Frank Denis
18ab679429
sk is actually skpk, so use the right size in the prototype
2017-10-11 21:45:39 +02:00
Frank Denis
f54c6db981
sign_keygen(): don't hash the secret scalar in non-deterministic mode
2017-10-11 21:27:48 +02:00
Frank Denis
68feb75f1d
nonce -> Z for clarity
2017-10-11 18:15:36 +02:00
Frank Denis
ebb614cb0e
Improve clarity
...
No need to clamp the key prior to computing a synthetic nonce
2017-10-11 18:09:30 +02:00
Frank Denis
90f5b55a0a
Move computation of synthetic nonces to a dedicated function
...
for clarity
2017-10-06 22:01:06 +02:00
Frank Denis
067cd6749d
inline
2017-10-06 21:41:35 +02:00
Frank Denis
d56007a6fa
crypto_sign(): memzero the nonce after use
2017-10-06 21:35:52 +02:00
Frank Denis
291859874b
Use the generalized eddsa algorithm for non-deterministic r
2017-10-06 21:28:02 +02:00
Frank Denis
9f98f2329c
Back to dev mode
2017-10-06 15:37:24 +02:00
Frank Denis
0dd8338b83
Add a compile-time switch to create non-deterministic signatures
2017-10-06 15:35:07 +02:00
Frank Denis
affaecabcd
Include prototypes before declarations
2017-10-05 10:15:24 +02:00
Frank Denis
d3e20869af
crypto_pwhash_ALG_DEFAULT is now Argon2id
2017-10-01 12:12:13 +02:00
Frank Denis
d49d7e8d4f
pwhash: don't enforce the same limits for argon2i and argon2id
...
Fixes #606
Also, keep enforcing a minimum number of iterations to create argon2i
hashes, but relax that restriction for verification, as it can be
useful to migrate from hashes made using other libraries.
2017-10-01 11:02:46 +02:00
Frank Denis
2542367c2d
secretstream: set the initial counter to 1
...
Avoids using the first block for two different purposes, and will be more
consistent with the AES-based version.
This breaks backwards compatibility, but better do it now that most distro are
still shipping < 1.0.14, that no applications seem to be already using that new
API, and that there will be an update to the library major due to the aes128ctr
removal.
2017-10-01 10:08:04 +02:00
Frank Denis
96be673f82
Remove aes128ctr
2017-09-27 15:07:54 +02:00
Frank Denis
2a9c81b5c4
Explain why pwhash parameters must be stored
2017-09-26 21:33:54 +02:00
Frank Denis
93c386cb6c
Mention when the state will eventually be cleared
2017-09-26 21:28:08 +02:00
Frank Denis
d338ae9512
Properly support Argon2id in crypto_pwhash()
2017-09-26 17:12:58 +02:00
Frank Denis
491f785274
deinit
2017-09-25 16:33:30 +02:00
Frank Denis
94550cefd5
Remove dev #warning
2017-09-21 11:41:01 +02:00
Frank Denis
3e0b4dec6e
Add sodium_base64_encoded_len()
2017-09-21 11:25:09 +02:00
Frank Denis
4ce2856a5d
Avoid negations on unsigned values
2017-09-21 11:23:37 +02:00
Frank Denis
7e06a6a991
Annotate
2017-09-21 00:30:37 +02:00
Frank Denis
91233a0143
Tag salsa208 as deprecated
2017-09-19 23:56:12 +02:00
Frank Denis
3db75fc647
No need for ge_scalarmult_vartime() in minimal mode
2017-09-19 22:16:49 +02:00
Frank Denis
7423408cd3
Make the behavior of hex2bin() consistent with base642bin()
...
Return -1 on incomplete sequences and on complete sequences
with trailing, non-ignored characters if no pointers to store the
last parsed byte has been provided
2017-09-19 18:45:23 +02:00
Frank Denis
c7fe84cfb0
Skip trailing ignored characters in base64 decoding
2017-09-19 15:09:29 +02:00
Frank Denis
70e5ff5e14
Add a helper macro to compute the length of a base64 string
...
Modern compilers should optimize these common subexpressions fairly well.
2017-09-19 14:08:09 +02:00
Frank Denis
61214ba6b9
Remove redundant test
2017-09-18 23:57:03 +02:00
Frank Denis
77f3b71354
Indent
2017-09-18 23:29:33 +02:00
Frank Denis
5b9680ead6
More tests
2017-09-18 23:13:50 +02:00
Frank Denis
4828c5923a
~ 80 columns please
2017-09-18 20:52:38 +02:00
Frank Denis
66c621f417
Faster; doesn't require to wipe the output stream
2017-09-18 20:51:47 +02:00
Frank Denis
5da8f4fbc6
Add a global xor_buf() private helper function
2017-09-18 19:39:41 +02:00
Frank Denis
7d756fab96
xor the key and the nonce on rekey for better separation
2017-09-18 19:25:06 +02:00
Frank Denis
bb1b27fa36
Improve readability
2017-09-18 18:55:56 +02:00
Frank Denis
10bb28b27e
One more COMPILER_ASSERT()
2017-09-18 18:15:53 +02:00
Frank Denis
2ce41de29b
Define macros instead of repeated offsets
...
Improves readability, removes bugs
2017-09-18 18:11:29 +02:00
Frank Denis
a029b352af
Don't generate SSE2 code if that instruction set hasn't been enabled
2017-09-17 18:23:31 +02:00
Frank Denis
09fd953fce
Revert "__SSE2__ may need to be explicitly enabled"
...
This reverts commit 35d8aa5d3e
.
2017-09-17 18:19:57 +02:00
Frank Denis
35d8aa5d3e
__SSE2__ may need to be explicitly enabled
2017-09-17 18:15:18 +02:00
Frank Denis
a161dd9fa1
On 32-bit systems, the limit is SIZE_MAX
2017-09-17 16:36:01 +02:00
Frank Denis
d8a8201bb2
Avoid "in" and "out". Use "c" to represent the ciphertext.
2017-09-16 23:43:46 +02:00
Frank Denis
1181a47cb4
Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
2017-09-16 23:37:52 +02:00
Frank Denis
bfab44aa40
initbytes -> headerbytes for clarity
2017-09-16 23:21:28 +02:00
Frank Denis
e8f1c0be66
secretstream: use "header" instead of "in" and "out" for clarity
2017-09-16 23:15:28 +02:00
Frank Denis
9e0ff55ebd
Add the ability to use only strong symbols, even on ELF targets
2017-09-15 18:52:04 +02:00
Frank Denis
b0420b32d7
Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
2017-09-15 18:28:42 +02:00
Frank Denis
3df3fabb87
No default clause needed
2017-09-15 15:43:16 +02:00
Frank Denis
383705ffc2
The AVX512 optimized BLAKE2B implementation hasn't been imported yet
2017-09-15 13:15:43 +02:00