Frank Denis
a72abb0ae1
Add missing randombytes.h inclusion in aead_aegis256.c
5 years ago
Frank Denis
066150a94d
Swapped aegis256_is_available implementations
5 years ago
Frank Denis
0f8e034f97
Reorganize aead_aegis256 a bit
5 years ago
Frank Denis
728b7ef237
Add libarmcrypto.la
5 years ago
Frank Denis
c8b6906c60
has_armcrypto_aes -> has_armcrypto
5 years ago
Frank Denis
c9d80901bf
__ARM_NEON is enough
5 years ago
Frank Denis
a8dc93192d
On Apple devices, the ARM64_V8 subtype always has the crypto extensions
5 years ago
Frank Denis
dd5fbb632b
Check for AT_HWCAP2 instead of AT_HWCAP where it's used
5 years ago
Frank Denis
1910ca83d8
Detect NEON and ARMCRYPTO on ARM32
Which doesn't mean that the compiler will support these opcodes, so
we need to autoconf magic as well.
5 years ago
Frank Denis
456a57f235
__arm__ => __ARM_ARCH
5 years ago
Frank Denis
acaed459ce
Add ARM NEON and AES runtime checks
5 years ago
Frank Denis
9e22cb4ad2
Nits
5 years ago
Frank Denis
111f99a2d4
Nits. No binary code change.
5 years ago
Frank Denis
8a76789de3
Add required headers for aegis256_armcrypto
5 years ago
Adrien Gallouët
fd5bc21b60
Rework NEON version of AEGIS256
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
5 years ago
Adrien Gallouët
4542a04e1d
Indent
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
5 years ago
Frank Denis
6abc6c292a
Compile only the NEON version of AEGIS256 on relevant platforms
5 years ago
Isis Lovecruft
6136871607
Optimisation to succeed fast when checking signature scalar is reduced.
This provides a minor optimisation for ed25519 signature verification, when used
without the -DED25519_COMPAT feature, to strictly check for a fully reduced
scalar, `s`, component in variable time by first checking that the most
significant *four* bits are unset, and only if any of them are set proceed to
the `sc25519_is_canonical` check which performs the full reduction. This should
result in succeeding fast for the check on roughly half of all well-formed,
canonicalised signatures.
This is safely backwards compatible with the previous implementation
of strict checking for signature scalars.
5 years ago
Frank Denis
2f915846ff
randombytes: make the emscripten version consistent with others
5 years ago
Frank Denis
44b4526309
Add ARM implementation of aegis256 - Not connected to builds yet
5 years ago
Frank Denis
5990dc00d0
Fix crypto_aead_aegis256_MESSAGEBYTES_MAX
5 years ago
Frank Denis
1d536ffab7
Indent
5 years ago
Adrien Gallouët
0a31dd5a31
aegis256: Support mac verification when m is NULL
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
5 years ago
Frank Denis
f537541a0a
For clarity, don't use different terms for the same thing
5 years ago
Frank Denis
4de2620fb1
Indent
5 years ago
Adrien Gallouët
4520c080cc
Define ENOSYS where it is useful
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
5 years ago
Adrien Gallouët
0eecb81466
aegis256: Remove restrict
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
5 years ago
Adrien Gallouët
452ac1f3ee
Add AEGIS-256 (aesni only)
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
5 years ago
mpex
fb8e4d00df
Update utils.c
I noticed that the shielding_key is not used in sodium_mshield() (only filled in crypto_generichash())
Is the wrong key used in crypto_stream_xor?
5 years ago
Frank Denis
495fdb3693
mshield requires memory protection
5 years ago
Frank Denis
bfeca0eb73
Implement key shielding to protect against side channels
We may want to fold this into `sodium_mprotect_*()` instead of
exposing these functions.
The drawback is that a transition from PROT_NONE to PROT_READ
(or the other way round) would need an intermediary state in PROT_WRITE
for shielding/unshielding.
Shielding is also not thread-safe, while the `mprotect_*()` functions
are, and adding locks would make things more complicated than they
probably should.
5 years ago
Frank Denis
2dd3b91628
Try to rename internal symbols that were visible in static libraries
Fixes #839
5 years ago
Frank Denis
a97ab7085f
argon2_pick_best_implementation() can be static
5 years ago
Frank Denis
47153bb56e
Style: remove unneeded extern
5 years ago
Frank Denis
42a06fdecc
common.h -> private/common.h
5 years ago
Frank Denis
7214dff083
Rename the remaining unprefixed functions
argon2_fill_first_blocks() can be static
5 years ago
Frank Denis
550622b04b
Rename fill_segment_* to argon2_fill_segment_*
5 years ago
Frank Denis
9f14962388
Rename a few common internal symbols
5 years ago
Frank Denis
6723e22907
Rename PBKDF2_SHA256 to escrypt_PBKDF2_SHA256
5 years ago
Frank Denis
bdc4db7c9c
Remove useless macros hiding the actual symbol names
5 years ago
Frank Denis
d855d30826
Use MAP_CONCEAL on OpenBSD
5 years ago
Frank Denis
d54f0721cd
getentropy() may be defined but NULL on older iOS versions
5 years ago
Frank Denis
1707281a3a
Revert "scrypt: reject r == 0 and p == 0"
This reverts commit 00c8ecd1c4
.
5 years ago
Frank Denis
3e5c2531eb
Back to dev mode
5 years ago
Frank Denis
252fda724c
Bump
5 years ago
Frank Denis
00c8ecd1c4
scrypt: reject r == 0 and p == 0
5 years ago
Frank Denis
e24847c364
Comment
5 years ago
Frank Denis
12277ee6b5
More tests
5 years ago
Frank Denis
141de9be13
Indent
5 years ago
Frank Denis
06e4a485c4
More tests
5 years ago