Commit Graph

3824 Commits

Author SHA1 Message Date
Frank Denis
37a1358b81 glibc needs -lrt to get clock_gettime()
Reported by csosstudy
2013-02-28 19:13:07 -08:00
Frank Denis
c6fa04725f Better antispam. Or not. 2013-02-23 15:22:53 -08:00
Frank Denis
a3bbfe18f6 Mention the mailing list 2013-02-23 15:21:45 -08:00
Frank Denis
df814f98b4 Don't forget the prototype for crypto_sign_seed_keypair()
Spotted by @dstufft
2013-02-23 02:51:19 -08:00
Frank Denis
9b14a46a0c Merge pull request #10 from tarcieri/scalarmult_raw
crypto_scalarmult_raw()
2013-02-22 11:09:41 -08:00
Tony Arcieri
08a11d1a05 crypto_scalarmult_raw()
This provides a more direct interface to the crypto_scalarmult function.
By default, this function includes some bit-twiddling, which, to the
best of my understanding, ensures the integer provided as the left
operand of the multiplication operation fits within a specific limit.
(I believe this limit is the order of NaCl's standard group element,
but am not entirely certain). This change allows a user to pass in
an integer which is not subject to this bit-twiddling and can be passed
in wholesale.

The reason NaCl provides this API is to intentionally make it
easy-to-use for the purposes of computing public keys from private keys
or for performing Diffie-Hellman. The API it provides now makes it
quite difficult to do anything wrong yet still get a correct answer.

If we split this function in half, however, we can expose some
power-user functionality. Specifically I need this to implement
semiprivate keys:

https://gist.github.com/tarcieri/4760215

I've been double checking my implementation against a similar version in
SAGE for the past week or so trying to figure out what's wrong, and
today it was pointed out to me that NaCl's scalar multiplication
function automatically performs bit-twiddling for you.

I would love to continue to experiment with semiprivate keys on top of
NaCl. I have no serious intentions of actually using them as part of a
cryptosystem until there's some sort of proof of their security, or at
the very least, some reasonably educated guesses as to its security
properties.

That said, I would love to have this API. If there's worries about
exposing power-user APIs like this, perhaps we can be a bit more
"shouty" in the API name?

crypto_scalarmult_dangerously_direct_access() ? ;)
2013-02-21 20:59:57 -08:00
Frank Denis
0926fc974d Some systems lack flock() 2013-02-18 15:51:21 -08:00
Frank Denis
329ec43e02 Include CurveCP's README 2013-02-18 15:40:41 -08:00
Frank Denis
cac486b789 Add version.h to .gitignore 2013-02-18 15:29:21 -08:00
Frank Denis
f5af42f48d CurveCP is optional 2013-02-18 15:28:43 -08:00
Frank Denis
926803f996 Move curvecp, split libcurvecp to its own dir 2013-02-18 15:14:55 -08:00
Frank Denis
60d788a444 Compile curvecp. This will be optional and disabled by default as it is
not exactly portable.
2013-02-18 13:56:29 -08:00
Frank Denis
6774b47cd4 Reintroduce shorthash, this time with the key... 2013-02-13 21:14:29 +08:00
Frank Denis
e5e2150919 Revert "Add crypto_shorthash() for non collision-resistant hash functions"
This reverts commit c8fe5c4afb.

