1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-25 04:55:07 -07:00
Commit Graph

1535 Commits

Author SHA1 Message Date
Frank Denis
134eb2c29d Add a comment on scalarmult usage 2017-10-23 16:27:04 +02:00
Frank Denis
f5076db5f8 Do not include scalarmult_ed25519 in minimal builds 2017-10-23 16:12:06 +02:00
Frank Denis
b5797ec61f Add scalarmult_ed25519_base, correct is_canonical() test, add clamping helper,
check that the result of scalarmult_ed25519() is not the point at infinity
2017-10-23 15:36:40 +02:00
Frank Denis
d3cce09f4e Update prototype (fe_isnonzero() -> fe_iszero()) 2017-10-23 15:35:20 +02:00
Frank Denis
f1e9acef5c Rename crypto_sign_ed25519_scalarmult() to crypto_scalarmult_ed25519() 2017-10-23 13:22:34 +02:00
Frank Denis
89bc2d6976 *_is_less_than_*() -> *_is_canonical()
and reject non-canonical public keys in ed25519_scalarmult()
2017-10-23 01:09:38 +02:00
Frank Denis
15649c5849 + ge_is_less_than_p() 2017-10-23 00:00:25 +02:00
Frank Denis
9acbc82a6d Comment 2017-10-22 23:00:37 +02:00
Frank Denis
7ae346a54a Order 2017-10-22 21:17:03 +02:00
Frank Denis
afabd7e738 Remove neg parameter; always check with both signs; adjust blacklist 2017-10-22 20:59:54 +02:00
Frank Denis
0b835b4479 + ge_is_on_curve() 2017-10-22 17:44:51 +02:00
Frank Denis
88417977e3 Move a couple functions from crypto_sign to crypto_core/curve25519
This improves clarity and makes it easier to reuse these in a
different context.

Also change fe_isnonzero() to fe_zero() and make it work as
documented.
2017-10-21 21:24:25 +02:00
Frank Denis
9fc0ece3d9 Remove unused blake2b code 2017-10-21 20:00:56 +02:00
Frank Denis
3d374fe8a9 Define uint128_t only once in private/common.h 2017-10-21 19:59:16 +02:00
Frank Denis
5a6deebd39 Add an argument to ed25519_small_order to optionally invert the sign 2017-10-20 16:07:52 +02:00
Frank Denis
bab680f35b Implement crypto_sign_ed25519_scalarmult() 2017-10-20 02:06:02 +02:00
Frank Denis
fe5d65853b Remove extraneous "return" 2017-10-19 23:49:32 +02:00
Frank Denis
2e8d656029 Move precomputed table where it's actually used 2017-10-19 23:13:28 +02:00
Frank Denis
8a1e08cc52 Define a generic ge_select() in additino to ge_select_base() 2017-10-19 23:11:52 +02:00
Frank Denis
fc3a62a493 cmov() -> ge_cmov() ; ge_select() -> ge_select_base() 2017-10-19 22:57:09 +02:00
Frank Denis
a944db7a76 slide() -> slide_vartime() and move comments to the right place 2017-10-19 22:11:43 +02:00
Frank Denis
f783552773 Just use constants instead of macros
In this context, they are actually less confusing.
2017-10-12 13:14:25 +02:00
Frank Denis
b1bf478086 Repair crypto_sign_ed25519_seed_keypair() 2017-10-12 13:05:57 +02:00
Frank Denis
18ab679429 sk is actually skpk, so use the right size in the prototype 2017-10-11 21:45:39 +02:00
Frank Denis
f54c6db981 sign_keygen(): don't hash the secret scalar in non-deterministic mode 2017-10-11 21:27:48 +02:00
Frank Denis
68feb75f1d nonce -> Z for clarity 2017-10-11 18:15:36 +02:00
Frank Denis
ebb614cb0e Improve clarity
No need to clamp the key prior to computing a synthetic nonce
2017-10-11 18:09:30 +02:00
Frank Denis
90f5b55a0a Move computation of synthetic nonces to a dedicated function
for clarity
2017-10-06 22:01:06 +02:00
Frank Denis
067cd6749d inline 2017-10-06 21:41:35 +02:00
Frank Denis
d56007a6fa crypto_sign(): memzero the nonce after use 2017-10-06 21:35:52 +02:00
Frank Denis
291859874b Use the generalized eddsa algorithm for non-deterministic r 2017-10-06 21:28:02 +02:00
Frank Denis
9f98f2329c Back to dev mode 2017-10-06 15:37:24 +02:00
Frank Denis
0dd8338b83 Add a compile-time switch to create non-deterministic signatures 2017-10-06 15:35:07 +02:00
Frank Denis
affaecabcd Include prototypes before declarations 2017-10-05 10:15:24 +02:00
Frank Denis
d3e20869af crypto_pwhash_ALG_DEFAULT is now Argon2id 2017-10-01 12:12:13 +02:00
Frank Denis
d49d7e8d4f pwhash: don't enforce the same limits for argon2i and argon2id
Fixes #606

Also, keep enforcing a minimum number of iterations to create argon2i
hashes, but relax that restriction for verification, as it can be
useful to migrate from hashes made using other libraries.
2017-10-01 11:02:46 +02:00
Frank Denis
2542367c2d secretstream: set the initial counter to 1
Avoids using the first block for two different purposes, and will be more
consistent with the AES-based version.

This breaks backwards compatibility, but better do it now that most distro are
still shipping < 1.0.14, that no applications seem to be already using that new
API, and that there will be an update to the library major due to the aes128ctr
removal.
2017-10-01 10:08:04 +02:00
Frank Denis
96be673f82 Remove aes128ctr 2017-09-27 15:07:54 +02:00
Frank Denis
2a9c81b5c4 Explain why pwhash parameters must be stored 2017-09-26 21:33:54 +02:00
Frank Denis
93c386cb6c Mention when the state will eventually be cleared 2017-09-26 21:28:08 +02:00
Frank Denis
d338ae9512 Properly support Argon2id in crypto_pwhash() 2017-09-26 17:12:58 +02:00
Frank Denis
491f785274 deinit 2017-09-25 16:33:30 +02:00
Frank Denis
94550cefd5 Remove dev #warning 2017-09-21 11:41:01 +02:00
Frank Denis
3e0b4dec6e Add sodium_base64_encoded_len() 2017-09-21 11:25:09 +02:00
Frank Denis
4ce2856a5d Avoid negations on unsigned values 2017-09-21 11:23:37 +02:00
Frank Denis
7e06a6a991 Annotate 2017-09-21 00:30:37 +02:00
Frank Denis
91233a0143 Tag salsa208 as deprecated 2017-09-19 23:56:12 +02:00
Frank Denis
3db75fc647 No need for ge_scalarmult_vartime() in minimal mode 2017-09-19 22:16:49 +02:00
Frank Denis
7423408cd3 Make the behavior of hex2bin() consistent with base642bin()
Return -1 on incomplete sequences and on complete sequences
with trailing, non-ignored characters if no pointers to store the
last parsed byte has been provided
2017-09-19 18:45:23 +02:00
Frank Denis
c7fe84cfb0 Skip trailing ignored characters in base64 decoding 2017-09-19 15:09:29 +02:00