ff8a1c524d
In preparation of an implementation of the bcrypt_pbkdf (a variant of PBKDF2 used by OpenSSH) algorithm, certain low-level operations of the Blowfish algorithm need to be generalized and exposed. The Blowfish.Primitive module has already been extended to account for the requirements imposed by the BCrypt algorithm, but the salt length was limited to 16 bytes and the BCrypt specific key schedule setup has been hard-coded into the Blowfish module. This commit makes a clear distintion between the expandKey and expandKeyWithSalt operation. Both take arbitrary sized salts and keys now. The specialized operation for 16 byte salts as used by BCrypt has been preserved and is selected automatically. Also, the BCrypt specific parts have been move to the BCrypt module with regard to separation of concern. A benchmark for generating BCrypt hashes with cost 10 shows a performance improvement from 158 to 141ms on average (Intel i5-6500) after this refactoring. Further experiments suggest that the specialized expandKeyWithSalt128 does not have any advantage over the generalized version and might be removed in favour of less branches and exceptional behaviour. |
||
|---|---|---|
| benchs | ||
| cbits | ||
| Crypto | ||
| gen | ||
| tests | ||
| .gitignore | ||
| .haskell-ci | ||
| .travis.yml | ||
| CHANGELOG.md | ||
| CONTRIBUTING.md | ||
| cryptonite.cabal | ||
| cryptonite.externals | ||
| cryptonite.sublime-project | ||
| LICENSE | ||
| Makefile | ||
| QA.hs | ||
| README.md | ||
| Setup.hs | ||
cryptonite
Cryptonite is a haskell repository of cryptographic primitives. Each crypto algorithm has specificities that are hard to wrap in common APIs and types, so instead of trying to provide a common ground for algorithms, this package provides a non-consistent low-level API.
If you have no idea what you're doing, please do not use this directly. Instead, rely on higher level protocols or implementations.
Documentation: cryptonite on hackage
Stability
Cryptonite APIs are stable, and we only strive to add, not change or remove. Note that because the API exposed is wide and also expose internals things (for power users and flexibility), certains APIs can be revised in extreme cases where we can't just add.
Versioning
Next version of 0.x is 0.(x+1). There's no exceptions, or API related meaning
behind the numbers.
Each versions of stackage (going back 3 stable LTS) has a cryptonite version
that we maintain with security fixes when necessary and are versioned with the
following 0.x.y scheme.
Coding Style
The coding style of this project mostly follows: haskell-style
Support
See Haskell packages guidelines
Known Building Issues
On OSX <= 10.7, the system compiler doesn't understand the '-maes' option, and with the lack of autodetection feature builtin in .cabal file, it is left on the user to disable the aesni. See the [Disabling AESNI] section
Disabling AESNI
It may be useful to disable AESNI for building, testing or runtime purposes. This is achieved with the support_aesni flag.
As part of configure of cryptonite:
cabal configure --flag='-support_aesni'
or as part of an installation:
cabal install --constraint="cryptonite -support_aesni"
For help with cabal flags, see: stackoverflow : is there a way to define flags for cabal