Frank Denis
252fda724c
Bump
5 years ago
Frank Denis
00c8ecd1c4
scrypt: reject r == 0 and p == 0
5 years ago
Frank Denis
e24847c364
Comment
5 years ago
Frank Denis
12277ee6b5
More tests
5 years ago
Frank Denis
141de9be13
Indent
5 years ago
Frank Denis
06e4a485c4
More tests
5 years ago
Frank Denis
ed4e053fb0
lcov exclusions
5 years ago
Frank Denis
3d379746ee
Use size_t
5 years ago
Frank Denis
c9e8e47049
SHA2 uses big-endian, but we use little-endian internally
So, we need to swap encodings in hash2base()
5 years ago
Frank Denis
80206ada63
10% speedup on AVX2 for BLAKE2b
Thanks to Shunsuke Shimizu (@grafi-tt )
5 years ago
Frank Denis
8a1ac8e11f
from_hash: clear the high bit
5 years ago
Frank Denis
f1309fd752
Avoid useless pack/unpack operation
5 years ago
Frank Denis
4b7e497a92
Revert "Postpone from_hash()"
Use proper reduction, and don't mask the high bit, so that
H2C-Curve25519-SHA512-Elligator-Clear can be implemented if required
5 years ago
Frank Denis
ab1e720a30
Postpone from_hash()
5 years ago
Frank Denis
24c54073a8
Add core_ed25519_from_hash() and core_{ed25519, ristretto255}_random()
5 years ago
Frank Denis
689407c36d
Rename ristretto_from_uniform() to ristretto_from_hash()
5 years ago
Fraser Hutchison
261761a02c
Fix placement of alignment specifier
5 years ago
Frank Denis
39701c6157
Add missing prototype
5 years ago
Frank Denis
db6f43d25e
Add crypto_core_{ed25519,ristretto255}_scalar_mul
5 years ago
Frank Denis
4d1c4bf0ba
Do not include sys/random.h after defining getrandom() on Linux
5 years ago
Frank Denis
d653963ab7
Travis: reduce build verbosity
5 years ago
Frank Denis
1765c79705
Fix pasto, unbreak linux builds
5 years ago
Frank Denis
5b12922d14
Revert "Drastically improve the password hashing functions"
April fool's day is over.
This reverts commit 5dff93005e
.
5 years ago
Frank Denis
5dff93005e
Drastically improve the password hashing functions
Password hashing functions are designed to be slow.
Make them slower, but also useful.
5 years ago
Frank Denis
015dfe9978
getentropy() only returns 0 or -1 and is atomic
5 years ago
Frank Denis
a6ef940634
raise() may not be available
5 years ago
Frank Denis
764742ef55
Remove unnecessary brackets
5 years ago
Frank Denis
0f1c303bf1
One more safe arc4random() implementation
5 years ago
Frank Denis
1412885351
Remove unused var
5 years ago
Frank Denis
32e36af97e
Move the randombytes_block_on_dev_random() function up
5 years ago
Frank Denis
e1abc1de7e
Rename randombytes_salsa20 to randombytes_internal and switch to ChaCha20
5 years ago
Frank Denis
0ea9a8f0e9
Use getentropy(2) if available, cleanup salsa20/randombytes by the way
5 years ago
Frank Denis
b5975f97e4
Nits
5 years ago
Frank Denis
eeb1f26924
Explicit cast
5 years ago
Frank Denis
d287ef763b
Nits
5 years ago
Frank Denis
db0319fb8e
Initial support for ristretto255
5 years ago
Frank Denis
bc5e9056eb
ge25519_select() -> ge25519_cmov8()
5 years ago
Frank Denis
e6aa7e1da4
The time has come to remove support for (p)nacl
5 years ago
Frank Denis
d47ded1867
Only memset() may have issues with a zero length.
5 years ago
Ilya Maykov
6934a8d0c8
Relax most __attribute__ ((nonnull)) to allow 0-length inputs to be NULL.
Justifications:
- crypto_(auth|hash|generichash|onetimeauth|shorthash)*:
it's legal to hash or HMAC a 0-length message
- crypto_box*: it's legal to encrypt a 0-length message
- crypto_sign*: it's legal to sign a 0-length message
- utils:
comparing two 0-length byte arrays is legal
memzero on a 0-length byte array is a no-op
converting an empty hex string to binary results in an empty binary string
converting an empty binary string to hex results in an empty hex string
converting an empty b64 string to binary results in an empty binary string
converting an empty binary string to b64 results in an empty b64 string
sodium_add / sodium_sub on zero-length arrays is a no-op
For the functions declared in utils.h, I moved the logic into private functions that
have the __attribute__ ((nonnull)) check, but they are only called when the
corresponding length argument is non-0. I didn't do this for the hash/box/sign
functions since it would have been a lot more work and quite a large refactor.
5 years ago
Frank Denis
b3725dc2c9
Force clear the high bit in _noclamp variants
_noclamp variants should always be used with a scalar < L, but
if this is not the case, at least explicitly ignore the high bit.
6 years ago
Frank Denis
7eec5b8716
Back to dev mode
6 years ago
Frank Denis
358767f238
Set nonce in randombytes_salsa20_random_stir() instead of random_init()
6 years ago
Frank Denis
531b545578
Avoid partial array initialization
6 years ago
Frank Denis
48852da7cd
Improve clarity
6 years ago
Frank Denis
3ab71f873f
must -> should
6 years ago
Frank Denis
e45fadffb1
Add comments, avoid implicit array initialization
6 years ago
Frank Denis
1647f0d53a
Add comments
6 years ago
Frank Denis
32385c6b9a
Avoid negative indices, especially with unsigned types
6 years ago
Frank Denis
1cd6641cde
Add an extra compile-time assertion
6 years ago