[PATCH 1/2] Change ecc_mod_*mul_1 to be per-module callbacks

From: Dmitry Baryshkov GOST curves will require different "fixups" for fast (mul X mod p) operations. Move these operations to ecc_modulo structure and call them via function pointer. Signed-off-by: Dmitry Baryshkov --- ecc-add-jja.c | 8 ecc-add-jjj.c | 8

[PATCH 2/2] Add support for GOST GC256C curve

From: Dmitry Baryshkov Add support for GC256C curve ("TLS Supported Groups" registry, draft-smyshlyaev-tls12-gost-suites) also known as GostR3410-2001-CryptoPro-B (RFC 4357). Signed-off-by: Dmitry Baryshkov --- .gitignore | 1 + Makefile.in | 10 +-

[PATCH] Implement GOST VKO key derivation algorithm

From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 2 +- gostdsa-vko.c| 77 ++ gostdsa.h| 7 +++ testsuite/.gitignore | 1 + testsuite/.test-rules.make | 3 ++

[PATCH] gitlab-ci: reenable GOST compilation

From: Dmitry Baryshkov GnuTLS is now compatible again with Nettle master branch. Remove --disable-gost. Signed-off-by: Dmitry Baryshkov --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 663f98f5cb8e..5b348f38568f

[PATCH] ecc: remove ecc_modp_foo/ecc_modq_foo macros

From: Dmitry Baryshkov To make ecc functions usage more obvious remove ecc_modp_foo() and ecc_modq_foo() wrapper macros. Signed-off-by: Dmitry Baryshkov --- curve25519-eh-to-x.c | 8 +++ curve448-eh-to-x.c | 4 ++-- ecc-add-eh.c | 38 +++

[PATCH] cmac-des3: add meta declaration to Nettle library

From: Dmitry Baryshkov Move cmac-des3 meta information from testsuite/cmac-test.c to main Nettle library. Signed-off-by: Dmitry Baryshkov --- Makefile.in | 2 +- cmac-des3-meta.c | 52 +++ nettle-meta-macs.c| 1 +

[PATCH] gost28147: move gost params to internal interface

From: Dmitry Baryshkov gost28147_param instances were never a part of stable release, so move them to internal header. Signed-off-by: Dmitry Baryshkov --- Makefile.in | 2 +- gost28147-internal.h | 12 + gost28147.c | 5 ++-- gost28147.h | 58

[PATCH 2/2] Add support for GOST GC256C curve

From: Dmitry Baryshkov Add support for GC256C curve ("TLS Supported Groups" registry, draft-smyshlyaev-tls12-gost-suites) also known as GostR3410-2001-CryptoPro-B (RFC 4357). Signed-off-by: Dmitry Baryshkov --- .gitignore | 1 + Makefile.in | 10 +-

[PATCH 1/2] Change ecc_mod_*mul_1 to be per-module callbacks

From: Dmitry Baryshkov GOST curves will require different "fixups" for fast (mul X mod p) operations. Move these operations to ecc_modulo structure and call them via function pointer. Signed-off-by: Dmitry Baryshkov --- ecc-curve25519.c | 8 ecc-curve448.c| 8

[PATCH 0/2] two small fixes for ecc-gost branch

Hello, Two small fixes to go on top of ecc-gost branch. These two patches can be squashed into respective patches or just live as separate instances, whatever you would prefer. -- With best wishes Dmitry ___ nettle-bugs mailing list

[PATCH 2/2] .gitignore: correct generated header names

From: Dmitry Baryshkov Signed-off-by: Dmitry Baryshkov --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2e64c187574f..48e2b7f464da 100644 --- a/.gitignore +++ b/.gitignore @@ -45,8 +45,8 @@ core /rotors.h /ecc-curve25519.h

[PATCH 1/2] gost gc512a: rename functions to follow usual pattern

From: Dmitry Baryshkov Signed-off-by: Dmitry Baryshkov --- ecc-gost-gc512a.c | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ecc-gost-gc512a.c b/ecc-gost-gc512a.c index 4baec1f5945d..6d210925b609 100644 --- a/ecc-gost-gc512a.c +++ b/ecc-gost-gc512a.c @@ -43,7

[PATCH] hogweed-benchmark: fill 32 or 56 bytes rather than just sizeof(int)

From: Dmitry Baryshkov Don't call sizeof(CURVExyz_SIZE) to get amount of bytes to fill. Just use CURVExyz_SIZE itself. Signed-off-by: Dmitry Baryshkov --- examples/hogweed-benchmark.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/hogweed-benchmark.c

[PATCH v5 3/3] hogweed-benchmark: enable testing of GOST DSA

From: Dmitry Baryshkov Signed-off-by: Dmitry Baryshkov --- examples/hogweed-benchmark.c | 104 +++ 1 file changed, 104 insertions(+) diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c index 11393df04c81..bceed77e55d9 100644 ---

[PATCH v5 2/3] Add documentation for GOSTDSA and GOST curves.

