| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
We recently learned our Simon and Speck implementation was wrong. The removal will stop harm until we can loop back and fix the issue.
The issue is, the paper, the test vectors and the ref-impl do not align. Each produces slightly different result. We followed the test vectors but they turned out to be wrong for the ciphers.
We have one kernel test vector but we don't have a working implementation to observe it to fix our implementation. Ugh...
|
| |
|
|
| |
"Logically dead code"
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
TweetNaCl is a compact reimplementation of the NaCl library by Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange, Peter Schwabe and Sjaak Smetsers. The library is less than 20 KB in size and provides 25 of the NaCl library functions.
The compact library uses curve25519, XSalsa20, Poly1305 and SHA-512 as default primitives, and includes both x25519 key exchange and ed25519 signatures. The complete list of functions can be found in TweetNaCl: A crypto library in 100 tweets (20140917), Table 1, page 5.
Crypto++ retained the function names and signatures but switched to data types provided by <stdint.h> to promote interoperability with Crypto++ and avoid size problems on platforms like Cygwin. For example, NaCl typdef'd u64 as an unsigned long long, but Cygwin, MinGW and MSYS are LP64 systems (not LLP64 systems). In addition, Crypto++ was missing NaCl's signed 64-bit integer i64.
Crypto++ enforces the 0-key restriction due to small points. The TweetNaCl library allowed the 0-keys to small points. Also see RFC 7748, Elliptic Curves for Security, Section 6.
TweetNaCl is well written but not well optimized. It runs 2x to 3x slower than optimized routines from libsodium. However, the library is still 2x to 4x faster than the algorithms NaCl was designed to replace.
The Crypto++ wrapper for TweetNaCl requires OS features. That is, NO_OS_DEPENDENCE cannot be defined. It is due to TweetNaCl's internal function randombytes. Crypto++ used DefaultAutoSeededRNG within randombytes, so OS integration must be enabled. You can use another generator like RDRAND to avoid the restriction.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
the hash value's. Also add test case for GetRandom, with original data from RFC6979 (#560)
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This changes the dependency from Altivec to Power7. Internally we needed Power7 but it was cut-in as a pseudo Altivec dependency. Also see http://groups.google.com/forum/#!topic/cryptopp-users/fmEKOG41SG8
|
| | |
|
| |
|
|
|
| |
Avoid flushing stream for config line items
Use memcpy in std:: namespace
|
| | |
|
| | |
|
| |
|
|
|
| |
The strategy of "cleanup under-aligned buffers" is not scaling well. Corner cases are still turing up. The library has some corner-case breaks, like old 32-bit Intels. And it still has not solved the AltiVec and Power8 alignment problems.
For now we are backing out the changes and investigating other strategies
|
| | |
|
| |
|
|
| |
These tests are effectively performed in MDC, SEAL and OldRandomPool
|
| |
|
|
| |
Currently the CRYPTOPP_BOOL_XXX macros set the macro value to 0 or 1. If we remove setting the 0 value (the #else part of the expression), then the self tests speed up by about 0.3 seconds. I can't explain it, but I have observed it repeatedly.
This check-in prepares for the removal in Upstream master
|
| |
|
|
|
|
|
|
|
|
| |
(ClCompile target) ->
validat1.cpp(1081): warning C4800: 'CryptoPP::word32' : forcing value to bool
'true' or 'false' (performance warning) [c:\Users\cryptopp\cryptest.vcxproj]
validat1.cpp(1090): warning C4800: 'CryptoPP::word32' : forcing value to bool
'true' or 'false' (performance warning) [c:\Users\cryptopp\cryptest.vcxproj]
validat1.cpp(1099): warning C4800: 'CryptoPP::word32' : forcing value to bool
'true' or 'false' (performance warning) [c:\Users\cryptopp\cryptest.vcxproj]
|
| |
|
|
| |
The are configurations tests as recommended by Cryptography Research, Inc in their 2003 audit report
|
| | |
|
| | |
|
| |
|
|
|
| |
#461)
Split source files to support Base Implementation + SIMD implementation
|
| |
|
|
| |
Enums don't take up space in class objects. Its should result in smaller objects and faster code
|
| | |
|
| |
|
|
| |
This should tickle endianness issues
|
| | |
|
| |
|
|
| |
Users of OldRandomPool must use the new interface. All that means is they must call IncorporateEntropy instead of Put, and GenerateBlock instead of Get
|
| |
|
|
|
|
|
|
| |
The existing interface still exists. The new interface is routed into the old methods. Without the new interface, using OldRandPool could result in:
$ ./cryptest.exe v
terminate called after throwing an instance of CryptoPP::NotImplemented
what(): RandomNumberGenerator: IncorporateEntropy not implemented
Aborted (core dumped)
|
| |
|
|
| |
We still need to get the test result cross-validated
|
| |
|
|
| |
This reverts commit c3871aec948013c1a4d5613050c659520f59e2e4.
|
| |
|
|
| |
This reverts commit eb3b27a6a543. The change broke GCC 4.8 and unknown version of Clang on OS X. UB reported the OS X break, and JW found duplicated the break on a ARM CubieTruck with GCC 4.8.
|
| | |
|
| |
|
|
|
| |
They seemed to produce a hang when running self tests in AppVeyor.
Also use IsDebuggerPresent() to determine when we should call DebugBreak(). The OS killed our debug build when fuzzing caused an assert to fail
|
| |
|
|
| |
Windows Phone
|
| | |
|
| |
|
|
| |
We have not been able to determine a reliable way to detect cpu's and platforms with Cmake. We are side stepping the Cmake problem by building rdrand.cpp all the time. If its not avilable for a cpu or platform, then RDRAND or RDSEED throw an exception.
|
| |
|
|
| |
Whitespace check-in
|
| | |
|
| |
|
|
| |
The improved validation and excpetion clears the Address Sanitizer and Undefined Behavior Sanitizer findings
|
| | |
|
| | |
|
| | |
|
