5c1325ed11
aead: rewrite api
...
Decouple the authentication tag from the ciphertext and add streaming
interfaces.
Tests will be fixed in the next commit.
2024-06-20 15:52:58 +00:00
91842048d6
kdf/hkdf: scrub the pseudorandom key
2024-06-19 14:07:57 +00:00
8766827b49
auth/hmac: save lc_hash_ctx for scrub
2024-06-19 14:07:36 +00:00
9da7685779
aead/{,x}chacha20-poly1305: simplify
...
Use one-pass interfaces for encryption and decryption and rename the
Poly1305 key setup to the more correct poly1305_keysetup.
2024-06-19 14:02:54 +00:00
e39f46a9f9
internal: wrap overlong lines
2024-06-19 13:25:23 +00:00
3c5e296178
Use a single zero buffer
2024-06-19 13:18:25 +00:00
8fd513540f
Write "Wycheproof" correctly
2024-06-18 14:35:22 +00:00
9cc4c6863e
Move aead_impl_*chacha20_poly1305 into their returning function
...
Missed in 24ef318572
.
2024-06-18 14:32:35 +00:00
5eb28b420d
Add KDF interface and HKDF implementation
2024-06-18 14:30:06 +00:00
cef67c9f09
Merge most of internal headers into internal.h
...
Fix the includes accordingly and get rid of some unused ones.
2024-06-17 21:52:07 +00:00
9177e021ab
README: add hexdump to utils
2024-06-17 14:41:38 +00:00
9ba30dbe41
hash/sha512: add SHA-512/224 and SHA-512/256 variants
2024-06-17 14:41:20 +00:00
d66daa8938
hash/sha512: use sha384_sha512_update directly
2024-06-17 14:27:39 +00:00
818c1a016f
impl/sha512: fix indentation
2024-06-16 02:08:03 +00:00
24ef318572
Move *_impl to their returning functions
2024-06-16 01:51:00 +00:00
21251045f4
Rename the state block buffers from m{,len} to b{,len}
2024-06-15 21:22:12 +00:00
230dedac16
Rename all algorithm-specific ctx to state
2024-06-15 21:13:31 +00:00
2b76f3df5b
cipher/xchacha20: add one-pass implementation
...
Fix the function pointers while at it.
2024-06-11 03:07:53 +00:00
fb2139eeee
ct/cmp: save the final shift by switching the direction of shifts
2024-06-11 02:29:00 +00:00
d90236bfb9
Zap dangling whitespaces
2024-06-10 17:44:20 +00:00
6677c6cab3
Remove ctx_new and ctx_free function pointers
...
Now that HMAC isn't special anymore, and with the help of init params,
this isn't needed anymore as we only allocate memory for the state.
This effectively reverts e9bcc64e62
.
2024-06-10 17:44:05 +00:00
666b833b98
auth/hmac: complete overhaul
...
Now that there are dedicated struct for initial parameters, make the
HMAC params provide a lc_hash_ctx to be used internally. This makes HMAC
less special and allows it to work with any hash, instead of needing
dedicated inits and ctx_news. As an upside, now it's possible to have a
one-pass HMAC.
2024-06-10 17:29:29 +00:00
f6bddfcd70
fold
2024-06-10 17:23:48 +00:00
2ebe3467f8
hash: make blocklen and hashlen part of the implementation
2024-06-10 13:45:57 +00:00
2b3e390bbf
Make params struct non-const
...
Upcoming changes will push lc_*_ctx into the params struct for higher
order constructions like HMAC or HKDF.
2024-06-09 15:09:15 +00:00
af3fe8a67a
lilcrypto.h: group all struct defintions together
2024-06-09 14:55:34 +00:00
c2f630ceea
impl: only include lilcrypto.h
2024-06-09 14:26:31 +00:00
8f1b773e5f
auth/hmac: rename BLOCKSZ to BLOCKLEN
2024-06-09 14:25:05 +00:00
f1c4ceea84
Make the block lengths part of the public interface
2024-06-09 14:16:18 +00:00
06e9c5ec67
Rename *_CHUNK* to *_BLOCKLEN*
2024-06-09 14:05:52 +00:00
62eb1ea6f8
aead/chacha20-poly1305: reflect that the keysetup is only for {,X}ChaCha20
2024-06-09 02:21:06 +00:00
d2817487e8
aead/chacha20-poly1305: inline anycrypt
...
Also use decrypt for the decryption path instead of relying on ChaCha20
using the same stream for encryption and decryption.
2024-06-09 02:19:51 +00:00
fdcba8bcf7
aead: rename argparams to initparams for consistency
2024-06-09 02:05:10 +00:00
df532c57f4
wycheproof: make failfast mode the default
...
Add -C for "Continue running after failure".
2024-06-08 13:44:18 +00:00
9c76a90301
cipher/chacha20: rename _common to _anycrypt
2024-06-08 13:39:49 +00:00
2a24aa4f70
hash/sha2: remove unused headers
2024-06-08 02:27:14 +00:00
c54ac8289b
Shuffle code around in Wycheproof tests
...
Group struct, put utility functions before main, put runners after main
and rename kwimpl to kwrunner.
2024-06-08 00:45:45 +00:00
61d9652b2e
Fix Wycheproof tests for params
2024-06-08 00:35:49 +00:00
a6208487e4
aead: replace init args with implementation-specific params struct
...
This unbreaks {,X}ChaCha20-Poly1305. Thanks to the use of params, the
{,X}ChaCha20-Poly1305 doesn't need to reach into the guts of ChaCha20
state. Move {en,de}cryption and key setup into its own functions.
This breaks the tests, which will be fixed in the following commit.
2024-06-07 23:29:29 +00:00
79ce4400dd
params struct member shouldn't be const
2024-06-07 21:09:26 +00:00
623dd16dc2
cipher: replace init args with a implementation-specific params struct
...
This allows for more flexibility in the future. While at it, do note
that the RFC and draft implementations are followed. In particular, in
XChaCha20, hardcode the high word of the counter to 0.
This commit breaks ChaCha20-Poly1305. It'll be fixed in a subsequent
commit.
stash
2024-06-07 18:52:46 +00:00
b26a9c7274
auth: replace init args with a implementation-specific params struct
...
This allows for more flexibility in the future.
This commit breaks ChaCha20-Poly1305. It'll be fixed in a subsequent
commit.
2024-06-07 18:40:14 +00:00
ccc2836fa8
Introduce params structs
...
This will allow for greater flexibility in the future and a big refactor
in ChaCha20-Poly1305.
2024-06-07 18:40:14 +00:00
23735c2902
cipher/chacha20: rename *_IVLEN to *_NONCELEN
2024-06-07 18:40:14 +00:00
67d4de1657
Move all inout parameters to the front of the arguments list
2024-06-07 17:47:42 +00:00
7b539ccdcd
cipher/chacha20: logical AND is &&
2024-06-07 17:34:03 +00:00
1a8f813442
hash: implement SHA-{224,256}
...
Add the HMAC and Wycheproof bits for HMAC while at it.
2024-06-07 03:14:21 +00:00
0605d10bb3
Implement XChaCha20 and XChaCha20-Poly1305
2024-06-07 02:18:50 +00:00
06f835e27c
cipher/chacha20: treat the counter as part of the nonce
2024-06-07 00:29:25 +00:00
b793cb5b69
cipher/chacha20: rename chacha20_x to chacha20_common
2024-06-07 00:29:25 +00:00