Commit Graph

1512 Commits

Author SHA1 Message Date
Frank Denis
18ab679429 sk is actually skpk, so use the right size in the prototype 2017-10-11 21:45:39 +02:00
Frank Denis
f54c6db981 sign_keygen(): don't hash the secret scalar in non-deterministic mode 2017-10-11 21:27:48 +02:00
Frank Denis
68feb75f1d nonce -> Z for clarity 2017-10-11 18:15:36 +02:00
Frank Denis
ebb614cb0e Improve clarity
No need to clamp the key prior to computing a synthetic nonce
2017-10-11 18:09:30 +02:00
Frank Denis
90f5b55a0a Move computation of synthetic nonces to a dedicated function
for clarity
2017-10-06 22:01:06 +02:00
Frank Denis
067cd6749d inline 2017-10-06 21:41:35 +02:00
Frank Denis
d56007a6fa crypto_sign(): memzero the nonce after use 2017-10-06 21:35:52 +02:00
Frank Denis
291859874b Use the generalized eddsa algorithm for non-deterministic r 2017-10-06 21:28:02 +02:00
Frank Denis
9f98f2329c Back to dev mode 2017-10-06 15:37:24 +02:00
Frank Denis
0dd8338b83 Add a compile-time switch to create non-deterministic signatures 2017-10-06 15:35:07 +02:00
Frank Denis
affaecabcd Include prototypes before declarations 2017-10-05 10:15:24 +02:00
Frank Denis
d3e20869af crypto_pwhash_ALG_DEFAULT is now Argon2id 2017-10-01 12:12:13 +02:00
Frank Denis
d49d7e8d4f pwhash: don't enforce the same limits for argon2i and argon2id
Fixes #606

Also, keep enforcing a minimum number of iterations to create argon2i
hashes, but relax that restriction for verification, as it can be
useful to migrate from hashes made using other libraries.
2017-10-01 11:02:46 +02:00
Frank Denis
2542367c2d secretstream: set the initial counter to 1
Avoids using the first block for two different purposes, and will be more
consistent with the AES-based version.

This breaks backwards compatibility, but better do it now that most distro are
still shipping < 1.0.14, that no applications seem to be already using that new
API, and that there will be an update to the library major due to the aes128ctr
removal.
2017-10-01 10:08:04 +02:00
Frank Denis
96be673f82 Remove aes128ctr 2017-09-27 15:07:54 +02:00
Frank Denis
2a9c81b5c4 Explain why pwhash parameters must be stored 2017-09-26 21:33:54 +02:00
Frank Denis
93c386cb6c Mention when the state will eventually be cleared 2017-09-26 21:28:08 +02:00
Frank Denis
d338ae9512 Properly support Argon2id in crypto_pwhash() 2017-09-26 17:12:58 +02:00
Frank Denis
491f785274 deinit 2017-09-25 16:33:30 +02:00
Frank Denis
94550cefd5 Remove dev #warning 2017-09-21 11:41:01 +02:00
Frank Denis
3e0b4dec6e Add sodium_base64_encoded_len() 2017-09-21 11:25:09 +02:00
Frank Denis
4ce2856a5d Avoid negations on unsigned values 2017-09-21 11:23:37 +02:00
Frank Denis
7e06a6a991 Annotate 2017-09-21 00:30:37 +02:00
Frank Denis
91233a0143 Tag salsa208 as deprecated 2017-09-19 23:56:12 +02:00
Frank Denis
3db75fc647 No need for ge_scalarmult_vartime() in minimal mode 2017-09-19 22:16:49 +02:00
Frank Denis
7423408cd3 Make the behavior of hex2bin() consistent with base642bin()
Return -1 on incomplete sequences and on complete sequences
with trailing, non-ignored characters if no pointers to store the
last parsed byte has been provided
2017-09-19 18:45:23 +02:00
Frank Denis
c7fe84cfb0 Skip trailing ignored characters in base64 decoding 2017-09-19 15:09:29 +02:00
Frank Denis
70e5ff5e14 Add a helper macro to compute the length of a base64 string
Modern compilers should optimize these common subexpressions fairly well.
2017-09-19 14:08:09 +02:00
Frank Denis
61214ba6b9 Remove redundant test 2017-09-18 23:57:03 +02:00
Frank Denis
77f3b71354 Indent 2017-09-18 23:29:33 +02:00
Frank Denis
5b9680ead6 More tests 2017-09-18 23:13:50 +02:00
Frank Denis
4828c5923a ~ 80 columns please 2017-09-18 20:52:38 +02:00
Frank Denis
66c621f417 Faster; doesn't require to wipe the output stream 2017-09-18 20:51:47 +02:00
Frank Denis
5da8f4fbc6 Add a global xor_buf() private helper function 2017-09-18 19:39:41 +02:00
Frank Denis
7d756fab96 xor the key and the nonce on rekey for better separation 2017-09-18 19:25:06 +02:00
Frank Denis
bb1b27fa36 Improve readability 2017-09-18 18:55:56 +02:00
Frank Denis
10bb28b27e One more COMPILER_ASSERT() 2017-09-18 18:15:53 +02:00
Frank Denis
2ce41de29b Define macros instead of repeated offsets
Improves readability, removes bugs
2017-09-18 18:11:29 +02:00
Frank Denis
a029b352af Don't generate SSE2 code if that instruction set hasn't been enabled 2017-09-17 18:23:31 +02:00
Frank Denis
09fd953fce Revert "__SSE2__ may need to be explicitly enabled"
This reverts commit 35d8aa5d3e.
2017-09-17 18:19:57 +02:00
Frank Denis
35d8aa5d3e __SSE2__ may need to be explicitly enabled 2017-09-17 18:15:18 +02:00
Frank Denis
a161dd9fa1 On 32-bit systems, the limit is SIZE_MAX 2017-09-17 16:36:01 +02:00
Frank Denis
d8a8201bb2 Avoid "in" and "out". Use "c" to represent the ciphertext. 2017-09-16 23:43:46 +02:00
Frank Denis
1181a47cb4 Proper xchacha20poly1305_MESSAGEBYTES_MAX definition 2017-09-16 23:37:52 +02:00
Frank Denis
bfab44aa40 initbytes -> headerbytes for clarity 2017-09-16 23:21:28 +02:00
Frank Denis
e8f1c0be66 secretstream: use "header" instead of "in" and "out" for clarity 2017-09-16 23:15:28 +02:00
Frank Denis
9e0ff55ebd Add the ability to use only strong symbols, even on ELF targets 2017-09-15 18:52:04 +02:00
Frank Denis
b0420b32d7 Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags 2017-09-15 18:28:42 +02:00
Frank Denis
3df3fabb87 No default clause needed 2017-09-15 15:43:16 +02:00
Frank Denis
383705ffc2 The AVX512 optimized BLAKE2B implementation hasn't been imported yet 2017-09-15 13:15:43 +02:00