Conflicts:
	.gitignore
	test/Makefile.am
	test/default/shorthash.c
	test/default/shorthash.exp
2013-02-13 20:33:17 +08:00
Frank Denis
5c946f9c61 Move tests to test/default and windows to quirks/windows.
test/default contains only tests using the default primitives
for a given operation. We need to add other tests as well.
2013-02-09 04:21:32 +08:00
Frank Denis
c8fe5c4afb Add crypto_shorthash() for non collision-resistant hash functions
Currently using siphash-2-4
2013-02-09 03:51:20 +08:00
Frank Denis
f7e643a75c Back to a stable Xcode version. 2013-02-08 01:25:55 -08:00
Frank Denis
48aa6934df Add missing quotes around LIBTOOL_EXTRA_FLAGS 2013-02-05 08:01:00 -08:00
Frank Denis
eb96dcb0f7 Skip library version info on Windows 2013-02-04 22:52:51 -08:00
Frank Denis
2abcfa283a BUmp version to 0.3 2013-02-04 22:28:17 -08:00
Frank Denis
6d3afb32de Build the library as a module on Windows 2013-02-04 17:16:46 -08:00
Frank Denis
49461b5e66 Pass -no-undefined to libtool so that a native DLL can be built on Windows 2013-02-04 16:31:02 -08:00
Frank Denis
9abef59142 Bump lib source version 2013-02-04 14:52:57 -08:00
Frank Denis
85ba9d3ff5 Add crypto_box_MACBYTES 2013-02-04 14:51:04 -08:00
Frank Denis
b27030010e Fix logo URL 2013-01-30 23:25:02 -08:00
Frank Denis
00e78efbf5 Update logo URL 2013-01-30 23:24:04 -08:00
Frank Denis
f91b444406 Merge pull request #8 from tarcieri/logo
Logo
2013-01-30 23:23:32 -08:00
Tony Arcieri
d19b78178c Logo 2013-01-30 23:18:39 -08:00
Frank Denis
ca02a49b25 Bump minor 2013-01-28 21:46:51 -08:00
Frank Denis
2556007a6f Bump library and package version. 2013-01-28 21:43:15 -08:00
Frank Denis
5b0d0eab1f Merge pull request #7 from tarcieri/crypto_sign_seed_keypair
Rename crypto_sign_publickey to crypto_sign_seed_keypair
2013-01-28 21:38:40 -08:00
Tony Arcieri
c046fe8ccc Rename crypto_sign_publickey to crypto_sign_seed_keypair
The crypto_sign_seed_keypair function is analagous to
crypto_sign_keypair, except it generates a keypair for a seed instead of
a random keypair.

I think this name makes more sense than crypto_sign_publickey.
2013-01-28 21:31:25 -08:00
Frank Denis
02156fac27 Merge pull request #6 from tarcieri/crypto_sign_keypair
Add crypto_sign_publickey() API
2013-01-26 13:27:58 -08:00
Tony Arcieri
53d3b5969e Add crypto_sign_publickey() API
This adds a new API crypto_sign_publickey, which works similarly to the
existing crypto_sign_keypair() API, but supports a 32-byte
user-specified seed value (k).

This API is necessary for implementing Ed25519 test vectors, for
example, since we need to pass in a known seed to ensure we're
computing the public key correctly.

The name and implementation are largely borrowed from Brian Warner's
python-ed25519 library. See:

d42d4b7049/src/ed25519.c (L21)

That said, perhaps a different name would be more descriptive, since it
still returns a keypair, not just the public key? Or perhaps that's
needless bikeshedding since this name is already in use.
2013-01-26 13:12:10 -08:00
Frank Denis
92e1e0c81c Point to the /releases/ directory for tarballs. 2013-01-21 21:33:39 -08:00
Frank Denis
4e51588674 Add build scripts for iOS, Android and MSYS. 2013-01-21 21:25:49 -08:00
Frank Denis
d541144327 Add -Wsometimes-uninitialized 2013-01-21 20:50:50 -08:00
Frank Denis
0ca9901e14 <poll.h> is not needed any more 2013-01-21 20:45:39 -08:00
Frank Denis
ab969fe353 No need for ax_pthread 2013-01-21 20:37:53 -08:00
Frank Denis
e21ead2dca Add a link to tarballs. 2013-01-21 20:34:14 -08:00
Frank Denis
52627fc13e Fantastic ChangeLog 2013-01-21 19:58:38 -08:00
Frank Denis
11c4bf728c Add a link to RbNaCl 2013-01-21 19:57:11 -08:00
Frank Denis
ec925063d6 Add license file & THANKS file 2013-01-21 19:55:24 -08:00
Frank Denis
0d48d2a10b Of course (...) in CryptGenRandom() the size comes before the buffer. 2013-01-21 19:45:58 -08:00
Frank Denis
4668611533 <sys/timeb.h> is required for Windows 2013-01-21 19:30:39 -08:00
Frank Denis
7ba8af5936 Check for SecureZeroMemory at compile time. 2013-01-21 19:18:15 -08:00
Frank Denis
3c5c23a64b Don't run autoheader 2013-01-21 18:52:51 -08:00
Frank Denis
0aaa42ed69 libsodium-randombytes is gone, remove it from all Makefiles 2013-01-21 18:43:11 -08:00
Frank Denis
119011976b 3-digits version numbers are not required. 2013-01-21 18:17:09 -08:00
Frank Denis
dff36063a6 randombytes/randombytes_sysrandom.h moved to includes/sodium 2013-01-21 18:11:19 -08:00