The hash algorithms used in the MGF and to create the hash of the Label
must not forcibly be the same. This change allows to use different
algorithms.
Unfortunately this breaks the API if you use one of:
* `rsa_decrypt_key_ex()`
* `rsa_encrypt_key_ex()`
* `pkcs_1_oaep_decode()`
* `pkcs_1_oaep_encode()`
The `rsa_decrypt_key()` and `rsa_encrypt_key()` macros are still the same.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
`aes_desc` and `aes_enc_desc` now do auto-detection of the best suitable
AES implementation for the platform.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
* The RFC doesn't limit the context to be a string.
It talks about `octets` which means it could be any binary data.
* Move the context-preprocessing function out of tweetnacl.c
* Fix potential segfaults when Ed25519 signature verification fails and
`LTC_CLEAN_STACK` is enabled.
* Fix all the warnings.
* Update documentation.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
Wrap signature format in #ifdef LTC_SSH
Update docs
Code review fixes
Replace strcmp/memcmp with XSTRCMP/XMEMCMP for check-source
Fix for check-defines
XSTRCMP/XMEMCMP != 0
GCC7.3 wants only literal strings for sprintf format
Code review changes
Rework SSH decoding and tests
Fix encoding and tests
COMPARE_TESTVECTOR macro
Single return point in ssh_decode_sequence_multi
Actually use XSTRNCPY rather than just defining it
More code review fixes
Code review tweaks
Ensure it's not possible to read past buffer end
Keep track of size remaining, not end pointer
Optionally return recovery ID from ecc_sign_hash()
Update documentation
Update tests for ECC recovery
Fix (v,r,s) signature format, regenerate recovery test
Fix over-freeing of private key
Code review fixes to docs
Rename LTC_ECCSIG_BLOCKCHAIN to LTC_ECCSIG_ETH to reflect original definition
Rename to LTC_ECCSIG_ETH27 to make clear it's using the Ethereum +27 convention
Code review changes - calculate recovery ID only if needed, type safety on signature format enum
Use enum for sigformat in docs, and add explanatory note for recid<0
Range checks on v, check RFC7518 signatures' length based on size of key. Fix for when order>prime.
Limit LET_ECCSIG_ETH27 to secp256k1 curve only
Workaround for TFM missing sqrtmod_prime
Fix unused variable warnings with USE_TFM, make TomsFastMath a runtime check
Disable ecc_recover_key if no ecc_mul2add available
Wrap ecc_recover_key and its test in #ifdef LTC_ECC_SHAMIR
Fix unused variables when built without LTC_ECC_SHAMIR
Code review tweaks
Code review tweaks - remove sigformat, tidy up (de)allocation
Code review tweaks
