To prevent replay attacks, HOTP uses a counter, while TOTP keeps track of the time the key was last used. Since these values have the same type and are never used at the same time, merge them into an anonymous union.
The caveat is needed because if you include one of these headers on a system that defines rsize_t without having the correct incantations in your configure.ac, you are going to have a bad time. But there is no good general solution to the problem.
- The API has changed so that the function now writes its output into a caller-provided buffer, in a style similar to libcryb-enc.
- All parameter values are now correctly percent-encoded.
- The issuer parameter is now supported.
- The API has been redesigned so the caller is now responsible for allocating storage.
- A few more macros and typedefs have been added to clean up the namespace.
- Key parameter validation has been strengthened.
We can read the issuer from a URI (as a separate parameter, not as a prefix to the label) and store it, but not yet output it. That will be implemented in a future rewrite of oath_key_to_uri().
This adds a `CRYB_UNREACHABLE` macro which will cause a segfault if reached, and modifies `CRYB_NO_DEFAULT_CASE` to have essentially the same semantics. It also removes the conditionals since the coverage macros are always defined.
When cryb-test is used as a framework for another project, the compile-time test is useless since cryb-test itself will have been built with coverage disabled. Besides, it is not a reliable indicator of whether leak detection will work. Instead, check if the heap is already dirty when we first gain control.
The current version invokes undefined behavior when the count is negative, zero, or equal to or greater than the width of the operand. The new version masks the count to avoid these situations. Although branchless, it is relatively inefficient if the compiler does not recognize it and translate it to a rol or ror instruction. Empirical tests show that both clang and gcc get it right for constant counts, and recent versions of clang (but not gcc) get it right for variable counts as well. Note that our current code base has no instances of rolN / rorN with a variable count.
- Use the new vector byte-order conversion functions where appropriate.
- Use memset_s() instead of memset() where appropriate.
- Use consistent names and types for function arguments.
- Reindent, rename and reorganize to conform to Cryb style and idiom.
SHA224 and SHA256 were left mostly unchanged. MD2 and MD4 were completely rewritten as the previous versions (taken from XySSL) seem to have been copied from RSAREF.
This breaks the ABI as some context structures have grown or shrunk and some function arguments have been changed from int to size_t.
Single-DES is now a special case of triple-DES with all three keys being the same. This is significantly slower than a pure single-DES implementation, but that's fine since nobody should be using it anyway.
We now have separate encryption and decryption methods, and can process an arbitrary amount of plaintext or ciphertext per call, rounded down to the block size (if applicable). For stream ciphers, we also have a keystream method which fills the provided buffer with an arbitrary amount of keystream (once again, rounded down if applicable).
Not only is this a slightly more logical name, but it allows us to expose the verbose flag, previously private to cryb_t_main.c, as the equally logically named t_verbose.
The rk pointer in struct aes_ctx always pointed to the context's buffer and served no purpose whatsoever, but the compiler had no way of knowing that and could therefore not optimize away assignments to and from it.
Note that the removal of rk breaks the ABI, since it changes the size of struct aes_ctx, but we allow ourselves that because neither the API nor the ABI have been fixed yet.