ChrisChrome/ccryptolib
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
54 commits 2 branches 7 tags 1.4 MiB
Commit graph

54 commits

This branch
This branch
All branches
Author SHA1 Message Date
Miguel Oliveira d4c173c713 Remove dependency on string.pack 2022-10-16 19:28:56 -03:00
Miguel Oliveira 0cd726952a
Fix BLAKE3 output expansion 2022-04-10 17:42:39 -03:00
Miguel Oliveira c9829f9759
Move BLAKE3 expand function 2022-04-10 17:39:30 -03:00
Miguel Oliveira b9457e9dd5
Make BLAKE3 stateful 2022-04-10 17:38:16 -03:00
Miguel Oliveira db4c272aea
Add PRAC-based twofold multiplication 2022-04-08 11:56:03 -03:00
Miguel Oliveira a57c5e1ded
Unroll mp.lua operations and add others for PRAC 2022-04-06 13:59:55 -03:00
Miguel Oliveira 5290be7c75
Put Fq arithmetic internals in a separate module 2022-04-05 17:28:50 -03:00
Miguel Oliveira f53bb2ec6a
Bring back Fp negation 2022-04-05 16:32:09 -03:00
Miguel Oliveira 0a6c3021d0
Fix Poly1305 canonicalization 2022-04-04 23:36:25 -03:00
Miguel Oliveira 4cf7c2e989
Replace ✕ with × 2022-04-04 23:33:54 -03:00
Miguel Oliveira 2fe2a37ca3
Pack Curve25519 points into tables 2022-03-31 00:54:44 -03:00
Miguel Oliveira bd832f1a23
Document Curve25519 2022-03-30 21:52:52 -03:00
Miguel Oliveira d983042092
Document Edwards25519 2022-03-30 21:40:40 -03:00
Miguel Oliveira 9a5f8b37ea
Move curve point arithmetic into their own modules 2022-03-30 21:17:33 -03:00
Miguel Oliveira 4491ac4029
Save a multiplication on X25519 ladder step over G 2022-03-24 18:17:07 -03:00
Miguel Oliveira c180d31001
Switch Fp to rounding-based carrying 
This improves performance while also simplifying analysis. Ed25519
doubling needs more carrying, but the speedup is worth it.

The simpler Fp model is easier to reason about, but it introduces an
unsound bit that needs to be handwaved away with a comment. Range
checking has not yet been performed.
 2022-03-24 16:36:10 -03:00
Miguel Oliveira 85fb035641
Update Poly1305 
Update Poly1305 to match the DJB approach for Fp arithmetic. This
improves performance and correctness. Also fix wrong output when passing
an empty string.
 2022-03-24 10:03:19 -03:00
Miguel Oliveira 2668139d96
Generate SHA256 constants instead of storing them 2022-03-10 16:51:16 -03:00
Miguel Oliveira ce3943e243
Add PBKDF2-HMAC-SHA256 2022-03-10 16:49:47 -03:00
Miguel Oliveira 9e32bf67f5
Add SHA256 2022-03-06 21:27:27 -03:00
Miguel Oliveira 671087dd0e
Move internal module notice into long description 2022-03-05 13:43:19 -03:00
Miguel Oliveira fc5a35c404
Tag internal modules as internal 2022-03-05 13:20:25 -03:00
Miguel Oliveira 264b111d82
Document BLAKE3, ChaCha20 and AEAD 2022-03-05 13:01:30 -03:00
Miguel Oliveira 238058e46f
Add Poly1305 tag verification 2022-03-05 12:24:33 -03:00
Miguel Oliveira 474d62d082
Update docs 2022-03-05 12:23:51 -03:00
Miguel Oliveira 54b821c091
Give up on masking for now 
X25519c can be attacked by replying several times with invalid data.
This is hard to defend against in the API level without denying service
and using some hard-to-understand semantics.

Masked primitives are gone for now, some countermeasures have been moved
into their respective "regular" impls. I don't think that it's worth it
to care that much about side channels in CC. I haven't seen or managed
to mount any practical attacks myself. The further move away from Cobalt
will probably make them even harder to mount.
 2022-03-05 12:03:08 -03:00
Miguel Oliveira ed8f66070f
Add masking docs 2022-03-04 13:30:46 -03:00
Miguel Oliveira 206f8474ff
Separate masked Fq multiply from unwrap 2022-03-04 13:19:51 -03:00
Miguel Oliveira 1019623aec
Fix wrong filename in random.lua 2022-03-04 12:47:35 -03:00
Miguel Oliveira 4c52aa8774
Improve Ed25519c masking 2022-03-04 12:31:51 -03:00
Miguel Oliveira 3c2a5ad4ee
Add masked Ed25519 2022-03-04 12:20:36 -03:00
Miguel Oliveira d3f04036c7
Split Fq masking internals 2022-03-04 12:20:10 -03:00
Miguel Oliveira 8335ddc81c
Split Ed25519 internals 2022-03-04 11:46:26 -03:00
Miguel Oliveira 8926bda1bb
Remove Fq inversion 2022-03-03 16:17:29 -03:00
Miguel Oliveira 292663b4a5
Update docs 2022-03-03 16:15:57 -03:00
Miguel Oliveira f6fd56cb9a
Remove unused imports 2022-03-03 15:26:19 -03:00
Miguel Oliveira c996452b07
Update docs 2022-03-02 19:46:20 -03:00
Miguel Oliveira 993ddb63a0
Update docs 2022-03-02 17:36:59 -03:00
Miguel Oliveira c246b53d7b
Implement Ed25519 exports 2022-03-02 17:29:50 -03:00
Miguel Oliveira e0fd019b97
Switch to older Fp code 2022-03-02 17:29:26 -03:00
Miguel Oliveira 59647d1a96
Move clamped Fq decoding into fq.lua 2022-03-02 15:18:28 -03:00
Miguel Oliveira d06c4309cf
Rename X25519c secret key arguments 2022-03-02 15:02:15 -03:00
Miguel Oliveira f605de3f0d
Rework ladders for X25519 and X25519c 2022-03-02 14:59:50 -03:00
Miguel Oliveira 501e81a36a
Add masked X25519 2022-03-02 13:51:51 -03:00
Miguel Oliveira eae7c91453
Reformat 
Fair enough.
 2022-03-01 20:51:18 -03:00
Miguel Oliveira dba5fcc1ab
Split X25519 internals 2022-03-01 20:46:44 -03:00
Miguel Oliveira ccb0d8cea6
Move internal modules into another directory 2022-03-01 20:43:53 -03:00
Miguel Oliveira 981cd0dec9
Stop bringing Fp functions into scope 
Performance overhead is probably negligible (except for minified size).
Might change this later.
 2022-03-01 20:36:55 -03:00
Miguel Oliveira 7fa854c06b
Remove Ed25519 exports for now 
Old exports used masking which isn't supported anymore.
 2022-03-01 20:34:04 -03:00
Miguel Oliveira 03f8835eb2
Clean up Fq exports 2022-03-01 20:32:24 -03:00