Niels Möller [Sun, 9 Feb 2020 07:48:27 +0000 (08:48 +0100)]
Add meta interface for CMAC functions.
Based on patches by Daiki Ueno.
* testsuite/cmac-test.c (nettle_cmac_aes128, nettle_cmac_aes256):
Moved to...
* cmac-aes128-meta.c: New file.
* cmac-aes256-meta.c: New file.
Dmitry Baryshkov [Thu, 16 Jan 2020 21:52:35 +0000 (00:52 +0300)]
Add GOST DSA according to GOST R 34.10-2001/-2012
Add GOST Digital Signature Algorithms support according to GOST R
34.10-2001/-2012. English translations of these standards are provided
as RFC 5832 and RFC 7091.
Add support for GC512A curve ("TLS Supported Groups" registry,
draft-smyshlyaev-tls12-gost-suites) also known as
tc26-gost-3410-12-512-paramSetA (RFC 7836).
Add support for GC256B curve ("TLS Supported Groups" registry,
draft-smyshlyaev-tls12-gost-suites) also known as
GostR3410-2001-CryptoPro-A and GostR3410-2001-CryptoPro-XchA (RFC 4357).
* Makefile.in: Use the GNU make directive -include to include
dependency .d files. Delete dependency files on make clean.
* examples/Makefile.in: Likewise.
* testsuite/Makefile.in: Likewise. Also use $(OBJEXT) properly.
* tools/Makefile.in: Likewise.
* configure.ac (dummy-dep-files): Delete these config commands.
Niels Möller [Mon, 30 Dec 2019 21:43:48 +0000 (22:43 +0100)]
Reorganize eddsa, based on patch by Daiki Ueno.
* eddsa-internal.h (struct ecc_eddsa): New struct for eddsa
parameters.
* ed25519-sha512.c (_nettle_ed25519_sha512): New parameter struct.
* eddsa-expand.c (_eddsa_expand_key): Replace input
struct nettle_hash with struct ecc_eddsa, and generalize for
ed448. Update all callers.
* eddsa-sign.c (_eddsa_sign): Likewise.
* eddsa-verify.c (_eddsa_verify): Likewise.
* eddsa-compress.c (_eddsa_compress): Store sign bit in most
significant bit of last byte, as specified by RFC 8032.
* eddsa-decompress.c (_eddsa_decompress): Corresponding update.
Also generalize to support ed448, and make validity checks
stricter.
* testsuite/eddsa-sign-test.c (test_ed25519_sign): New function.
(test_main): Use it.
* testsuite/eddsa-verify-test.c (test_ed25519): New function.
(test_main): Use it.
Niels Möller [Sat, 14 Dec 2019 09:00:23 +0000 (10:00 +0100)]
New function ecc_mul_m.
* curve25519-mul.c (curve25519_mul): Use ecc_mul_m.
* curve448-mul.c (curve448_mul): Likewise.
* ecc-mul-m.c (ecc_mul_m): New file and function. Implements
multipliction for curves in Montgomery representation, as used for
curve25519 and curve448. Extracted from curve25519_mul.
* ecc-internal.h (ecc_mul_m): Declare.
(ECC_MUL_M_ITCH): New macro.
* Makefile.in (hogweed_SOURCES): Add ecc-mul-m.c.
Niels Möller [Mon, 9 Dec 2019 18:28:15 +0000 (19:28 +0100)]
Revert itch macro changes.
We now have h_to_a_itch <= mul_itch, mul_g_itch. Add asserts at a few
places relying on this.
(ECC_ECDSA_KEYGEN_ITCH, ECC_MAX): Delete macros.
(ECC_ECDSA_SIGN_ITCH): Revert previous change.
Niels Möller [Mon, 9 Dec 2019 17:58:53 +0000 (18:58 +0100)]
Trim scratch usage of curve448 operations.
* ecc-448.c (ecc_mod_pow_446m224m1): Reduce scratch space from 9*n
to 6*n.
(ECC_448_INV_ITCH, ECC_448_SQRT_ITCH): Reduce accordingly.
* curve448-mul.c (curve448_mul): Reduce allocation from 14*n to 12*n.
Niels Möller [Sat, 7 Dec 2019 07:14:21 +0000 (08:14 +0100)]
Delete tests and code for ecdsa over curve25519.
* ecc-eh-to-a.c (ecc_eh_to_a): Require op == 0, delete code only
used for non-standard ecdsa over curve25519.
* testsuite/ecdsa-sign-test.c (test_main): Delete test of ecdsa
over curve25519.
* testsuite/ecdsa-verify-test.c (test_main): Likewise.
* testsuite/ecdsa-keygen-test.c (test_main): Exclude curve25519
from test.
Niels Möller [Thu, 5 Dec 2019 08:02:15 +0000 (09:02 +0100)]
Fix configure check for __builtin_bswap64.
* configure.ac: Use AC_TRY_LINK rather than AC_TRY_COMPILE to
check for __builtin_bswap64. Since calling an non-existing
function typically results in a warning only at compile time, but
fails at link time. Patch contributed by by George Koehler.
Daiki Ueno [Sat, 30 Nov 2019 09:29:23 +0000 (10:29 +0100)]
Implement Curve448 primitives
This patch adds the necessary primitives for "curve448", defined in
RFC 7748. Those primitives are namely: addition, doubling, scalar
multiplication of the generator or an arbitrary point, inversion, and
square root.
Niels Möller [Thu, 21 Nov 2019 19:00:35 +0000 (20:00 +0100)]
eccdata: (ecc_curve_init_str): Delete unused t and d arguments.
Related to the the edwards_root member of struct ecc_curve, which
was used by ecc_a_to_eh before it was deleted, see 2014-09-17
entry below.
(ecc_curve_init): Delete corresponding curve25519 constants, and
NULL arguments passed for the other curves.
Russian technical comitee working on standartization of cryptography
algorithms has published the document describing usage of GOST R
34.11-94 hash function with PBKDF2 algorithm (MR 26.2.001-2012).
Add test vectors from that document and a special function implementing
Nettle interface for PBKDF2 using gosthash94cp.
Add support for GOSTHASH94CP: GOST R 34.11-94 hash with CryptoPro S-box
Hash gosthash94 implements GOST R 34.11-94 standard using S-Box defined
in the standard 'for testing purposes only'. RFC 4357 defines S-Box
(CryptoPro one) for GOST R 34.11-94 hash function that is widely used in
applications. Add separate hash function algorithm (gosthash94cp)
implementing GOST R 34.11-94 hashing using that S-Box.
Start separating GOST 28147-89 from GOST R 34.11-94
Hash function GOST R 34.11-94 (gosthash94) in its compression function
uses Russian block cipher (GOST 28147-89, Magma). Start separating block
cipher code from hash function code. For now there is no public
interface for this cipher, it will be added later.
projects / thirdparty / nettle.git / log
