1. 18 Dec, 2019 1 commit
  2. 14 Dec, 2019 1 commit
    • Niels Möller's avatar
      New function ecc_mul_m. · b33eea3b
      Niels Möller authored
      * curve25519-mul.c (curve25519_mul): Use ecc_mul_m.
      * curve448-mul.c (curve448_mul): Likewise.
      
      * ecc-mul-m.c (ecc_mul_m): New file and function. Implements
      multipliction for curves in Montgomery representation, as used for
      curve25519 and curve448. Extracted from curve25519_mul.
      * ecc-internal.h (ecc_mul_m): Declare.
      (ECC_MUL_M_ITCH): New macro.
      * Makefile.in (hogweed_SOURCES): Add ecc-mul-m.c.
      b33eea3b
  3. 30 Nov, 2019 1 commit
    • Daiki Ueno's avatar
      Implement Curve448 primitives · 389c787e
      Daiki Ueno authored
      This patch adds the necessary primitives for "curve448", defined in
      RFC 7748.  Those primitives are namely: addition, doubling, scalar
      multiplication of the generator or an arbitrary point, inversion, and
      square root.
      389c787e
  4. 15 Sep, 2019 3 commits
  5. 04 Sep, 2019 2 commits
  6. 10 Jul, 2019 2 commits
  7. 26 Jun, 2019 1 commit
  8. 12 May, 2019 1 commit
  9. 06 May, 2019 1 commit
    • Niels Möller's avatar
      SIV-CMAC mode, based on patch by Nikos Mavrogiannopoulos · ef82f228
      Niels Möller authored
      This AEAD algorithm provides a way to make nonce-reuse a not critical
      issue. That is particular useful to stateless servers that cannot
      ensure that the nonce will not repeat. This cipher is used by
      draft-ietf-ntp-using-nts-for-ntp-17.
      ef82f228
  10. 01 May, 2019 1 commit
  11. 24 Mar, 2019 1 commit
  12. 06 Jan, 2019 1 commit
  13. 26 Dec, 2018 2 commits
  14. 28 Nov, 2018 1 commit
  15. 25 Nov, 2018 1 commit
    • Simo Sorce's avatar
      Add rsa_sec_decrypt as side-channel silent variant · bfda54ee
      Simo Sorce authored
      Use side-channel silent RSA root function as well as PKCS1 padding
      functions.
      This variant accepts only a fixed length message, and returns error
      if the pkcs1 padding returns a different length message.
      The buffer is always left unchanged on error so that a TLS
      implementation can pre-initialize it with a random key to use on
      decoding error.
      Signed-off-by: default avatarSimo Sorce <simo@redhat.com>
      bfda54ee
  16. 24 Nov, 2018 3 commits
  17. 07 Jul, 2018 1 commit
    • Nikos Mavrogiannopoulos's avatar
      abi: explicitly export intended symbols and hide others · da81c86a
      Nikos Mavrogiannopoulos authored
      This adds all exported symbols in the map files explicitly under
      the following rules:
       - Symbols mentioned in internal headers go in a section which is
         valid only for testing, and linking with these symbols will break
         in library updates.
       - Symbols mentioned in installed headers go in the exported sections
         and are considered part of the ABI.
       - All internal symbols move to internal headers.
       - The _nettle_md5_compress and _nettle_sha1_compress become exported
         without the _nettle prefix, due to existing usage.
      da81c86a
  18. 10 Mar, 2018 2 commits
  19. 19 Feb, 2018 1 commit
  20. 01 Feb, 2018 1 commit
  21. 30 Jan, 2018 1 commit
  22. 24 Jan, 2018 1 commit
  23. 16 Oct, 2017 1 commit
  24. 30 Aug, 2017 1 commit
  25. 27 Aug, 2017 1 commit
    • Niels Möller's avatar
      Separate the two uses of the configured value GMP_NUMB_BITS. · b7052093
      Niels Möller authored
      In version.h, GMP_NUMB_BITS is needed only for mini-gmp builds. In
      non-mini-gmp builds, substitute a dummy value there, to make the
      contents of this header file platform independent. In Makefile, we
      always need a properly configured value, and do this with the renamed
      variable NUMB_BITS.
      b7052093
  26. 09 Apr, 2017 1 commit
  27. 21 Mar, 2017 2 commits
  28. 12 Jan, 2017 1 commit
  29. 05 Sep, 2016 1 commit
  30. 15 Nov, 2015 2 commits