Commit graph

142 commits

Author SHA1 Message Date
Dag-Erling Smørgrav
d014682206 Add t_is_zero predicates. 2022-09-16 11:09:55 +02:00
Dag-Erling Smørgrav
8ab9839cc2 Implement Fowler-No-Voll. 2022-05-15 18:27:01 +02:00
Dag-Erling Smørgrav
66eb8315d0 Bump version. 2019-03-26 12:03:08 +01:00
Dag-Erling Smørgrav
d87c1864bc Bump a few copyright dates. 2018-11-17 17:17:07 +01:00
Dag-Erling Smørgrav
b32175d625 Fix our ffs() / fls() and add unit tests. 2018-11-17 16:37:22 +01:00
Dag-Erling Smørgrav
0ce844d8a5 Bump version. 2018-11-15 18:35:51 +01:00
Dag-Erling Smørgrav
11a5c9c587 Belatedly bump copyright dates. 2018-11-15 18:35:01 +01:00
Dag-Erling Smørgrav
4d76b664d2 Merge counter and lastused.
To prevent replay attacks, HOTP uses a counter, while TOTP keeps track of the time the key was last used.  Since these values have the same type and are never used at the same time, merge them into an anonymous union.
2018-11-15 18:35:01 +01:00
Dag-Erling Smørgrav
20b8f7528b Bump version. 2018-05-13 16:37:46 +02:00
Dag-Erling Smørgrav
bfbd8da63a Bump version. 2018-05-06 20:55:20 +02:00
Dag-Erling Smørgrav
354759a9f2 Further improvements to memcpy_s(), memset_s(), and their man pages. 2018-05-06 19:12:51 +02:00
Dag-Erling Smørgrav
a1bf5e87f0 Implement rsize_t / RSIZE_MAX (almost) correctly.
The caveat is needed because if you include one of these headers on a system that defines rsize_t without having the correct incantations in your configure.ac, you are going to have a bad time.  But there is no good general solution to the problem.
2018-05-06 19:12:51 +02:00
Dag-Erling Smørgrav
56bd595396 Modernize. 2018-05-06 19:12:51 +02:00
Dag-Erling Smørgrav
c73fd34d97 Implement a memcpy_s() equivalent. 2018-05-06 19:12:51 +02:00
Dag-Erling Smørgrav
6e70e11df9 Bump version and copyright years. 2018-04-26 22:00:21 +02:00
Dag-Erling Smørgrav
bd4b5c246e Complete rewrite of oath_key_to_uri().
- The API has changed so that the function now writes its output into a caller-provided buffer, in a style similar to libcryb-enc.

- All parameter values are now correctly percent-encoded.

