yggdrasil/ring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8,950 Commits 2 Branches 0 Tags
Commit Graph

8950 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Brian Smith
66a2711601 Use NonZeroU32 in pbkdf2. 2018-12-06 11:25:10 -10:00
Brian Smith
b60a0b5521 Remove extraneous "*/" in comments. 2018-12-06 10:50:33 -10:00
Brian Smith
2583283427 Use Block for internal representation of Tags. 2018-12-06 10:50:33 -10:00
Brian Smith
a370324846 Simplify poly1305::Context::finish(). 
I think it was originally written this way due to borrow-checker
limitations that no longer apply.
 2018-12-06 10:50:33 -10:00
Brian Smith
480f967fd6 Simplify internal Poly1305 API. 
Previously ring::aead::poly1305 exposed a generic IUF API. However,
that API is more general than what's actually needed by *ring*.
Reduce the API to what's needed, removing a bunch of ugly buffering
logic in the process.

Previously ring::aead::poly1305 included code that was useful only for
the IETF construction and also code that was useful only for the
OpenSSH construction. Now the construction-specific code is in the
module for the construction, leaving only the common code in the
poly1305 submodule.

Remove the tests that were testing the I-U-F behavior that's no longer
available.
 2018-12-06 10:50:33 -10:00
Brian Smith
3326b83efc Use Block as the representation of Poly1305 blocks. 
`Block` will later be used elsewhere.
 2018-12-06 10:50:33 -10:00
Brian Smith
b1df5fccef Simplify Poly1305 nonce handling. 2018-12-06 10:50:33 -10:00
Brian Smith
34e5a5b93a Remove chacha dependency from poly1305. 
The new chacha20_poly1305_openssh -> chacha20_poly1305 here is not
ideal either, but better than poly1305 -> chacha.
 2018-12-06 10:50:33 -10:00
Brian Smith
e363572b76 Remove redundant comments and alignment checks in Poly1305. 
We use this pattern very commonly now; we don't need to document any
caveats because there are none.

The use of `#[repr(align)]` makes the alignment checks redundant.
 2018-12-06 10:50:33 -10:00
Brian Smith
d5f205221e Return authentication tags by value in AEAD internals. 2018-12-06 10:50:33 -10:00
Brian Smith
eaaa2bf92c Rename poly1305::SigningContext to Context. 2018-12-06 10:50:33 -10:00
Brian Smith
3dedc86772 rustfmt +nightly fmt 2018-12-06 10:49:53 -10:00
Brian Smith
58a5b6f2c6 Clean up some more uses. 2018-12-06 10:49:50 -10:00
Brian Smith
e8dab905d2 Encapsulate AEAD algorithm-specific key representations. 
Replace the `ctx_buf` stuff in `ring::aead` with an enum to clarify the
code and to make it easier to extend.
 2018-12-05 11:07:38 -10:00
Brian Smith
6206823c7f Unify asm vs C fallback implementation selection. 
These functions are used mutually-exclusively and even compiled
mutually-exclusively.

This also removes a build warning on targets where aes.c is empty;
they were complaining that aes.o (rightly) doesn't define anything
for those targets.

This makes the code more like BoringSSL's; they had made a similar
change before.
 2018-12-04 18:24:13 -10:00
Brian Smith
d6b194c72c Remove unused declaration of BIGNUM. 2018-12-04 12:38:36 -10:00
Brian Smith
59fbc58453 Make use of use in ECC code more consistent. 2018-12-03 09:18:55 -10:00
Brian Smith
a51cd824f6 Call cpu::cache_detected_features() in verify_rsa(). 
`verify_rsa()` skips over the call done in `ring::signature::verify()`.
 2018-12-01 08:56:05 -10:00
Brian Smith
e2ba6cb73b Rename ring::init::init_once() to ring::cpu::cache_detected_features(). 
This is an internal API so this doesn't affect users.
 2018-12-01 08:50:39 -10:00
Brian Smith
b673c6482c Remove ring::polyfill::ref_from_mut_ref. 2018-12-01 05:05:23 -10:00
Brian Smith
bc770048bf Simplify ring::bigint::elem_verify_equal_consttime. 2018-12-01 05:05:23 -10:00
Brian Smith
8da675772b Compute the bit length of each modulus once. 2018-11-29 16:01:00 -10:00
Brian Smith
953be035ff Replace GFp_bn_mul_mont_check_num_limbs with Rust. 2018-11-29 16:01:00 -10:00
Brian Smith
cda9d33d31 Use Rust for RSA exponentiation. 2018-11-29 16:01:00 -10:00
Brian Smith
a5e5df273c Add more RSA key length tests. 2018-11-28 12:34:39 -10:00
Brian Smith
97d5877fbf Report unsupported RSA private key length at during key construction. 
Previously, one could construct an RSA key pair "successfully" even if
the bit length of the private moduli was not evenly divisible by 512.
However, using such a key to sign something would (usually) fail on
x86-64 because the x86-64 signing code requires the modulus to be an
even multiple of 8 limbs.

