9422 Commits

Author SHA1 Message Date
Brian Smith
64d3695fc4 TODO: tests: Add hkdf::Salt::derive. 2019-04-04 15:54:05 -10:00
Brian Smith
452d2b4ec0 Simplify HMAC key generation & use more widely-used lengths.
For HMAC-SHA-384 we previously generated keys larger than the tag
length because that's arguably more secure. However, the most commonly
used recommendation is to make the key length equal to the output
length, so do that instead. Some standards require it.
2019-04-04 14:42:51 -10:00
Brian Smith
287e541812 Move AsRef implementation for hmac::Tag. 2019-04-04 14:40:33 -10:00
Brian Smith
9f80946c13 Merge hmac::{SigningKey, VerificationKey} as hmac::Key. 2019-04-04 14:40:33 -10:00
Brian Smith
c125b2b4b1 Stop renaming symbols when publicly exporting them.
Rust tooling (rustdoc, and rustc error reporting) doesn't handle very well
the renaming of a symbol when exporting it.
2019-04-04 13:20:48 -10:00
Brian Smith
2b25137443 Expose RsaPublicKey in documentation. 2019-04-04 13:20:48 -10:00
Brian Smith
7e215bec83 Remove some suboptimal uses of as for conversions. 2019-04-04 13:20:48 -10:00
Brian Smith
2a3d7417ac Update HKDF documentation for refactoring. 2019-04-04 13:20:47 -10:00
Brian Smith
5baeb39aba HKDF: Make API safer.
Reduce the likelihood that `info` and `out` parameters would get confused.
Eliminate potential to panic in the new API.
2019-03-29 14:57:48 -10:00
Brian Smith
ef63a49f96 HKDF: Make maximum output length check safer and lazier. 2019-03-29 14:31:57 -10:00
Brian Smith
f1d85e614b HKDF: Avoid an unnecessary loop iteration.
When `out` is the same length as the digest output an extra iteration
of HMAC was executed and then thrown away. Avoid that extra iteration.

Note that an extra iteration is still done in the degenerate case where
`out` is empty, because it's better to optimize for the case where `out`
isn't empty.