- The issuer parameter is now supported.
2018-04-26 02:41:47 +02:00
Dag-Erling Smørgrav
48fc358df7 Major cleanup and API overhaul.
- The API has been redesigned so the caller is now responsible for allocating storage.
- A few more macros and typedefs have been added to clean up the namespace.
- Key parameter validation has been strengthened.
2018-04-26 01:31:35 +02:00
Dag-Erling Smørgrav
54c67f337a Add partial support for issuer parameter.
We can read the issuer from a URI (as a separate parameter, not as a prefix to the label) and store it, but not yet output it.  That will be implemented in a future rewrite of oath_key_to_uri().
2018-04-26 00:06:48 +02:00
Dag-Erling Smørgrav
4576565fd1 Make rand_bytes() work more like read(2). 2018-04-25 23:11:47 +02:00
Dag-Erling Smørgrav
636bd7a259 Better macros for unreachable code.
This adds a `CRYB_UNREACHABLE` macro which will cause a segfault if reached, and modifies `CRYB_NO_DEFAULT_CASE` to have essentially the same semantics.  It also removes the conditionals since the coverage macros are always defined.
2017-09-04 21:01:39 +02:00
Dag-Erling Smørgrav
2e5134e217 Bump version. 2017-09-04 16:33:37 +02:00
Dag-Erling Smørgrav
5c8745138e Add strchrnul(), wcschrnul(), and tests for the former. 2017-08-23 13:41:40 +02:00
Dag-Erling Smørgrav
85f4aa359a Add CRYB_DEQUAL() to strip qualifiers from pointers. 2017-08-23 13:41:40 +02:00
Dag-Erling Smørgrav
562ffa391e Slight cleanup. 2017-05-11 00:08:45 +02:00
Dag-Erling Smørgrav
8e0f4a293e Determine the default for CRYB_LEAKTEST at run-time.
When cryb-test is used as a framework for another project, the compile-time test is useless since cryb-test itself will have been built with coverage disabled.  Besides, it is not a reliable indicator of whether leak detection will work.  Instead, check if the heap is already dirty when we first gain control.
2017-05-11 00:08:45 +02:00
Dag-Erling Smørgrav
8402429448 Bump version. 2017-05-02 13:15:10 +02:00
Dag-Erling Smørgrav
24df7d433f Bump version. 2017-04-06 21:19:23 +02:00
Dag-Erling Smørgrav
d2d16d26da Make rolN / rorN safe for all counts.
The current version invokes undefined behavior when the count is negative, zero, or equal to or greater than the width of the operand.  The new version masks the count to avoid these situations.  Although branchless, it is relatively inefficient if the compiler does not recognize it and translate it to a rol or ror instruction.  Empirical tests show that both clang and gcc get it right for constant counts, and recent versions of clang (but not gcc) get it right for variable counts as well.  Note that our current code base has no instances of rolN / rorN with a variable count.
2017-04-06 19:55:27 +02:00
Dag-Erling Smørgrav
c556bc0aa8 Implement MPI division. 2017-04-06 19:52:23 +02:00
Dag-Erling Smørgrav
3c2b134fe4 Implement fast increment / decrement functions. 2017-04-06 19:52:23 +02:00
Dag-Erling Smørgrav
2a66f62078 Implement MPI multiplication. 2017-04-06 19:52:23 +02:00
Dag-Erling Smørgrav
206c6ffc85 Implement ffs() / fls() and use the latter to compute the MSB. 2017-04-06 19:52:23 +02:00
Dag-Erling Smørgrav
115ea66061 Sort prototypes. 2017-04-06 19:51:47 +02:00
Dag-Erling Smørgrav
b4eb918dad Implement GCD using Stein's binary algorithm. 2017-04-06 19:51:47 +02:00
Dag-Erling Smørgrav
47a0bf838f Add functions for comparing an MPI to an integer. 2017-04-06 19:51:47 +02:00
Dag-Erling Smørgrav
26e434d64b Add functions that return the LSB and MSB of an MPI. 2017-04-06 19:51:47 +02:00
Dag-Erling Smørgrav
895d1eb539 Constify where possible. 2017-04-06 19:51:47 +02:00
Dag-Erling Smørgrav
95ba4d39da Bump version. 2017-04-06 19:51:46 +02:00
Dag-Erling Smørgrav
3a6ba51b86 Adjust UiO copyright. 2017-04-06 19:51:46 +02:00
Dag-Erling Smørgrav
c6536641c5 Major cleanup of the MD and SHA digests.
- Use the new vector byte-order conversion functions where appropriate.
- Use memset_s() instead of memset() where appropriate.
- Use consistent names and types for function arguments.
- Reindent, rename and reorganize to conform to Cryb style and idiom.

SHA224 and SHA256 were left mostly unchanged.  MD2 and MD4 were completely rewritten as the previous versions (taken from XySSL) seem to have been copied from RSAREF.

This breaks the ABI as some context structures have grown or shrunk and some function arguments have been changed from int to size_t.
2017-04-06 19:51:46 +02:00
Dag-Erling Smørgrav
d96415b2c3 Define vector versions of the endianness conversion functions. 2017-04-06 19:51:46 +02:00
Dag-Erling Smørgrav
ce5562d568 Remove unused struct member. 2017-04-06 19:51:46 +02:00
Dag-Erling Smørgrav
6f794d4739 Fix typo, add missing declarations. 2017-04-06 19:51:46 +02:00
Dag-Erling Smørgrav
a8f0cc2e69 Neither AES nor DES have keystream functions. 2017-04-06 19:51:46 +02:00
Dag-Erling Smørgrav
239ab3a471 Implement double- and triple-DES.
Single-DES is now a special case of triple-DES with all three keys being the same.  This is significantly slower than a pure single-DES implementation, but that's fine since nobody should be using it anyway.
2017-04-06 19:51:45 +02:00
Dag-Erling Smørgrav
700fa0718b Implement DES (single-key ECB only for now). 2017-04-06 19:51:45 +02:00
Dag-Erling Smørgrav
c671da9b1c Implement the Salsa family of stream ciphers.
Note that we only have unit tests for Salsa20.
2017-04-06 19:51:45 +02:00
Dag-Erling Smørgrav
43dbe1350a Forgot to add chacha.h to the build. 2017-04-06 19:51:45 +02:00
Dag-Erling Smørgrav
cfd3951ee1 Implement the ChaCha family of stream ciphers. 2017-04-06 19:51:45 +02:00
Dag-Erling Smørgrav
c2f4fa524f Second iteration of the cryb-cipher API.
We now have separate encryption and decryption methods, and can process an arbitrary amount of plaintext or ciphertext per call, rounded down to the block size (if applicable).  For stream ciphers, we also have a keystream method which fills the provided buffer with an arbitrary amount of keystream (once again, rounded down if applicable).
2017-04-06 19:51:45 +02:00