haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
998 Commits 15 Branches 30 Tags 2.5 MiB
e7b3abebf8
Commit Graph

555 Commits

Author SHA1 Message Date
Vincent Hanquez
110ad7b510 Merge pull request #188 from ocheron/hash-tutorial 
More content for Crypto.Tutorial
 2017-09-18 20:54:40 +09:00
Vincent Hanquez
57fc438c83 typo in documentation 2017-09-18 10:32:21 +01:00
Olivier Chéron
bb2363eea7 Add CAST5 aka CAST-128 
Haskell translation of RFC 2144.
 2017-09-17 11:28:56 +02:00
Olivier Chéron
c6c715f465 Add note about Digest implementing ByteArrayAccess 2017-08-22 20:39:29 +02:00
Olivier Chéron
007f69c557 Add Crypto.Hash examples to tutorial 2017-08-22 20:39:27 +02:00
Olivier Chéron
80ed642f85 Add introduction to tutorial 2017-08-22 20:39:24 +02:00
Vincent Hanquez
9d43c332de fix digest size for nat-typed blake2 2017-07-08 07:58:09 +01:00
Vincent Hanquez
ccc3930072 Merge pull request #182 from haskell-crypto/hash-type-nat 
Add HashBlockSize & HashDigestSize & HashInternalContextSize type family
 2017-07-07 21:45:22 +01:00
Vincent Hanquez
d13ce585ab add further unrolling of Div8 to match Mod8 2017-07-07 21:44:29 +01:00
Vincent Hanquez
b18ec653b8 rename bitLen -> bitlen. GHC 8.2 is stricted about name of type variables 2017-07-07 19:26:59 +01:00
Vincent Hanquez
0dc0f30b86 Add HashBlockSize & HashDigestSize & HashInternalContextSize type family for all Hash algorithms 
supercedes PR #158
 2017-07-07 18:28:06 +01:00
Vincent Hanquez
664a37c16d [ChaCha] only required byteArrayAccess and add a way to convert from binary 2017-07-07 17:32:09 +01:00
Vincent Hanquez
f559c7bd9d [ChaCha] only need ByteArrayAccess for initialization 2017-07-07 17:31:30 +01:00
Olivier Chéron
9b56689885 Check that ECDH and ECIES result is not point-at-infinity 
This guards against invalid public keys when curves have a cofactor.

Fixes #178
 2017-07-05 22:24:22 +02:00
Olivier Chéron
aec6af5de4 Add note about P256 encoding of point-at-infinity 2017-07-05 22:24:22 +02:00
Olivier Chéron
adc192ac17 Add constAllZero 2017-07-05 22:24:22 +02:00
Olivier Chéron
8e274f8e60 Validate output point when calling P256.pointFromBinary 
Function unsafePointFromBinary is added when validation is not needed.
 2017-07-05 22:24:22 +02:00
Fraser Tweedale
f6c1f21e59 clarify padding requirements for PKCS15 encrypt/decrypt 
The types do not say whether it is necessary to apply pad/unpad to
the input/output of the PKCS15 encrypt/decrypt functions.  Add
comments to clarify that it is not necessary to manually pad/unpad
the message.
 2017-06-26 15:30:01 +02:00
Vincent Hanquez
1bcfa2e087 Merge pull request #167 from ocheron/eddsa-minimal 
Improve Curve448 and add Ed448
 2017-06-19 13:49:07 +01:00
Sergei Trofimovich
d911a34258 fix build failure with -f-support_deepseq disabled 
How to reproduce:

```
$ cabal configure -f-support_deepseq
Resolving dependencies...
Configuring cryptonite-0.23...

$ cabal build
Building cryptonite-0.23...
Preprocessing library cryptonite-0.23...
[114 of 120] Compiling Crypto.PubKey.RSA.Types ( Crypto/PubKey/RSA/Types.hs, dist/build/Crypto/PubKey/RSA/Types

Crypto/PubKey/RSA/Types.hs:48:30: error:
    • No instance for (NFData Integer) arising from a use of ‘rnf’
    • In the first argument of ‘seq’, namely ‘rnf n’
      In the expression: rnf n `seq` rnf e `seq` sz `seq` ()
      In an equation for ‘rnf’:
          rnf (PublicKey sz n e) = rnf n `seq` rnf e `seq` sz `seq` ()
```

The fix is to inctoruce 'NFData Integer' instance to `Crypto/Internal/DeepSeq`.

