Increase NETTLE_MAX_HASH_BLOCK_SIZE to 144, to accommodate sha3_224.

Implement AES-GCM-SIV

See merge request !52

This implements AES-GCM-SIV, described in RFC8452, on top of the
existing AES-GCM primitives.  In particular, its hash algorithm
POLYVAL is implemented using the GHASH with additional byte order
conversion according to RFC8452 Appendix A.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use ecc_nonsec_add_jjj,
to produce correct result in a corner case where point addition
needs to use point duplication. Also use ecc_j_to_a rather than
ecc->h_to_a, since ecdsa supports only weierstrass curves.
* ecc-gostdsa-verify.c (ecc_gostdsa_verify): Analogous change.

* testsuite/ecdsa-verify-test.c (test_main): Add corresponding test.
* testsuite/ecdsa-sign-test.c (test_main): And a test producing
the problematic signature.

* eccdata.c (string_toupper): New utility function.
(output_modulo): Move more of the per-modulo output here.
(output_curve): Remove corresponding code.

Tianjia Zhang authored Feb 21, 2022 and Niels Möller committed Aug 18, 2022

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Tianjia Zhang authored Feb 21, 2022 and Niels Möller committed Aug 18, 2022

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Tianjia Zhang authored Feb 21, 2022 and Niels Möller committed Aug 18, 2022

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Tianjia Zhang authored Feb 21, 2022 and Niels Möller committed Aug 18, 2022

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Tianjia Zhang authored Feb 21, 2022 and Niels Möller committed Aug 18, 2022

Add a testuite for SM4 symmetric algorithm. Test vectors are based
on: https://tools.ietf.org/id/draft-ribose-cfrg-sm4-10.html



Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Tianjia Zhang authored Feb 21, 2022 and Niels Möller committed Aug 18, 2022

Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016).

SM4 (GBT.32907-2016) is a cryptographic standard issued by the
Organization of State Commercial Administration of China (OSCCA)
as an authorized cryptographic algorithms for the use within China.

SMS4 was originally created for use in protecting wireless
networks, and is mandated in the Chinese National Standard for
Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure)
(GB.15629.11-2003).

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

* ecc-mod-arith.c (ecc_mod_sub): Ensure that if inputs are in the
range 0 <= a, b < 2m, then output is in the same range.
* eccdata.c (output_curve): New outputs ecc_Bm2p and ecc_Bm2q.
* ecc-internal.h (struct ecc_modulo): New member Bm2m (B^size -
2m), needed by ecc_mod_sub. Update all curves.
* testsuite/ecc-mod-arith-test.c: New tests for ecc_mod_add and
ecc_mod_sub.

Introduce overriding environment variable NETTLE_FAT_DISABLE_POWER9
that disables use of power9 code. This makes poly1305 tests under qemu
pass. See https://gitlab.com/qemu-project/qemu/-/issues/1156.

* configure.ac: Refer to nettle-types.h, rather than arcfour.c,
for AC_CONFIG_SRCDIR.

[PowerPC] Implement Poly1305 single block update based on radix 2^64

See merge request !47