For gitlab CI fix.

Nikos Mavrogiannopoulos authored Jan 25, 2020 and Niels Möller committed Jan 26, 2020

Gitlab added windows shared runners and we should avoid
running CI in this environment as it will immediatelly
fail.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

Dmitry Baryshkov authored Jan 17, 2020 and Niels Möller committed Jan 25, 2020

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Dmitry Baryshkov authored Jan 17, 2020 and Niels Möller committed Jan 25, 2020

Add GOST Digital Signature Algorithms support according to GOST R
34.10-2001/-2012. English translations of these standards are provided
as RFC 5832 and RFC 7091.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Dmitry Baryshkov authored Jan 18, 2020 and Niels Möller committed Jan 23, 2020

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Dmitry Baryshkov authored Jan 18, 2020 and Niels Möller committed Jan 23, 2020

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

Dmitry Baryshkov authored Jan 16, 2020 and Niels Möller committed Jan 16, 2020

Add support for GC512A curve ("TLS Supported Groups" registry,
draft-smyshlyaev-tls12-gost-suites) also known as
tc26-gost-3410-12-512-paramSetA (RFC 7836).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Dmitry Baryshkov authored Jan 16, 2020 and Niels Möller committed Jan 16, 2020

Add support for GC256B curve ("TLS Supported Groups" registry,
draft-smyshlyaev-tls12-gost-suites) also known as
GostR3410-2001-CryptoPro-A and GostR3410-2001-CryptoPro-XchA (RFC 4357).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

* aclocal.m4 (DEP_INCLUDE): Delete substituted variable.

* Makefile.in: Use the GNU make directive -include to include
dependency .d files. Delete dependency files on make clean.
* examples/Makefile.in: Likewise.
* testsuite/Makefile.in: Likewise. Also use $(OBJEXT) properly.
* tools/Makefile.in: Likewise.

* configure.ac (dummy-dep-files): Delete these config commands.

Dmitry Baryshkov authored Jan 07, 2020 and Niels Möller committed Jan 10, 2020

Rename curve functions to use curve names instead of just bits.
Otherwise function names can easily become confusing after adding other
curves.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Dmitry Baryshkov authored Jan 07, 2020 and Niels Möller committed Jan 10, 2020

There is no need to keep optimized ECC functions in public namespace
(nettle_*), move them to internal namespace (_nettle_*).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Dmitry Baryshkov authored Jan 07, 2020 and Niels Möller committed Jan 10, 2020

In preparation to adding GOST curves support, rename source files and
use curve name as eccdata parameter.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Nikos Mavrogiannopoulos authored Jan 03, 2020 and Niels Möller committed Jan 06, 2020

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Nikos Mavrogiannopoulos authored Jan 03, 2020 and Niels Möller committed Jan 06, 2020

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

* eddsa-internal.h (struct ecc_eddsa): New struct for eddsa
parameters.
* ed25519-sha512.c (_nettle_ed25519_sha512): New parameter struct.
* eddsa-expand.c (_eddsa_expand_key): Replace input
struct nettle_hash with struct ecc_eddsa, and generalize for
ed448. Update all callers.
* eddsa-sign.c (_eddsa_sign): Likewise.
* eddsa-verify.c (_eddsa_verify): Likewise.
* eddsa-compress.c (_eddsa_compress): Store sign bit in most
significant bit of last byte, as specified by RFC 8032.
* eddsa-decompress.c (_eddsa_decompress): Corresponding update.
Also generalize to support ed448, and make validity checks
stricter.
* testsuite/eddsa-sign-test.c (test_ed25519_sign): New function.
(test_main): Use it.
* testsuite/eddsa-verify-test.c (test_ed25519): New function.
(test_main): Use it.

* bignum.h: Drop unreleted include of nettle-meta.h.
* pss.h: Include nettle-meta.h explicitly.
* eddsa-internal.h: Likewise.

* shake256.c (sha3_256_shake): New file and function.
* Makefile.in (nettle_SOURCES): Add shake256.c.
* testsuite/testutils.c (test_hash): Allow arbitrary digest size,
if hash->digest_size == 0.
* testsuite/shake.awk: New script to extract test vectors.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Add shake256-test.c.
(DISTFILES): Add shake.awk.

* ecc-mul-a-eh.c (ecc_mul_a_eh) [ECC_MUL_A_EH_WBITS == 0]: Use
add_hh rather than add_hhh.
(table_init) [[ECC_MUL_A_EH_WBITS > 0]: Likewise.
* ecc-internal.h (ECC_MUL_A_EH_ITCH) [ECC_MUL_A_EH_WBITS == 0]:
Reduced from 13*n to 12*n.

* eddsa-verify.c (_eddsa_verify): Use function pointer rather than
calling ecc_add_eh directly. Preparation for eddsa over curve448.