2015-09-22 17:48:43 +01:00
Vincent Hanquez
b63dc38c49 [ECC] add generate for ECC generic's scalar and point Base Multiplication helper. 2015-09-22 17:23:22 +01:00
Vincent Hanquez
08a8155f12 [P256] add function to generate a new scalar, and to get the base point. 2015-09-22 17:22:13 +01:00
Vincent Hanquez
9a1f06e3e8 [ECC] add curveSizeBits 2015-09-22 17:21:35 +01:00
Luke Taylor
6d33b66245 BCrypt module doc updates 
- Add doctest style example usage
- List most relevant functions
- Reformat comments
- Minor corrections and additions
 2015-09-01 15:22:58 +01:00
Vincent Hanquez
71fe77da68 [endianess] fix some issues on non supported arches 2015-08-28 17:10:27 +01:00
Joachim Breitner
507a8f8cea Use mkLE, not LE 
to make sure the conversion to little endian is actually happening. This
fixes a test failure in ChaChaPoly1305. Fixes #31.
 2015-08-27 14:52:37 +02:00
Vincent Hanquez
ea8cb2d45a [blowfish] remove unnecessary list of word32 for the schedule 
Just use the binary's array directly
 2015-08-27 10:57:28 +01:00
Luke Taylor
f346c46243 Add BCrypt module doc and a validatePasswordEither fn 2015-08-26 10:33:36 +01:00
Luke Taylor
39d5eb13fe Add bcrypt password hashing and validation API 2015-08-26 10:33:36 +01:00
Luke Taylor
2566e46185 Implement the eksBlowfish function 
This modifies the standard blowfish key schedule function to accept an
optional salt and cost as used in bcrypt and modifies the algorithm
accordingly to implement the "expensive" version.

The standard blowfish version is just the same but with a salt value of
zero and a single call to the expandKey function. See the original
bcrypt paper for more details.
 2015-08-26 10:33:35 +01:00
Luke Taylor
08ebde2f09 Modify creation of Blowfish key schedule 
Changes to create it from an array of Word32, instead of using
mutableArray32FromAddrBE, which seems to reverse the words.
 2015-08-26 10:33:35 +01:00
Vincent Hanquez
cd8f70e062 [Padding] add PKCS5/PKCS7 padding/unpadding methods 2015-08-18 12:03:05 +01:00
Vincent Hanquez
4653f36d19 [Poly1305] add NFData for Tag. 2015-07-30 14:40:35 +01:00