yggdrasil/ring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8,965 Commits 2 Branches 0 Tags
Commit Graph

8965 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Brian Smith
86f6e7722d Add basic tests for chacha20_poly1305_openssh. 2018-12-08 13:10:25 -10:00
Brian Smith
3367d33a4a ChaCha20-Poly1305: Share more code between sealing & opening. 2018-12-08 13:10:25 -10:00
Brian Smith
b7885ea12a Use Block for ChaCha20 keys. 2018-12-08 13:10:25 -10:00
Brian Smith
b2e3d4fd6c Make chacha20 test code paths more like real code paths. 
Also encapsulate `GFp_ChaCha20_ctr32` so it is only called by
`chacha20_xor_inner`.
 2018-12-08 13:10:25 -10:00
Brian Smith
d02327f7d5 Mark chacha20_xor_inner as unsafe. 
It deals with pointers and (indirectly) dereferences them.
 2018-12-08 13:10:25 -10:00
Brian Smith
c28be94ecb Move ring::chacha to ring::aead::chacha. 
This will make it easier to share code within `ring::aead`.
 2018-12-08 13:10:25 -10:00
Brian Smith
1bba0f060c Remove manual type punning from Block. 2018-12-08 10:09:05 -10:00
Brian Smith
6bc74d900e SHA1 internals: Simplify type punning. 2018-12-08 10:06:56 -10:00
Brian Smith
ea9e9f105f Digest internals: Replace manual type punning. 
Replace the manual type punning with the use of unions and explicit
endian types.
 2018-12-08 10:06:56 -10:00
Brian Smith
2fc9ade132 Digest internals: Move movable value. 2018-12-08 07:57:17 -10:00
Brian Smith
b2e52c8cc9 Fix --features=rsa_signing build. 2018-12-06 18:59:21 -10:00
Brian Smith
c795ac559f cargo +nightly fmt 2018-12-06 12:44:12 -10:00
Brian Smith
4d7068a42f Use const fn to make BitLength constructor private. 2018-12-06 12:38:17 -10:00
Brian Smith
0783e43fd3 Use const fn for u32x2 in ring::digest. 2018-12-06 12:33:31 -10:00
Brian Smith
11d12d037a Use const fn for aead::max_input_len. 2018-12-06 12:29:46 -10:00
Brian Smith
66a2711601 Use NonZeroU32 in pbkdf2. 2018-12-06 11:25:10 -10:00
Brian Smith
b60a0b5521 Remove extraneous "*/" in comments. 2018-12-06 10:50:33 -10:00
Brian Smith
2583283427 Use Block for internal representation of Tags. 2018-12-06 10:50:33 -10:00
Brian Smith
a370324846 Simplify poly1305::Context::finish(). 
I think it was originally written this way due to borrow-checker
limitations that no longer apply.
 2018-12-06 10:50:33 -10:00
Brian Smith
480f967fd6 Simplify internal Poly1305 API. 
Previously ring::aead::poly1305 exposed a generic IUF API. However,
that API is more general than what's actually needed by *ring*.
Reduce the API to what's needed, removing a bunch of ugly buffering
logic in the process.

Previously ring::aead::poly1305 included code that was useful only for
the IETF construction and also code that was useful only for the
OpenSSH construction. Now the construction-specific code is in the
module for the construction, leaving only the common code in the
poly1305 submodule.

Remove the tests that were testing the I-U-F behavior that's no longer
available.
 2018-12-06 10:50:33 -10:00
Brian Smith
3326b83efc Use Block as the representation of Poly1305 blocks. 
`Block` will later be used elsewhere.
 2018-12-06 10:50:33 -10:00
Brian Smith
b1df5fccef Simplify Poly1305 nonce handling. 2018-12-06 10:50:33 -10:00
Brian Smith
34e5a5b93a Remove chacha dependency from poly1305. 
The new chacha20_poly1305_openssh -> chacha20_poly1305 here is not
ideal either, but better than poly1305 -> chacha.
 2018-12-06 10:50:33 -10:00
Brian Smith
e363572b76 Remove redundant comments and alignment checks in Poly1305. 
We use this pattern very commonly now; we don't need to document any
caveats because there are none.