From: Dmitry Baryshkov Signed-off-by: Dmitry Baryshkov --- nettle.texinfo | 65 +- 1 file changed, 64 insertions(+), 1 deletion(-) diff --git a/nettle.texinfo b/nettle.texinfo index 65b36e315f81..38c84410c103 100644 --- a/nettle.texinfo +++

[PATCH v4 3/4] Add GOST DSA according to GOST R 34.10-2001/-2012

From: Dmitry Eremin-Solenikov Add GOST Digital Signature Algorithms support according to GOST R 34.10-2001/-2012. English translations of these standards are provided as RFC 5832 and RFC 7091. Signed-off-by: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Baryshkov --- Makefile.in

[PATCH v4 2/4] Add support for GOST GC512A curve

From: Dmitry Eremin-Solenikov Add support for GC512A curve ("TLS Supported Groups" registry, draft-smyshlyaev-tls12-gost-suites) also known as tc26-gost-3410-12-512-paramSetA (RFC 7836). Signed-off-by: Dmitry Eremin-Solenikov --- .gitignore | 1 + Makefile.in |

[PATCH v4 4/4] Add documentation for GOSTDSA and GOST curves.

From: Dmitry Baryshkov Signed-off-by: Dmitry Baryshkov --- nettle.texinfo | 65 +- 1 file changed, 64 insertions(+), 1 deletion(-) diff --git a/nettle.texinfo b/nettle.texinfo index 65b36e315f81..38c84410c103 100644 --- a/nettle.texinfo +++

[PATCH v4 1/4] Add support for GOST GC256B curve

From: Dmitry Eremin-Solenikov Add support for GC256B curve ("TLS Supported Groups" registry, draft-smyshlyaev-tls12-gost-suites) also known as GostR3410-2001-CryptoPro-A and GostR3410-2001-CryptoPro-XchA (RFC 4357). Signed-off-by: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Baryshkov ---

[PATCH v3 1/3] Add support for GOST GC256B curve

From: Dmitry Eremin-Solenikov Add support for GC256B curve ("TLS Supported Groups" registry, draft-smyshlyaev-tls12-gost-suites) also known as GostR3410-2001-CryptoPro-A and GostR3410-2001-CryptoPro-XchA (RFC 4357). Signed-off-by: Dmitry Eremin-Solenikov --- .gitignore | 1 +

[PATCH v3 2/3] Add support for GOST GC512A curve

From: Dmitry Eremin-Solenikov Add support for GC512A curve ("TLS Supported Groups" registry, draft-smyshlyaev-tls12-gost-suites) also known as tc26-gost-3410-12-512-paramSetA (RFC 7836). Signed-off-by: Dmitry Eremin-Solenikov --- .gitignore | 1 + Makefile.in |

[PATCH v2 1/3] Add support for GOST GC256B curve

From: Dmitry Eremin-Solenikov Add support for GC256B curve ("TLS Supported Groups" registry, draft-smyshlyaev-tls12-gost-suites) also known as GostR3410-2001-CryptoPro-A and GostR3410-2001-CryptoPro-XchA (RFC 4357). Signed-off-by: Dmitry Eremin-Solenikov --- .gitignore | 1 +

[PATCH v2 2/3] Add support for GOST GC512A curve

From: Dmitry Eremin-Solenikov Add support for GC512A curve ("TLS Supported Groups" registry, draft-smyshlyaev-tls12-gost-suites) also known as tc26-gost-3410-12-512-paramSetA (RFC 7836). Signed-off-by: Dmitry Eremin-Solenikov --- .gitignore | 1 + Makefile.in |

[PATCH v2 3/3] Add GOST DSA according to GOST R 34.10-2001/-2012

From: Dmitry Eremin-Solenikov Add GOST Digital Signature Algorithms support according to GOST R 34.10-2001/-2012. English translations of these standards are provided as RFC 5832 and RFC 7091. Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 4 +-

[PATCH 1/3] Change ecc_mod_*mul_1 to be per-module callbacks

From: Dmitry Eremin-Solenikov GOST curves will require different "fixups" for fast (mul X mod p) operations. Move these operations to ecc_modulo structure and call them via function pointer. Signed-off-by: Dmitry Eremin-Solenikov --- ecc-curve25519.c | 8 ecc-curve448.c | 8

