252fda724c
Bump
5 years ago
00c8ecd1c4
scrypt: reject r == 0 and p == 0
5 years ago
e24847c364
Comment
5 years ago
12277ee6b5
More tests
5 years ago
141de9be13
Indent
5 years ago
06e4a485c4
More tests
5 years ago
ed4e053fb0
lcov exclusions
5 years ago
3d379746ee
Use size_t
5 years ago
c9e8e47049
SHA2 uses big-endian, but we use little-endian internally
So, we need to swap encodings in hash2base()
5 years ago
80206ada63
10% speedup on AVX2 for BLAKE2b
Thanks to Shunsuke Shimizu (@grafi-tt )
5 years ago
8a1ac8e11f
from_hash: clear the high bit
5 years ago
f1309fd752
Avoid useless pack/unpack operation
5 years ago
4b7e497a92
Revert "Postpone from_hash()"
Use proper reduction, and don't mask the high bit, so that
H2C-Curve25519-SHA512-Elligator-Clear can be implemented if required
5 years ago
ab1e720a30
Postpone from_hash()
5 years ago
24c54073a8
Add core_ed25519_from_hash() and core_{ed25519, ristretto255}_random()
5 years ago
689407c36d
Rename ristretto_from_uniform() to ristretto_from_hash()
5 years ago
261761a02c
Fix placement of alignment specifier
5 years ago
39701c6157
Add missing prototype
5 years ago
db6f43d25e
Add crypto_core_{ed25519,ristretto255}_scalar_mul
5 years ago
4d1c4bf0ba
Do not include sys/random.h after defining getrandom() on Linux
5 years ago
d653963ab7
Travis: reduce build verbosity
5 years ago
1765c79705
Fix pasto, unbreak linux builds
5 years ago
5b12922d14
Revert "Drastically improve the password hashing functions"
April fool's day is over.
This reverts commit 5dff93005e
5 years ago
5dff93005e
Drastically improve the password hashing functions
Password hashing functions are designed to be slow.
Make them slower, but also useful.
5 years ago
015dfe9978
getentropy() only returns 0 or -1 and is atomic
5 years ago
a6ef940634
raise() may not be available
5 years ago
764742ef55
Remove unnecessary brackets
5 years ago
0f1c303bf1
One more safe arc4random() implementation
5 years ago
1412885351
Remove unused var
5 years ago
32e36af97e
Move the randombytes_block_on_dev_random() function up
5 years ago
e1abc1de7e
Rename randombytes_salsa20 to randombytes_internal and switch to ChaCha20
5 years ago
0ea9a8f0e9
Use getentropy(2) if available, cleanup salsa20/randombytes by the way
5 years ago
b5975f97e4
Nits
5 years ago
eeb1f26924
Explicit cast
5 years ago
d287ef763b
Nits
5 years ago
db0319fb8e
Initial support for ristretto255
5 years ago
bc5e9056eb
ge25519_select() -> ge25519_cmov8()
5 years ago
e6aa7e1da4
The time has come to remove support for (p)nacl
5 years ago
d47ded1867
Only memset() may have issues with a zero length.
5 years ago
6934a8d0c8
Relax most __attribute__ ((nonnull)) to allow 0-length inputs to be NULL.
Justifications:
- crypto_(auth|hash|generichash|onetimeauth|shorthash)*:
it's legal to hash or HMAC a 0-length message
- crypto_box*: it's legal to encrypt a 0-length message
- crypto_sign*: it's legal to sign a 0-length message
- utils:
comparing two 0-length byte arrays is legal
memzero on a 0-length byte array is a no-op
converting an empty hex string to binary results in an empty binary string
converting an empty binary string to hex results in an empty hex string
converting an empty b64 string to binary results in an empty binary string
converting an empty binary string to b64 results in an empty b64 string
sodium_add / sodium_sub on zero-length arrays is a no-op
For the functions declared in utils.h, I moved the logic into private functions that
have the __attribute__ ((nonnull)) check, but they are only called when the
corresponding length argument is non-0. I didn't do this for the hash/box/sign
functions since it would have been a lot more work and quite a large refactor.
5 years ago
b3725dc2c9
Force clear the high bit in _noclamp variants
_noclamp variants should always be used with a scalar < L, but
if this is not the case, at least explicitly ignore the high bit.
6 years ago
7eec5b8716
Back to dev mode
6 years ago
358767f238
Set nonce in randombytes_salsa20_random_stir() instead of random_init()
6 years ago
531b545578
Avoid partial array initialization
6 years ago
48852da7cd
Improve clarity
6 years ago
3ab71f873f
must -> should
6 years ago
e45fadffb1
Add comments, avoid implicit array initialization
6 years ago
1647f0d53a
Add comments
6 years ago
32385c6b9a
Avoid negative indices, especially with unsigned types
6 years ago
1cd6641cde
Add an extra compile-time assertion
6 years ago
Frank Denis