ChrisChrome/ccryptolib
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
78 commits 2 branches 7 tags 1.4 MiB
Commit graph

78 commits

This branch
This branch
All branches
Author SHA1 Message Date
Miguel Oliveira 66120fc624
Create README.md 2023-06-08 01:27:31 -03:00
Miguel Oliveira 71cb9b5a47
Create LICENSE 2023-06-08 01:26:25 -03:00
Miguel Oliveira 2402f55f58 Tag experimental function exports as experimental 2023-06-08 01:25:07 -03:00
Miguel Oliveira bfd15c242b Move away from illuaminate 2023-06-08 01:24:22 -03:00
Miguel Oliveira a42fe34ba1 Change module exports syntax 2023-06-08 01:19:44 -03:00
Miguel Oliveira cb620cfb0a Rework comments to new annotation style 2023-06-08 01:15:16 -03:00
Miguel Oliveira 6fbbab378a Simplify random initialization 
The entropy is now provided by the user. They are tasked with finding a
high-quality source of entropy to initialize the generator with.
 2023-04-11 16:46:13 -03:00
Miguel Oliveira 32ba9d8252 Add large test vectors 2023-04-11 14:38:19 -03:00
Miguel Oliveira c85969605e Remove BLAKE3 state 
I feel like a broken record already. This is simpler and can be changed
later.
 2023-04-11 14:28:39 -03:00
Miguel Oliveira 77dfbae843 Switch argument validation back to assertions 2023-01-02 20:56:35 -03:00
Miguel Oliveira cc71819572 Change masked exchange interface 2023-01-02 20:33:57 -03:00
Miguel Oliveira dcd7f93a3c Fix exchange validation 
Now that it accepts any (projective) base as input, we need to check the
projective equation, rather than the affine one, which assumes Z = 1.
 2023-01-02 16:36:53 -03:00
Miguel Oliveira 73e0df0b5e Add masked signing 2023-01-02 16:02:03 -03:00
Miguel Oliveira 77892f3a76 Add Ed25519 tests and secret key conversion 2023-01-02 04:45:53 -03:00
Miguel Oliveira 374ba5ee4a Add birational decoding of Edwards25519 points 
I really dislike this interface, I'll probably need to think of
something else.
 2023-01-02 02:51:19 -03:00
Miguel Oliveira a7d98da04c Add tests and check the twist on x25519c.lua 2023-01-02 01:50:01 -03:00
Miguel Oliveira 88a584b393 Split AEAD key derivation and decryption 
This makes decryption failures happen earlier, at the cost of leaking
more information through timing.
 2022-12-31 18:00:08 -03:00
Miguel Oliveira 8a28d6f7ea Add ecc unit tests and fix Ed25519 2022-12-14 20:27:47 -03:00
Miguel Oliveira 9d060fa581 Move directory and add unit tests 2022-12-14 00:00:27 -03:00
Miguel Oliveira 5438c20bc9 Change documentation styles 2022-12-13 18:53:53 -03:00
Miguel Oliveira c2991a6768 Remove Curve25519 fieldMul 2022-12-13 18:52:24 -03:00
Miguel Oliveira 0af58b5e2d Improve random byte generator 2022-12-13 18:51:38 -03:00
Miguel Oliveira 7d45646aa0 Fix typo 2022-12-13 18:42:31 -03:00
Miguel Oliveira 08016b8a61 Document PRAC rule conditions 2022-12-13 18:40:52 -03:00
Miguel Oliveira d4c173c713 Remove dependency on string.pack 2022-10-16 19:28:56 -03:00
Miguel Oliveira 0cd726952a
Fix BLAKE3 output expansion 2022-04-10 17:42:39 -03:00
Miguel Oliveira c9829f9759
Move BLAKE3 expand function 2022-04-10 17:39:30 -03:00
Miguel Oliveira b9457e9dd5
Make BLAKE3 stateful 2022-04-10 17:38:16 -03:00
Miguel Oliveira db4c272aea
Add PRAC-based twofold multiplication 2022-04-08 11:56:03 -03:00
Miguel Oliveira a57c5e1ded
Unroll mp.lua operations and add others for PRAC 2022-04-06 13:59:55 -03:00
Miguel Oliveira 5290be7c75
Put Fq arithmetic internals in a separate module 2022-04-05 17:28:50 -03:00
Miguel Oliveira f53bb2ec6a
Bring back Fp negation 2022-04-05 16:32:09 -03:00
Miguel Oliveira 0a6c3021d0
Fix Poly1305 canonicalization 2022-04-04 23:36:25 -03:00
Miguel Oliveira 4cf7c2e989
Replace ✕ with × 2022-04-04 23:33:54 -03:00
Miguel Oliveira 2fe2a37ca3
Pack Curve25519 points into tables 2022-03-31 00:54:44 -03:00
Miguel Oliveira bd832f1a23
Document Curve25519 2022-03-30 21:52:52 -03:00
Miguel Oliveira d983042092
Document Edwards25519 2022-03-30 21:40:40 -03:00
Miguel Oliveira 9a5f8b37ea
Move curve point arithmetic into their own modules 2022-03-30 21:17:33 -03:00
Miguel Oliveira 4491ac4029
Save a multiplication on X25519 ladder step over G 2022-03-24 18:17:07 -03:00
Miguel Oliveira c180d31001
Switch Fp to rounding-based carrying 
This improves performance while also simplifying analysis. Ed25519
doubling needs more carrying, but the speedup is worth it.

The simpler Fp model is easier to reason about, but it introduces an
unsound bit that needs to be handwaved away with a comment. Range
checking has not yet been performed.
 2022-03-24 16:36:10 -03:00
Miguel Oliveira 85fb035641
Update Poly1305 
Update Poly1305 to match the DJB approach for Fp arithmetic. This
improves performance and correctness. Also fix wrong output when passing
an empty string.
 2022-03-24 10:03:19 -03:00
Miguel Oliveira 2668139d96
Generate SHA256 constants instead of storing them 2022-03-10 16:51:16 -03:00
Miguel Oliveira ce3943e243
Add PBKDF2-HMAC-SHA256 2022-03-10 16:49:47 -03:00
Miguel Oliveira 9e32bf67f5
Add SHA256 2022-03-06 21:27:27 -03:00
Miguel Oliveira 671087dd0e
Move internal module notice into long description 2022-03-05 13:43:19 -03:00
Miguel Oliveira fc5a35c404
Tag internal modules as internal 2022-03-05 13:20:25 -03:00
Miguel Oliveira 264b111d82
Document BLAKE3, ChaCha20 and AEAD 2022-03-05 13:01:30 -03:00
Miguel Oliveira 238058e46f
Add Poly1305 tag verification 2022-03-05 12:24:33 -03:00
Miguel Oliveira 474d62d082
Update docs 2022-03-05 12:23:51 -03:00
Miguel Oliveira 54b821c091
Give up on masking for now 
X25519c can be attacked by replying several times with invalid data.
This is hard to defend against in the API level without denying service
and using some hard-to-understand semantics.

Masked primitives are gone for now, some countermeasures have been moved
into their respective "regular" impls. I don't think that it's worth it
to care that much about side channels in CC. I haven't seen or managed
to mount any practical attacks myself. The further move away from Cobalt
will probably make them even harder to mount.
 2022-03-05 12:03:08 -03:00