Closes: https://github.com/haskell-crypto/cryptonite/issues/171
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
 2017-06-19 10:37:23 +01:00
Olivier Chéron
e71d9b135c Derive Show,Data,Typeable when defining curve singletons 2017-06-10 14:26:59 +02:00
Olivier Chéron
5c2988716e Validate P256 point when decoding 
Fixes #165.
 2017-06-10 14:26:59 +02:00
Olivier Chéron
a879845434 Add note about the optional all-zero test 
This is actually a lie: the condition is tested in both curve
implementations but not returned by the Haskell API.  Will be a reminder to
add this in the future.  A function 'allocRetAndFreeze' could be useful.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
75e3bd555e Add Show instances for EdDSA secret keys 
Other algorithms define Show instances for their secrets.
Here ScrubbedBytes will obfuscate the content anyway.

Will be useful for X509.PrivKey, which requires a Show instance.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
6805ddd4f7 Add support for Ed448 
This replaces the Diffie-Hellman API that was previously exported.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
6fb412e2af Use decaf_x448_derive_public_key 2017-06-04 19:25:19 +02:00
Olivier Chéron
23b359d842 Switch Haskell APIs to decaf implementation 
Module 'Curve448' now use decaf.
 2017-06-04 19:25:19 +02:00
Olivier Chéron
ac7eaac523 Simplify Ed25519.generateSecretKey 2017-06-02 19:37:25 +02:00
Olivier Chéron
edd5d94bd4 Make ivAdd more constant-time 
All IV bytes are processed even if accumulator is zero.
 2017-05-31 23:31:29 +02:00
Olivier Chéron
07592ab237 Fix ivAdd overflow behaviour 2017-05-26 09:59:54 +02:00
Olivier Chéron
c6caba88ed Merge pull request #159 from wangbj/patch-1 
Allow sign/verify digest directly
 2017-05-26 09:52:53 +02:00
Baojun Wang
a8902fe119 remove redundant condition test on `hashLen /= B.length mHash` 2017-05-18 21:00:14 -07:00
Elliot Cameron
8971458e06 Fix docs for Argon variants 2017-05-17 17:11:00 -04:00
Baojun Wang
4270f00277 Use `Digest hash` to represent message digest 2017-05-16 10:54:31 -07:00
Baojun Wang
f9a0bc3c53 Allow sign/verify digest directly 
currently sign/verify works on message directly, it would be nice if PSS could sign/verify digest directly. This is useful for:

  1) for some signing server it only has a digest (without message)
  2) message could be very large, for cases when client need request a singing server to sign, it may make more sense for the client to compute digest, then ask server to (PSS) sign the digest
  3) openSSL pkeyutl (PSS) sign operation signs with digest only, not the message, it would be nice to work with openSSL more easily 

*openSSL command line:
```shell
openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1  -pkeyopt digest:sha256 -sign -inkey "pri.key" -in hmac.bin > sig.bin
openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1  -pkeyopt digest:sha256 -verify -inkey "pri.key" -in hmac.bin -sigfile sig.bin
```
 2017-05-15 19:42:19 -07:00
Olivier Chéron
554f0fc701 Restore Haddock comment in tutorial module 
Need to use ordinary comments instead of nested comments
because LANGUAGE pragmas were removed otherwise.

