Commit Graph

10 Commits

Author SHA1 Message Date
Jeffrey Walton
ca302c952e
Fix Solaris 11/Sparc crash in SHA-384 (GH #689, GH #403)
I believe Andrew Marlow first reported it. At the time we could not get our hands on hardware to fully test things. Instead we were using -xmemalign=4i option as a band-aide to avoid running afoul of the Sparc instruction that moves 64-bits of data in one shot.
2018-07-20 13:24:04 -04:00
Jeffrey Walton
d8946df8eb
Add crypto_sign_sk2pk (PR #668)
This should allow users to convert a ed25519 seret key to a public key without rolling their own code
2018-07-17 08:28:33 -04:00
Jeffrey Walton
3958fad099
Add sbyte, sword16, sword32 and sword64 (GH #608, GH #609)
Visual Studio 2008 kind of forced out hand with this. VS2008 lacks <stdint.h> and <cstdint> and it caused compile problems in NaCl gear. We were being a tad bit lazy by relying on int8_t, int32_t and int64_t, but the compiler errors made us act
2018-03-27 20:47:20 -04:00
Jeffrey Walton
8ffd165c7a
Rename nacl.h to naclite.h
This should avoid confusion with header files from the reference implementation and libsodium
2018-01-21 17:04:15 -05:00
Jeffrey Walton
2d011dff34
Cleared GCC warning with -Wall 2018-01-20 17:09:23 -05:00
Jeffrey Walton
600fa4d107
Clear unary minus on unsigned warning under MSVC 2018-01-19 20:09:02 -05:00
Jeffrey Walton
347c0e56c6
Clear Coverity finding CID 186949
The finding is "Overflowed return value", and it is rooted in the constant time code bit manipulations
2018-01-19 18:28:56 -05:00
Jeffrey Walton
58b6999274
Convert Kalyna from variable block size (GH #535) 2018-01-18 20:26:10 -05:00
Jeffrey Walton
0bb73e7035
Add _unchecked versions of crypto_box, crypto_box_open and crypto_box_beforenm
This check-in adds three additional functions for backwards compatibility: crypto_box_unchecked, crypto_box_open_unchecked and crypto_box_beforenm_unchecked. The functions can be used for interoperability with downlevel clients, like old versions of NaCl and libsodium. It should also help some cryptocurrencies, like Bitcoin, Ethereum, Monero and Zcash.

Also see https://eprint.iacr.org/2017/806.pdf (low order element attack) and https://github.com/jedisct1/libsodium/issues/662 (Zcash break).
2018-01-18 12:43:57 -05:00
Jeffrey Walton
13ea8f374f
Add interface to TweetNaCl library (#566)
TweetNaCl is a compact reimplementation of the NaCl library by Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange, Peter Schwabe and Sjaak Smetsers. The library is less than 20 KB in size and provides 25 of the NaCl library functions.

The compact library uses curve25519, XSalsa20, Poly1305 and SHA-512 as default primitives, and includes both x25519 key exchange and ed25519 signatures. The complete list of functions can be found in TweetNaCl: A crypto library in 100 tweets (20140917), Table 1, page 5.

Crypto++ retained the function names and signatures but switched to data types provided by <stdint.h> to promote interoperability with Crypto++ and avoid size problems on platforms like Cygwin. For example, NaCl typdef'd u64 as an unsigned long long, but Cygwin, MinGW and MSYS are LP64 systems (not LLP64 systems). In addition, Crypto++ was missing NaCl's signed 64-bit integer i64.

Crypto++ enforces the 0-key restriction due to small points. The TweetNaCl library allowed the 0-keys to small points. Also see RFC 7748, Elliptic Curves for Security, Section 6.

TweetNaCl is well written but not well optimized. It runs 2x to 3x slower than optimized routines from libsodium. However, the library is still 2x to 4x faster than the algorithms NaCl was designed to replace.

The Crypto++ wrapper for TweetNaCl requires OS features. That is, NO_OS_DEPENDENCE cannot be defined. It is due to TweetNaCl's internal function randombytes. Crypto++ used DefaultAutoSeededRNG within randombytes, so OS integration must be enabled. You can use another generator like RDRAND to avoid the restriction.
2018-01-17 22:02:09 -05:00