Commit Graph

72 Commits

Author SHA1 Message Date
5c1325ed11 aead: rewrite api
Decouple the authentication tag from the ciphertext and add streaming
interfaces.

Tests will be fixed in the next commit.
2024-06-20 15:52:58 +00:00
91842048d6 kdf/hkdf: scrub the pseudorandom key 2024-06-19 14:07:57 +00:00
8766827b49 auth/hmac: save lc_hash_ctx for scrub 2024-06-19 14:07:36 +00:00
9da7685779 aead/{,x}chacha20-poly1305: simplify
Use one-pass interfaces for encryption and decryption and rename the
Poly1305 key setup to the more correct poly1305_keysetup.
2024-06-19 14:02:54 +00:00
e39f46a9f9 internal: wrap overlong lines 2024-06-19 13:25:23 +00:00
3c5e296178 Use a single zero buffer 2024-06-19 13:18:25 +00:00
8fd513540f Write "Wycheproof" correctly 2024-06-18 14:35:22 +00:00
9cc4c6863e Move aead_impl_*chacha20_poly1305 into their returning function
Missed in 24ef318572 .
2024-06-18 14:32:35 +00:00
5eb28b420d Add KDF interface and HKDF implementation 2024-06-18 14:30:06 +00:00
cef67c9f09 Merge most of internal headers into internal.h
Fix the includes accordingly and get rid of some unused ones.
2024-06-17 21:52:07 +00:00
9177e021ab README: add hexdump to utils 2024-06-17 14:41:38 +00:00
9ba30dbe41 hash/sha512: add SHA-512/224 and SHA-512/256 variants 2024-06-17 14:41:20 +00:00
d66daa8938 hash/sha512: use sha384_sha512_update directly 2024-06-17 14:27:39 +00:00
818c1a016f impl/sha512: fix indentation 2024-06-16 02:08:03 +00:00
24ef318572 Move *_impl to their returning functions 2024-06-16 01:51:00 +00:00
21251045f4 Rename the state block buffers from m{,len} to b{,len} 2024-06-15 21:22:12 +00:00
230dedac16 Rename all algorithm-specific ctx to state 2024-06-15 21:13:31 +00:00
2b76f3df5b cipher/xchacha20: add one-pass implementation
Fix the function pointers while at it.
2024-06-11 03:07:53 +00:00
fb2139eeee ct/cmp: save the final shift by switching the direction of shifts 2024-06-11 02:29:00 +00:00
d90236bfb9 Zap dangling whitespaces 2024-06-10 17:44:20 +00:00
6677c6cab3 Remove ctx_new and ctx_free function pointers
Now that HMAC isn't special anymore, and with the help of init params,
this isn't needed anymore as we only allocate memory for the state.

This effectively reverts e9bcc64e62 .
2024-06-10 17:44:05 +00:00
666b833b98 auth/hmac: complete overhaul
Now that there are dedicated struct for initial parameters, make the
HMAC params provide a lc_hash_ctx to be used internally. This makes HMAC
less special and allows it to work with any hash, instead of needing
dedicated inits and ctx_news. As an upside, now it's possible to have a
one-pass HMAC.
2024-06-10 17:29:29 +00:00
f6bddfcd70 fold 2024-06-10 17:23:48 +00:00
2ebe3467f8 hash: make blocklen and hashlen part of the implementation 2024-06-10 13:45:57 +00:00
2b3e390bbf Make params struct non-const
Upcoming changes will push lc_*_ctx into the params struct for higher
order constructions like HMAC or HKDF.
2024-06-09 15:09:15 +00:00
af3fe8a67a lilcrypto.h: group all struct defintions together 2024-06-09 14:55:34 +00:00
c2f630ceea impl: only include lilcrypto.h 2024-06-09 14:26:31 +00:00
8f1b773e5f auth/hmac: rename BLOCKSZ to BLOCKLEN 2024-06-09 14:25:05 +00:00
f1c4ceea84 Make the block lengths part of the public interface 2024-06-09 14:16:18 +00:00
06e9c5ec67 Rename *_CHUNK* to *_BLOCKLEN* 2024-06-09 14:05:52 +00:00
62eb1ea6f8 aead/chacha20-poly1305: reflect that the keysetup is only for {,X}ChaCha20 2024-06-09 02:21:06 +00:00
d2817487e8 aead/chacha20-poly1305: inline anycrypt
Also use decrypt for the decryption path instead of relying on ChaCha20
using the same stream for encryption and decryption.
2024-06-09 02:19:51 +00:00
fdcba8bcf7 aead: rename argparams to initparams for consistency 2024-06-09 02:05:10 +00:00
df532c57f4 wycheproof: make failfast mode the default
Add -C for "Continue running after failure".
2024-06-08 13:44:18 +00:00
9c76a90301 cipher/chacha20: rename _common to _anycrypt 2024-06-08 13:39:49 +00:00
2a24aa4f70 hash/sha2: remove unused headers 2024-06-08 02:27:14 +00:00
c54ac8289b Shuffle code around in Wycheproof tests
Group struct, put utility functions before main, put runners after main
and rename kwimpl to kwrunner.
2024-06-08 00:45:45 +00:00
61d9652b2e Fix Wycheproof tests for params 2024-06-08 00:35:49 +00:00
a6208487e4 aead: replace init args with implementation-specific params struct
This unbreaks {,X}ChaCha20-Poly1305. Thanks to the use of params, the
{,X}ChaCha20-Poly1305 doesn't need to reach into the guts of ChaCha20
state. Move {en,de}cryption and key setup into its own functions.

This breaks the tests, which will be fixed in the following commit.
2024-06-07 23:29:29 +00:00
79ce4400dd params struct member shouldn't be const 2024-06-07 21:09:26 +00:00
623dd16dc2 cipher: replace init args with a implementation-specific params struct
This allows for more flexibility in the future. While at it, do note
that the RFC and draft implementations are followed. In particular, in
XChaCha20, hardcode the high word of the counter to 0.

This commit breaks ChaCha20-Poly1305. It'll be fixed in a subsequent
commit.
stash
2024-06-07 18:52:46 +00:00
b26a9c7274 auth: replace init args with a implementation-specific params struct
This allows for more flexibility in the future.

This commit breaks ChaCha20-Poly1305. It'll be fixed in a subsequent
commit.
2024-06-07 18:40:14 +00:00
ccc2836fa8 Introduce params structs
This will allow for greater flexibility in the future and a big refactor
in ChaCha20-Poly1305.
2024-06-07 18:40:14 +00:00
23735c2902 cipher/chacha20: rename *_IVLEN to *_NONCELEN 2024-06-07 18:40:14 +00:00
67d4de1657 Move all inout parameters to the front of the arguments list 2024-06-07 17:47:42 +00:00
7b539ccdcd cipher/chacha20: logical AND is && 2024-06-07 17:34:03 +00:00
1a8f813442 hash: implement SHA-{224,256}
Add the HMAC and Wycheproof bits for HMAC while at it.
2024-06-07 03:14:21 +00:00
0605d10bb3 Implement XChaCha20 and XChaCha20-Poly1305 2024-06-07 02:18:50 +00:00
06f835e27c cipher/chacha20: treat the counter as part of the nonce 2024-06-07 00:29:25 +00:00
b793cb5b69 cipher/chacha20: rename chacha20_x to chacha20_common 2024-06-07 00:29:25 +00:00