Also adds a table of contents.  We may have other examples
in the future.
 2017-05-05 07:21:52 +02:00
Parnell Springmeyer
94d67ad86d
ed25519: Adding generateSecretKey and a unit test 2017-05-02 16:18:26 -05:00
Vincent Hanquez
67dd8ed7fc [Hash] change Digest to use a foundation UArray that have configurable pinnable memory setting 2017-04-25 14:23:13 +01:00
Vincent Hanquez
a9fd1f079d [Hash] update part of Crypto.Hash.IO to ScopeTypeVariable 2017-04-25 14:22:20 +01:00
Vincent Hanquez
53bd6c13b7 Add missing extension 2017-04-25 14:21:53 +01:00
Vincent Hanquez
ba1dfdf66d [Hash] stylistic improvement using ScopedTypeVariables 
remove the inner function with magic argument in favor of direct
call pinning some types with signature
 2017-04-25 14:16:11 +01:00
Dimitri DeFigueiredo
4aec5fc98e Fix issue #154 2017-04-21 13:51:52 -06:00
Vincent Hanquez
4f988181c7 Merge pull request #150 from SamProtas/twofish 
Twofish
 2017-04-12 07:47:19 +01:00
Kazu Yamamoto
697fe61f9b using pointSize in withTempPoint to fix #151. 2017-04-11 20:32:57 +09:00
Sam Protas
04b4c945c0 Add import to fix backwards compatibility 2017-04-10 00:57:49 -04:00
Sam Protas
762d818ec0 Twofish 192 and 256 bit key support 2017-04-10 00:33:54 -04:00
Olivier Chéron
112d2fbb15 Decrease Argon2 maximum output length 
Fixes #148.
 2017-04-09 17:18:26 +02:00
Sam Protas
b658c8a99b Cleanup and performance 2017-04-04 19:29:40 -04:00
Sam Protas
b1a9c7c047 Performance improvements 2017-04-02 19:36:58 -04:00
Sam Protas
7eedbaa112 Initial implementaiton with passing tests 2017-04-02 18:34:10 -04:00
Vincent Hanquez
2d25b27042 Merge pull request #145 from tdietert/tutorial 
Tutorial Improvement
 2017-03-26 09:27:58 +01:00
tdietert
f639ac9f0d
Update tutorial based on suggestions 2017-03-26 00:47:02 +00:00
tdietert
fd75eac415 Fix Crypto.Tutorial module name 2017-03-19 00:37:36 +00:00
tdietert
ec49ea659e Move language pragmas inside haddocks 2017-03-19 00:02:07 +00:00
tdietert
c76217f75d Added more comprehensive tutorial 2017-03-18 23:57:24 +00:00
Nicolas DI PRIMA
8b6bd1ed5e check for at least one byte and at most 256 or 512 (blake2s or blake2b) 2017-03-13 18:53:07 +00:00
Nicolas DI PRIMA
f0286281fb add new constraints 2017-03-13 18:52:24 +00:00
Nicolas DI PRIMA
c0c33c5254 Use Nat for the Blake2's digest sizes 2017-03-13 00:24:17 +00:00
Nicolas DI PRIMA
cd552ae5f6 move Nat specific to Cryptonite's insternal module 2017-03-13 00:22:53 +00:00
Vincent Hanquez
c4936ce6d8 remove Typeable 2017-02-24 14:03:33 +00:00
Vincent Hanquez
253bf0cb8b Argon2: add working hash function 
* Cleanup argon c files:
  * Remove encoded format and base64 encoder
  * Remove verification code
  * Remove all variants based simple caller
* Add basic hashing function
* Add a simple KAT test
* Define more things at the haskell level
 2017-02-24 13:37:40 +00:00
Vincent Hanquez
26237c5c6d remove spurious header modification 2017-02-19 17:17:49 +00:00
Vincent Hanquez
10d72c8779 remove unneeded extensions 2017-02-19 17:17:35 +00:00
Vincent Hanquez
c342d28436 Compatibility with older version 2017-02-14 23:01:18 +00:00
Vincent Hanquez
343b7593b5 add Constraint for divisibility 2017-02-14 23:01:18 +00:00
Vincent Hanquez
eb661e653e add Typeable for SHAKE 2017-02-14 23:01:18 +00:00
Olivier Chéron
d8ed5ce9f1 Add SHAKE128 and SHAKE256 as HashAlgorithm instances 
Generalizes SHA-3 code for SHAKE support and uses GHC type-level literals
to keep the output length variable.
 2017-02-14 23:01:18 +00:00
Vincent Hanquez
7378fe3f45 add some missing blake2 modes 2017-02-14 16:26:44 +00:00
Vincent Hanquez
634768b2fa add Data also to Hash algorithms 2017-02-14 12:02:26 +00:00
Vincent Hanquez
550a689faf Merge pull request #133 from haskell-crypto/typeable 
add Typeable for all hash algorithms
 2017-02-14 10:37:04 +00:00
Vincent Hanquez
7c33fcedb4 add Typeable to hash algorithm 2017-02-14 10:19:44 +00:00
Vincent Hanquez
e3ef0684f9 Merge pull request #132 from NicolasDP/master 
Add Fast PBKDF2 for SHA1, SHA256 and SHA512
 2017-02-14 09:43:21 +00:00
Nicolas DI PRIMA
002f300021 add fastpbkdf2 with sha512 2017-02-11 14:08:27 +00:00
Nicolas DI PRIMA
4189aa9389 Port Fast PBKDF2 for sha1 and sha256 2017-02-11 14:08:23 +00:00
Vincent Hanquez
d2a8763918 Merge pull request #125 from colatkinson/fix_prime_size 
Fix generated primes being too large
 2017-02-09 07:48:16 +00:00
Vincent Hanquez
e76bbaa8a7 Merge pull request #63 from tekul/otp 
[For Review] HOTP and TOTP implementation
 2017-01-29 20:09:29 +00:00
Olivier Chéron
f832c328d0 Use new module name Crypto.PubKey.Curve448 2017-01-19 20:26:25 +01:00
Olivier Chéron
6d4a2bb707 Rename Ed448 to Curve448 
This makes the API uniform for both D-H functions, avoids
confusion and leaves the name Ed448 available for EdDSA.
 2017-01-19 20:26:25 +01:00
Colin Atkinson
345f4cd141 Fix bug in isProbablyPrime for small numbers 
Fix bug in isProbablyPrime where too many iterations were specified for numbers less than 100

