cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,132 Commits 1 Branch 0 Tags 32 MiB
1621448f6c
Commit Graph

3132 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Frank Denis
1621448f6c Consistent spacing 2017-11-06 21:31:46 +01:00
Frank Denis
fd14a458d7 Use verbose prototypes 
Having only parameter types in prototypes is confusing.
So, include parameter names as well.
 2017-11-06 20:19:50 +01:00
Frank Denis
780974a109 sc_* -> sc25519_* 2017-11-06 20:13:47 +01:00
Frank Denis
e371a870f3 ge_* -> ge25519_* 2017-11-06 20:05:33 +01:00
Frank Denis
fb2e83a4d1 fe -> fe25519 2017-11-06 19:40:28 +01:00
Frank Denis
4bd6196c96 Move functions not worth inlining back to core 2017-11-06 15:06:21 +01:00
Frank Denis
221350c78a Import fe constants 2017-11-06 14:35:41 +01:00
Frank Denis
f523ea1656 Regen MSVC files 2017-11-06 14:33:39 +01:00
Frank Denis
f954997fc3 Move field arithmetic to include/private/, and make everything static 
to get some inlining.
 2017-11-06 14:32:01 +01:00
Frank Denis
2e7b8e1de9 Still #define the fe & ge types for now 2017-11-06 11:47:00 +01:00
Frank Denis
55a6b6bb46 Remove these useless #define 2017-11-06 11:42:02 +01:00
Frank Denis
1e57b1d455 Update comment 2017-11-06 11:10:29 +01:00
Frank Denis
d2b1d224db Update after donna and ref10 merge 2017-11-06 11:07:26 +01:00
Frank Denis
7eacdc6ff0 Remove X25519-donna 2017-11-06 11:03:18 +01:00
Frank Denis
cdfd98e908 Move fe_cswap and fe_scalar_product to core 2017-11-06 10:52:03 +01:00
Frank Denis
8730d16d4b Fix comment 2017-11-06 02:09:47 +01:00
Frank Denis
0a20032a8f KNF 2017-11-06 02:00:32 +01:00
Frank Denis
a5b9c381e5 Shrink x25519_donna_c64; reuse functions from core 2017-11-06 01:57:05 +01:00
Frank Denis
1947a49020 Symbolically clear the round keys after aes256gcm_(en|de)crypt() 
Fixes #617
 2017-11-05 23:46:55 +01:00
Frank Denis
820bf58b93 Reduce the diff between fe_25_5/fe.h and fe_51/fe.h 2017-11-05 21:27:53 +01:00
Frank Denis
f49dd35fdf Update paths 2017-11-05 18:26:25 +01:00
Frank Denis
bfd656b67b core/25519: Use 51-bit limbs on platforms supporting 128 bit arithmetic 2017-11-05 17:50:15 +01:00
Frank Denis
bd82e08337 Move 25.5 bit field arithmetic to ref10/fe_25_5 2017-11-05 17:35:22 +01:00
Frank Denis
5cde320a08 Add pwhash functions to non-sumo wasm builds 
Server relief is important.
 2017-11-05 13:44:29 +01:00
Frank Denis
9f71f5aade Ed25519 synthetic nonces: pad to 128 bytes boundaries, not 16. 
Spotted by Trevor Perrin. Good catch, thanks!
 2017-11-04 09:53:44 +01:00
Frank Denis
e52ab67322 Detect ctgrind 2017-11-03 17:15:02 +01:00
Frank Denis
b45d52a8cf Tolerate sodium_crit_leave() to be called on an unlocked mutex 2017-11-03 15:46:19 +01:00
Frank Denis
8e364d29db Move d2 definition close to the d definition 2017-11-01 19:38:16 +01:00
Frank Denis
f57fcb9c26 Use the correct type for the cmov mask 2017-11-01 19:37:34 +01:00
Frank Denis
8d5b6b1fc9 Leave and immediately reenter the critical section in sodium_misuse() 
Keep running everything in the critical section from there.
 2017-11-01 01:45:02 +01:00
Frank Denis
802830e4e6 Regen precomputation tables 2017-11-01 00:08:34 +01:00
Frank Denis
a366ea0839 Tidy up curve25519_ref10, remove comments that are not relevant any more 2017-10-31 20:22:48 +01:00
Frank Denis
a3f96045d4 Remove ge_scalarmult_vartime() which is not used any more 2017-10-31 16:10:51 +01:00
Frank Denis
0b734963db edwards25519sha512batch_open(): check order before decoding instead of after 2017-10-31 16:09:43 +01:00
Frank Denis
1cd0633186 Accept non-canonical PKs if ED25519_COMPAT is defined 2017-10-31 16:08:45 +01:00
Frank Denis
5808b83092 ed25519_open(): reject all small order public keys and non-canonical representations 2017-10-31 16:07:01 +01:00
Frank Denis
ce56bb596f edwards25519sha512batch: reuse ge_scalarmult() 
Check public key and R order by the way.
 2017-10-31 15:56:31 +01:00
Frank Denis
52fce922f4 Add constant-time edx recovery; use it in ed25519_scalarmult() 2017-10-31 15:41:40 +01:00
Frank Denis
5468c39d7d Don't hardcode the number of rounds 2017-10-28 21:36:01 +02:00
Michael Ellery
5dcf78a14c CMake find module fixes for static linking: (#621) 
Enclose option() declaration in a defined check to allow simple caller
set() use case. Provide default static lib name for find_library since
pkgconfig for libsodium currently does not provide it.
 2017-10-27 22:01:20 +02:00
Frank Denis
68d8e33a55 blake2: use the same code on little & big endian for finalization 2017-10-24 22:35:23 +02:00
Frank Denis
5935cf7a7e Use uint instead of uint64_t for SHA* padding 
Workaround for a clang bug
 2017-10-24 21:57:30 +02:00
Frank Denis
58fa4172a5 Use the output buffer as a temporary buffer to store clamped private scalars 
This might help avoid leaving a copy of the scalar on the stack.

Also use the same parameters names in donna as other implementations.
Maybe not the best possible names, but at least, things are consistent.
 2017-10-24 17:41:32 +02:00
Frank Denis
e254a654dc Return -1 is the scalar was zero 
This realistically only happen on misuse or with a completely broken PRG.

Calling misuse() would be a bit too intrusive here. So, we still store
the result (might be better than uninitialized memory if the application
doesn't check the return code), but return -1.
 2017-10-24 17:25:37 +02:00
Frank Denis
c150ceb677 Clear the high bit the same way everywhere 2017-10-24 17:10:16 +02:00
Frank Denis
7e75ad4ca9 Remove unused var 2017-10-23 23:43:19 +02:00
Frank Denis
134eb2c29d Add a comment on scalarmult usage 2017-10-23 16:27:04 +02:00
Frank Denis
8996c7d53d Regen emscripten symbols 2017-10-23 16:13:01 +02:00
Frank Denis
f5076db5f8 Do not include scalarmult_ed25519 in minimal builds 2017-10-23 16:12:06 +02:00
Frank Denis
b5797ec61f Add scalarmult_ed25519_base, correct is_canonical() test, add clamping helper, 
check that the result of scalarmult_ed25519() is not the point at infinity
 2017-10-23 15:36:40 +02:00