[PATCH 2/3] Add several GOST R 34.10 curves defined by RFC 4357 and RFC 7836

From: Dmitry Eremin-Solenikov Add three 256-bit curves from RFC 4357 (Section 11.4) and two 512-bit curves from RFC 7836 (Section A.1). Curves are named accrording to the "TLS Supported Groups" registry. Signed-off-by: Dmitry Eremin-Solenikov --- .gitignore | 5 + Makefile.in

[PATCH 3/3] Add GOST DSA according to GOST R 34.10-2001/-2012

From: Dmitry Eremin-Solenikov Add GOST Digital Signature Algorithms support according to GOST R 34.10-2001/-2012. English translations of these standards are provided as RFC 5832 and RFC 7091. Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 4 +-

[PATCH v3 3/3] ecc: rename functions to contain curve names instead of bits

From: Dmitry Eremin-Solenikov Rename curve functions to use curve names instead of just bits. Otherwise function names can easily become confusing after adding other curves. Signed-off-by: Dmitry Eremin-Solenikov --- arm/ecc-secp192r1-modp.asm | 6 +++--- arm/ecc-secp224r1-modp.asm |

[PATCH v3 2/3] ecc: prefix optimized ECC function names with underscore

From: Dmitry Eremin-Solenikov There is no need to keep optimized ECC functions in public namespace (nettle_*), move them to internal namespace (_nettle_*). Signed-off-by: Dmitry Eremin-Solenikov --- arm/ecc-secp192r1-modp.asm | 4 ++-- arm/ecc-secp224r1-modp.asm | 4 ++--

[PATCH v3 1/3] ecc: rename source files with curves data

From: Dmitry Eremin-Solenikov In preparation to adding GOST curves support, rename source files and use curve name as eccdata parameter. Signed-off-by: Dmitry Eremin-Solenikov --- .gitignore| 14 ++--- Makefile.in | 54

[PATCH v2 3/3] ecc: rename functions to contain curve names instead of bits

From: Dmitry Eremin-Solenikov Rename curve functions to use curve names instead of just bits. Otherwise function names can easily become confusing after adding other curves. Signed-off-by: Dmitry Eremin-Solenikov --- arm/ecc-secp192r1-modp.asm | 6 +++--- arm/ecc-secp224r1-modp.asm |

[PATCH v2 1/3] ecc: rename source files with curves data

From: Dmitry Eremin-Solenikov In preparation to adding GOST curves support, rename source files and use curve name as eccdata parameter. Signed-off-by: Dmitry Eremin-Solenikov --- .gitignore| 14 ++--- Makefile.in | 54

[PATCH v2 2/3] ecc: prefix optimized ECC function names with underscore

From: Dmitry Eremin-Solenikov There is no need to keep optimized ECC functions in public namespace (nettle_*), move them to internal namespace (_nettle_*). Signed-off-by: Dmitry Eremin-Solenikov --- arm/ecc-secp192r1-modp.asm | 4 ++-- arm/ecc-secp224r1-modp.asm | 4 ++--

[PATCH 2/3] ecc: prefix optimized ECC function names with underscore

From: Dmitry Eremin-Solenikov There is no need to keep optimized ECC functions in public namespace (nettle_*), move them to internal namespace (_nettle_*). Signed-off-by: Dmitry Eremin-Solenikov --- arm/ecc-secp192r1-modp.asm | 4 ++-- arm/ecc-secp224r1-modp.asm | 4 ++--

[PATCH 1/3] ecc: rename source files with curves data

From: Dmitry Eremin-Solenikov In preparation to adding GOST curves support, rename source files and use curve name as eccdata parameter. Signed-off-by: Dmitry Eremin-Solenikov --- .gitignore| 14 ++--- Makefile.in | 54

[PATCH 3/3] ecc: rename functions to contain curve names instead of bits

From: Dmitry Eremin-Solenikov Rename curve functions to use curve names instead of just bits. Otherwise function names can easily become confusing after adding other curves. Signed-off-by: Dmitry Eremin-Solenikov --- arm/ecc-secp192r1-modp.asm | 6 +++--- arm/ecc-secp224r1-modp.asm |

[PATCH v2] ecc: rename source files with curves data

From: Dmitry Eremin-Solenikov In preparation to adding GOST curves support, rename source files and use curve name as eccdata parameter. Signed-off-by: Dmitry Eremin-Solenikov --- .gitignore| 14 ++--- Makefile.in | 54

