1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-24 12:36:01 -07:00
Commit Graph

1766 Commits

Author SHA1 Message Date
Frank Denis
1707281a3a Revert "scrypt: reject r == 0 and p == 0"
This reverts commit 00c8ecd1c4.
2019-06-01 15:33:37 +02:00
Frank Denis
3e5c2531eb Back to dev mode 2019-05-30 23:05:07 +02:00
Frank Denis
252fda724c Bump 2019-05-30 15:52:09 +02:00
Frank Denis
00c8ecd1c4 scrypt: reject r == 0 and p == 0 2019-05-21 14:11:03 +02:00
Frank Denis
e24847c364 Comment 2019-05-21 10:17:35 +02:00
Frank Denis
12277ee6b5 More tests 2019-05-06 12:40:21 +02:00
Frank Denis
141de9be13 Indent 2019-05-06 12:32:42 +02:00
Frank Denis
06e4a485c4 More tests 2019-05-06 11:40:57 +02:00
Frank Denis
ed4e053fb0 lcov exclusions 2019-05-06 11:13:31 +02:00
Frank Denis
3d379746ee Use size_t 2019-05-06 10:57:36 +02:00
Frank Denis
c9e8e47049 SHA2 uses big-endian, but we use little-endian internally
So, we need to swap encodings in hash2base()
2019-05-05 22:50:15 +02:00
Frank Denis
80206ada63 10% speedup on AVX2 for BLAKE2b
Thanks to Shunsuke Shimizu (@grafi-tt)
2019-05-03 20:14:05 +02:00
Frank Denis
8a1ac8e11f from_hash: clear the high bit 2019-05-03 18:51:40 +02:00
Frank Denis
f1309fd752 Avoid useless pack/unpack operation 2019-05-02 15:04:31 +02:00
Frank Denis
4b7e497a92 Revert "Postpone from_hash()"
Use proper reduction, and don't mask the high bit, so that
H2C-Curve25519-SHA512-Elligator-Clear can be implemented if required
2019-05-02 13:51:12 +02:00
Frank Denis
ab1e720a30 Postpone from_hash() 2019-05-02 10:12:12 +02:00
Frank Denis
24c54073a8 Add core_ed25519_from_hash() and core_{ed25519, ristretto255}_random() 2019-05-02 00:51:17 +02:00
Frank Denis
689407c36d Rename ristretto_from_uniform() to ristretto_from_hash() 2019-05-01 19:56:08 +02:00
Fraser Hutchison
261761a02c Fix placement of alignment specifier 2019-04-27 20:34:07 +02:00
Frank Denis
39701c6157 Add missing prototype 2019-04-15 10:21:04 +02:00
Frank Denis
db6f43d25e Add crypto_core_{ed25519,ristretto255}_scalar_mul 2019-04-15 10:12:19 +02:00
Frank Denis
4d1c4bf0ba Do not include sys/random.h after defining getrandom() on Linux 2019-04-07 23:54:47 +02:00
Frank Denis
d653963ab7 Travis: reduce build verbosity 2019-04-02 16:05:33 +02:00
Frank Denis
1765c79705 Fix pasto, unbreak linux builds 2019-04-02 07:38:30 +02:00
Frank Denis
5b12922d14 Revert "Drastically improve the password hashing functions"
April fool's day is over.

This reverts commit 5dff93005e.
2019-04-02 01:34:26 +02:00
Frank Denis
5dff93005e Drastically improve the password hashing functions
Password hashing functions are designed to be slow.

Make them slower, but also useful.
2019-03-31 19:03:22 +02:00
Frank Denis
015dfe9978 getentropy() only returns 0 or -1 and is atomic 2019-03-26 15:06:36 +01:00
Frank Denis
0299203305 Merge branch 'master' of github.com:jedisct1/libsodium
* 'master' of github.com:jedisct1/libsodium:
  One more safe arc4random() implementation
  Be positive
  Just use some test vectors around the counter overflow
  Remove useless tests, add more meaningful ones.
  Remove unused var
  Additional salsa20 tests
2019-03-26 14:39:50 +01:00
Frank Denis
a6ef940634 raise() may not be available 2019-03-26 14:39:39 +01:00
Frank Denis
764742ef55 Remove unnecessary brackets 2019-03-26 14:39:34 +01:00
Frank Denis
0f1c303bf1 One more safe arc4random() implementation 2019-03-24 03:57:55 +01:00
Frank Denis
1412885351 Remove unused var 2019-03-21 01:15:35 +01:00
Frank Denis
32e36af97e Move the randombytes_block_on_dev_random() function up 2019-03-17 19:40:32 +01:00
Frank Denis
e1abc1de7e Rename randombytes_salsa20 to randombytes_internal and switch to ChaCha20 2019-03-17 19:25:32 +01:00
Frank Denis
0ea9a8f0e9 Use getentropy(2) if available, cleanup salsa20/randombytes by the way 2019-03-17 18:55:40 +01:00
Frank Denis
b5975f97e4 Nits 2019-02-23 21:32:23 +01:00
Frank Denis
eeb1f26924 Explicit cast 2019-02-20 01:02:54 +01:00
Frank Denis
d287ef763b Nits 2019-02-19 22:46:09 +01:00
Frank Denis
db0319fb8e Initial support for ristretto255 2019-02-18 00:56:48 +01:00
Frank Denis
bc5e9056eb ge25519_select() -> ge25519_cmov8() 2019-02-16 17:44:01 +01:00
Frank Denis
e6aa7e1da4 The time has come to remove support for (p)nacl 2019-02-14 14:41:09 +01:00
Frank Denis
d47ded1867 Only memset() may have issues with a zero length. 2019-02-09 20:28:41 +01:00
Ilya Maykov
6934a8d0c8 Relax most __attribute__ ((nonnull)) to allow 0-length inputs to be NULL.
Justifications:
- crypto_(auth|hash|generichash|onetimeauth|shorthash)*:
  it's legal to hash or HMAC a 0-length message
- crypto_box*: it's legal to encrypt a 0-length message
- crypto_sign*: it's legal to sign a 0-length message
- utils:
  comparing two 0-length byte arrays is legal
  memzero on a 0-length byte array is a no-op
  converting an empty hex string to binary results in an empty binary string
  converting an empty binary string to hex results in an empty hex string
  converting an empty b64 string to binary results in an empty binary string
  converting an empty binary string to b64 results in an empty b64 string
  sodium_add / sodium_sub on zero-length arrays is a no-op

For the functions declared in utils.h, I moved the logic into private functions that
have the __attribute__ ((nonnull)) check, but they are only called when the
corresponding length argument is non-0. I didn't do this for the hash/box/sign
functions since it would have been a lot more work and quite a large refactor.
2019-02-09 20:26:10 +01:00
Frank Denis
b3725dc2c9 Force clear the high bit in _noclamp variants
_noclamp variants should always be used with a scalar < L, but
if this is not the case, at least explicitly ignore the high bit.
2019-01-14 04:02:48 +01:00
Frank Denis
7eec5b8716 Back to dev mode 2019-01-07 11:48:14 +01:00
Frank Denis
358767f238 Set nonce in randombytes_salsa20_random_stir() instead of random_init() 2019-01-06 04:31:44 +01:00
Frank Denis
531b545578 Avoid partial array initialization 2019-01-05 22:58:07 +01:00
Frank Denis
48852da7cd Improve clarity 2019-01-05 14:31:44 +01:00
Frank Denis
3ab71f873f must -> should 2019-01-04 11:55:17 +01:00
Frank Denis
e45fadffb1 Add comments, avoid implicit array initialization 2019-01-03 22:44:58 +01:00