The output is exactly the same as before.
2019-03-29 14:31:32 -10:00
Brian Smith
6ec8f34c57 HKDF: Make extract and expand methods. 2019-03-29 14:31:11 -10:00
Brian Smith
953758bf75 cargo +nightly fmt. 2019-03-29 09:40:17 -10:00
Brian Smith
54c931359c Rename hmac::Signature to hmac::Tag. 2019-03-29 09:21:54 -10:00
Brian Smith
9addfcebdf Use distinct types for HKDF Salt and Prk. 2019-03-28 18:01:19 -10:00
Brian Smith
717d0c2797 Update non-x86_64 GFp_nistz256_select_w7 for cast removal.
commit 17d12ef370021f4d02288d918dd3fd0497393f7a did not include the
changes needed for non-x86_64 builds.
2019-03-25 12:55:04 -10:00
Brian Smith
8d491043fe Remove use of unions in nistz256. 2019-03-25 11:59:59 -10:00
Brian Smith
17d12ef370 Stop doing pointer casting for PRECOMP256_ROWs. 2019-03-25 11:59:59 -10:00
Brian Smith
615a8f97e3 Allow Aad to own its contents.
This reverts commit 38a2237a74edf710c4de5f28004ce7e89ba9f10b,
which reverted the previous attempt to do this.
2019-03-19 17:04:38 -10:00
Brian Smith
21c55df765 Fix debug builds by reverting a367d92. 2019-03-16 20:18:51 -10:00
Brian Smith
d3a96a3998 Ignore BoringSSL a57435e..1fa5abc. 2019-03-16 14:30:39 -10:00
Brian Smith
6224316e50 Ignore BoringSSL a57435e: Remove __ARM_ARCH__ guard on gcm_*_v8. 2019-03-16 14:29:52 -10:00
Brian Smith
ff5787871a No-op merge BoringSSL f1f73f8: Fix bsaes-armv7.pl getting disabled by accident. 2019-03-16 14:29:18 -10:00
Brian Smith
1a09cf06a3 Ignore BoringSSL 98ad4d7..6443173. 2019-03-16 14:28:28 -10:00
Brian Smith
f2297542b3 Take BoringSSL a367d92: Set VPAES flags in x86-64 code. 2019-03-16 14:27:11 -10:00
Brian Smith
f2497bfa11 Ignore BoringSSL 65dc321: Enable vpaes for AES_* functions.
It seems like BoringSSL changed to be more like *ring* here.
2019-03-16 14:26:34 -10:00
Brian Smith
ec6b710f8d No-op merge BoringSSL 3c19830: Avoid double-dispatch with AES_* vs aes_nohw_*.
It seems like BoringSSL is doing more-or-less what *ring* does already.
2019-03-16 14:24:17 -10:00
Brian Smith
8ae0f3d805 Ignore BoringSSL f109f20..c18353d. 2019-03-16 14:22:50 -10:00
Brian Smith
7d91247a7f Merge BoringSSL 0326105: Add compiled python files to .gitignore.
Also merge in some other differences from BoringSSL.
2019-03-16 14:18:15 -10:00
Brian Smith
93fc3d0158 Merge BoringSSL 24a18b8: Fix x86_64-xlate.pl comment regex. 2019-03-16 14:17:00 -10:00
Brian Smith
1e1b1a8578 Skip BoringSSL 1908667: Add go 1.11 to go.mod. 2019-03-16 14:14:54 -10:00
Brian Smith
7d66d338ff Ignore BoringSSL cc2b8e2..104306f. 2019-03-16 14:13:43 -10:00
Brian Smith
0b97dd25b6 Partially merge BoringSSL 7a3b94c: Add ABI tests for x86_64-mont5.pl. 2019-03-16 14:06:04 -10:00
Brian Smith
3bbd58624a Ignore BoringSSL 70fe610..7ef4223. 2019-03-16 14:01:30 -10:00
Brian Smith
b926ef50ff Merge BoringSSL 55b9acd: Fix ABI error in bn_mul_mont on aarch64. 2019-03-16 13:58:49 -10:00
Brian Smith
330f714c56 Ignore BoringSSL 28f035f..0a87c49. 2019-03-16 13:57:08 -10:00
Brian Smith
6d407856ea Take BoringSSL fc31677: Tolerate spaces when parsing .type directives. 2019-03-16 13:55:57 -10:00
Brian Smith
8884c3af81 Ignore BoringSSL 33f456b..20a9b40. 2019-03-16 13:55:38 -10:00
Brian Smith
9895a84928 Take BoringSSL 470bd56: perlasm/x86_64-xlate.pl: refine symbol recognition in .xdata. 2019-03-16 13:55:08 -10:00
Brian Smith
ccdf7bf2ba Ignore BoringSSL 73308b6..9978f0a. 2019-03-16 13:54:49 -10:00
Brian Smith
32cbe90b5c Partially merge BoringSSL 23e1a1f: Test and fix an ABI issue with small parameters.
*ring* was already doing the right thing. Just change the documented parameter
type to match BoringSSL and the rest of the code.
2019-03-16 13:49:45 -10:00
Brian Smith
f946f533a4 Ignore BoringSSL 6c1b376..ab578ad. 2019-03-16 13:46:07 -10:00
Brian Smith
1b42931f66 Skip BoringSSL 4545503: Add a constant-time pshufb-based GHASH implementation. 2019-03-16 13:40:42 -10:00
Brian Smith
6ee1279ec0 Ignore BoringSSL 14c611c..9801a07. 2019-03-16 13:35:29 -10:00
Brian Smith
d9633e27f4 Update to the latest (unreleased) untrusted. 2019-03-14 19:39:56 -10:00
Brian Smith
8fa0cf5b01 Remove unneeded include of <inttypes.h>. 2019-03-14 11:31:07 -10:00
Brian Smith
3618e8c3eb Remove dead CPU detection logic. 2019-03-14 11:16:26 -10:00
Brian Smith
fec2e94964 Remove unused #defines. 2019-03-14 11:15:30 -10:00
Brian Smith
5486a84315 Remove redundant #include <GFp/base.h>. 2019-03-14 10:57:10 -10:00
Brian Smith
d91beda841 Remove unused include of sys/types.h. 2019-03-14 10:55:07 -10:00