Now, all keys that have private primes with lengths that aren't
multiples of 512 bits will be rejected at key construction time with
error "PrivateModulusLenNotMultipleOf512Bits".
 2018-11-28 11:52:18 -10:00
Brian Smith
9968baa55d Report some details of why asymmetric keys were rejected. 2018-11-28 11:52:18 -10:00
Brian Smith
ddc36a9ca3 Bump major number in Cargo.toml for upcoming API change. 2018-11-28 11:23:00 -10:00
Brian Smith
d42f9d5e21 Fix test cases in PKCS#8. 
The test case was accidentally a duplicate of the one that follows it.
Fix it so that it is badly encoded in the way described in the comment.
 2018-11-28 11:22:37 -10:00
Brian Smith
569d45b8a5 rustfmt the new ECDSA verification test. 2018-11-28 09:33:07 -10:00
Brian Smith
d1d41719ad Remove unused GFp_has_aes_hardware. 
In BoringSSL-based applications like Chromium, this is used to decide whether
to prefer ChaCha20-Poly1305 over AES-GCM. We'll eventually provide a similar
API that works differently.
 2018-11-28 09:06:20 -10:00
Brian Smith
85d0b97a36 Clarify HWAES conditional compilation logic. 2018-11-28 08:39:28 -10:00
Brian Smith
30468ee8f4 Clean up prototypes of HWAES functions. 
Replace the unprefixed prototypes with prefixed ones, remove redundant
prototypes, and remove prototypes for functions that were removed.
 2018-11-27 23:51:10 -10:00
Brian Smith
f0d2944f4f Cherry-pick BoringSSL 0f5ecd3: Re-enable AES-NI on 32-bit x86 too. 2018-11-27 23:48:22 -10:00
Brian Smith
1994e88d69 Ignore BoringSSL 4508745..9a547e1. 2018-11-27 23:17:35 -10:00
Brian Smith
d05bdd5856 Merge BoringSSL 2745ef9: Also accept __ARM_NEON 2018-11-27 23:10:52 -10:00
Brian Smith
101e5c5ff5 Ignore BoringSSL fa3aadc..76e441b. 2018-11-27 23:02:37 -10:00
Brian Smith
28210dd67a Merge BoringSSL adeb72b: Fix r = p-n+epsilon ECDSA tests. 2018-11-27 23:00:50 -10:00
Brian Smith
8c063834a4 Ignore BoringSSL 4706ea7..f09df69. 2018-11-27 22:57:47 -10:00
Brian Smith
2fdd7d3fd6 Merge BoringSSL fbec517: Better test boundary cases of ec_cmp_x_coordinate. 
Take the tests for digests that need to be reduced while we're at it.
 2018-11-27 22:55:51 -10:00
Brian Smith
3f28801e0b Ignore BoringSSL 26b3fb0. 2018-11-27 22:13:40 -10:00
Brian Smith
9c0681c832 Merge BoringSSL 9edbc7f. 
The code isn't hooked up yet. Since the fix for the initial problem
with this code was in C code that isn't being used in *ring*, add a
note about the additional prerequisite.
 2018-11-27 22:12:54 -10:00
Brian Smith
dc00eb3d71 Ignore BoringSSL c65eb2c..384d0ea. 2018-11-27 22:05:59 -10:00
Brian Smith
77a188c029 Skip BoringSSL e907ed4: Revert "Speed up ECDSA verify on x86-64." 
Don't bother un-merging p256_beeu-x86_64-asm.pl. The next merged commit
will merge in the fix.
 2018-11-27 22:04:16 -10:00
Brian Smith
33e4997ca9 Ignore BoringSSL cfd50c6. 2018-11-27 22:01:00 -10:00
Brian Smith
8d42286d98 Merge BoringSSL 3d450d2: Speed up ECDSA verify on x86-64. 
The new modular inversion code isn't hooked up yet. The other stuff was
already being done by *ring*.
 2018-11-27 16:53:50 -10:00
Brian Smith
0a1c7148eb Ignore BoringSSL 53d9fdd..7f7e5e2. 2018-11-27 16:08:08 -10:00
Brian Smith
c6dccc7d00 Merge BoringSSL 749d187: Modernize OPENSSL_COMPILE_ASSERT. 2018-11-27 16:06:34 -10:00
Brian Smith
47905e82ed Ignore BoringSSL e1ee0f5..127a1ec. 2018-11-27 16:04:27 -10:00
Brian Smith
6f4cef20c0 Merge BoringSSL c1eef7f: [perlasm] Hide OPENSSL_armcap_P in assembly. 2018-11-27 16:00:09 -10:00