The use of `#[repr(align)]` makes the alignment checks redundant.
 2018-12-06 10:50:33 -10:00
Brian Smith
d5f205221e Return authentication tags by value in AEAD internals. 2018-12-06 10:50:33 -10:00
Brian Smith
eaaa2bf92c Rename poly1305::SigningContext to Context. 2018-12-06 10:50:33 -10:00
Brian Smith
3dedc86772 rustfmt +nightly fmt 2018-12-06 10:49:53 -10:00
Brian Smith
58a5b6f2c6 Clean up some more uses. 2018-12-06 10:49:50 -10:00
Brian Smith
e8dab905d2 Encapsulate AEAD algorithm-specific key representations. 
Replace the `ctx_buf` stuff in `ring::aead` with an enum to clarify the
code and to make it easier to extend.
 2018-12-05 11:07:38 -10:00
Brian Smith
6206823c7f Unify asm vs C fallback implementation selection. 
These functions are used mutually-exclusively and even compiled
mutually-exclusively.

This also removes a build warning on targets where aes.c is empty;
they were complaining that aes.o (rightly) doesn't define anything
for those targets.

This makes the code more like BoringSSL's; they had made a similar
change before.
 2018-12-04 18:24:13 -10:00
Brian Smith
d6b194c72c Remove unused declaration of BIGNUM. 2018-12-04 12:38:36 -10:00
Brian Smith
59fbc58453 Make use of use in ECC code more consistent. 2018-12-03 09:18:55 -10:00
Brian Smith
a51cd824f6 Call cpu::cache_detected_features() in verify_rsa(). 
`verify_rsa()` skips over the call done in `ring::signature::verify()`.
 2018-12-01 08:56:05 -10:00
Brian Smith
e2ba6cb73b Rename ring::init::init_once() to ring::cpu::cache_detected_features(). 
This is an internal API so this doesn't affect users.
 2018-12-01 08:50:39 -10:00
Brian Smith
b673c6482c Remove ring::polyfill::ref_from_mut_ref. 2018-12-01 05:05:23 -10:00
Brian Smith
bc770048bf Simplify ring::bigint::elem_verify_equal_consttime. 2018-12-01 05:05:23 -10:00
Brian Smith
8da675772b Compute the bit length of each modulus once. 2018-11-29 16:01:00 -10:00
Brian Smith
953be035ff Replace GFp_bn_mul_mont_check_num_limbs with Rust. 2018-11-29 16:01:00 -10:00
Brian Smith
cda9d33d31 Use Rust for RSA exponentiation. 2018-11-29 16:01:00 -10:00
Brian Smith
a5e5df273c Add more RSA key length tests. 2018-11-28 12:34:39 -10:00
Brian Smith
97d5877fbf Report unsupported RSA private key length at during key construction. 
Previously, one could construct an RSA key pair "successfully" even if
the bit length of the private moduli was not evenly divisible by 512.
However, using such a key to sign something would (usually) fail on
x86-64 because the x86-64 signing code requires the modulus to be an
even multiple of 8 limbs.

Now, all keys that have private primes with lengths that aren't
multiples of 512 bits will be rejected at key construction time with
error "PrivateModulusLenNotMultipleOf512Bits".
 2018-11-28 11:52:18 -10:00
Brian Smith
9968baa55d Report some details of why asymmetric keys were rejected. 2018-11-28 11:52:18 -10:00
Brian Smith
ddc36a9ca3 Bump major number in Cargo.toml for upcoming API change. 2018-11-28 11:23:00 -10:00
Brian Smith
d42f9d5e21 Fix test cases in PKCS#8. 
The test case was accidentally a duplicate of the one that follows it.
Fix it so that it is badly encoded in the way described in the comment.
 2018-11-28 11:22:37 -10:00
Brian Smith
569d45b8a5 rustfmt the new ECDSA verification test. 2018-11-28 09:33:07 -10:00
Brian Smith
d1d41719ad Remove unused GFp_has_aes_hardware. 
In BoringSSL-based applications like Chromium, this is used to decide whether
to prefer ChaCha20-Poly1305 over AES-GCM. We'll eventually provide a similar
API that works differently.
 2018-11-28 09:06:20 -10:00
Brian Smith
85d0b97a36 Clarify HWAES conditional compilation logic. 2018-11-28 08:39:28 -10:00
Brian Smith
30468ee8f4 Clean up prototypes of HWAES functions. 
Replace the unprefixed prototypes with prefixed ones, remove redundant
prototypes, and remove prototypes for functions that were removed.
 2018-11-27 23:51:10 -10:00
Brian Smith
f0d2944f4f Cherry-pick BoringSSL 0f5ecd3: Re-enable AES-NI on 32-bit x86 too. 2018-11-27 23:48:22 -10:00
Brian Smith
1994e88d69 Ignore BoringSSL 4508745..9a547e1. 2018-11-27 23:17:35 -10:00