Add clause to isProbablyPrime to use hardcoded values <= 2903
 2017-01-19 00:11:39 -05:00
Colin Atkinson
0cec622ddf Fix generate(Safe)Prime to guarantee prime size 
Add check for size in generatePrime

Add size test in generateSafePrime

Require only that top bit is set, instead of top 2

This is the general standard, see e.g. OpenSSL

Add an error for too few bits being supplied to prime generator, and add documentation

Add some documentation and require highest two bits set

Simplify return syntax in generatePrime and generateSafePrime

Switch exponent to bit-shift for small performance boost
 2017-01-19 00:10:50 -05:00
Vincent Hanquez
fab2ab62f3 Merge pull request #118 from tmciver/master 
Add key length validation to several AES Ciphers.
 2016-12-09 10:59:17 +00:00
Vincent Hanquez
4b34abe310 add support For Ed448 in Crypto.ECC. fix #121 2016-12-09 06:42:50 +00:00
Tim McIver
f5efdee75b Add key length validation to several AES Ciphers. 2016-12-06 22:06:57 -05:00
Kazu Yamamoto
9845734b2b fixing P256 endian. 2016-12-05 13:34:54 +09:00
Kazu Yamamoto
1ba4871032 fixing P256 binary format. 2016-12-05 13:34:33 +09:00
Vincent Hanquez
07bfa10ad7 fix proxy 2016-12-02 21:07:13 +00:00
Vincent Hanquez
6e1d18f6c2 use the correct compat imports 2016-12-02 16:29:49 +00:00
Vincent Hanquez
a9b722b492 Add missing compatibility modules 2016-12-02 15:48:05 +00:00
Vincent Hanquez
f627bf437a make a faster and more secure related to memory blits of pointDh for P256 2016-12-02 15:47:51 +00:00
Vincent Hanquez
5e52a7ffa2 use binary serializer for P256 instead of going through the simple point layer 2016-12-02 15:28:36 +00:00
Vincent Hanquez
052417e5b1 properly check for point validity before making a point 2016-12-02 15:28:03 +00:00
Vincent Hanquez
922bed5ac5 add some documentation to ECIES 2016-12-02 15:03:19 +00:00
Vincent Hanquez
8b5a36f44e fix ECIES to work with the rewrite 2016-12-02 15:03:08 +00:00
Vincent Hanquez
7e6d7ccb1c complete rewrite of the type class 
Now there's no type created by associated type, it just become a routing type class,
however this has a cost, since the associated type are not injective,
requiring more witness for the curve than before.
 2016-12-02 15:02:48 +00:00
Vincent Hanquez
955f010bff add internal proxy type to create witnesses 2016-12-02 15:00:05 +00:00
Vincent Hanquez
11e42a256d add the binding to get the size by bytes 2016-12-02 14:59:46 +00:00
Vincent Hanquez
422c5fdb09 remove reference to the old api in the documentation 2016-12-02 11:36:48 +00:00
Vincent Hanquez
07b6e80b6d Rewrite EC primitive and types to have the curve as type 2016-12-01 16:56:28 +00:00
Vincent Hanquez
f1ebbff464 fixup haddock markup 2016-12-01 16:55:17 +00:00
Vincent Hanquez
f37d0b79ec remove arithmetic on Curve25519. it's mathematically not possible 2016-12-01 12:53:56 +00:00