[RFC] ecc: switch away from affine points representation

From: Dmitry Eremin-Solenikov Use jacobian/harmonized representation in ecc_point structure. This is an RFC patch for now, j_to_a/eh_to_a are not modified to produce y coordinate only, more tests are necessary most probably. Signed-off-by: Dmitry Eremin-Solenikov --- ecc-a-to-j.c

[PATCH] ecc: rename source files with curves data

From: Dmitry Eremin-Solenikov In preparation to adding GOST curves support, rename source files and use curve name as eccdata parameter. Signed-off-by: Dmitry Eremin-Solenikov --- .gitignore| 12 ++--- Makefile.in | 45

[PATCH 1/2] Implement GOST R 34.11-2012 (Streebog) hash function

From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in |5 +- examples/nettle-benchmark.c |3 +- hmac-streebog.c | 73 ++ hmac.h | 33 + nettle-meta-hashes.c|2 + nettle-meta.h

[PATCH 2/2] Implement PBKDF2 shortcut function for Streebog256/512

From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 2 +- pbkdf2-hmac-streebog.c | 67 + pbkdf2.h| 14 + testsuite/pbkdf2-test.c | 7 + 4 files changed, 89 insertions(+), 1

[PATCH 2/5] Add the rest of sboxes for GOST 28147

From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- gost28147.c | 1602 +++ gost28147.h | 13 + 2 files changed, 1615 insertions(+) diff --git a/gost28147.c b/gost28147.c index 6ccdcb6a353c..9fe31043a3ff 100644 ---

[PATCH 3/5] Add CFB mode support for GOST 28147-89

From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- gost28147.c| 85 +++--- gost28147.h| 8 +++ testsuite/gost28147-test.c | 143 + 3 files changed, 228 insertions(+), 8 deletions(-)

[PATCH 1/5] Add GOST 28147-89 ECB encryption and decryption support

From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 3 +- gost28147-internal.h | 3 + gost28147-meta.c | 49 +++ gost28147.c | 85 + gost28147.h |

[PATCH 5/5] Add GOST 28147-89 IMIT support

From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- gost28147.c| 107 +++-- gost28147.h| 47 testsuite/gost28147-test.c | 102 +++ 3 files changed, 253

[PATCH 0/5] GOST 28147-89 support

GOST 28147-89 is the data encryption standard for Russia (old, but still used). English translation is provided in RFC 5830. It defines a 64-bit cipher, ECB, CFB and counter (CNT) modes on top of it and a special mode of basic transformation that is used for MAC construction called "Imitovstavka"

[PATCH 4/5] Add special CNT mode for GOST 28147-89 cipher

From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- gost28147.c| 86 gost28147.h| 24 ++ testsuite/gost28147-test.c | 161 + 3 files changed, 271 insertions(+) diff --git

[PATCH v2 2/4] block modes: move Galois shifts to block-internal.h

From: Dmitry Eremin-Solenikov Move Galois polynomial shifts to block-internal.h, simplifying common code. GCM is left unconverted for now, this will be fixed later. Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 2 +- block-internal.h | 72

[PATCH v2 4/4] gcm: drop intermediate GCM_TABLE_BITS == 4 case

From: Dmitry Eremin-Solenikov It makes little sense to have intermediate solution with GCM_TABLE_BITS == 4. One either will use unoptimized case of GCM_TABLE_BITS == 0, or will switch to fully optimized case (8) as memory usage difference is quite low between 4 and 8. So drop GCM_TABLE_BITS == 4

[PATCH v2 3/4] gcm: move block shifting function to block-internal.h

From: Dmitry Eremin-Solenikov Move GCM's block shift function to block-internal.h. This concludes moving of all Galois mul-by-2 to single header. Signed-off-by: Dmitry Eremin-Solenikov --- block-internal.h | 30 +- gcm.c| 30

[PATCH v2 1/4] block-internal: add block XORing functions

From: Dmitry Eremin-Solenikov Add common implementations for functions doing XOR over nettle_block16/nettle_block8. Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 3 +- block-internal.h | 93 cmac.c | 11 +++---

[PATCH 5/5] gcm: move block shifting function to block-internal.h

From: Dmitry Eremin-Solenikov Move GCM's block shift function to block-internal.h. This concludes moving of all Galois mul-by-2 to single header. Signed-off-by: Dmitry Eremin-Solenikov --- block-internal.h | 29 + gcm.c| 15 ++- 2 files

[PATCH 4/5] block modes: move Galois shifts to block-internal.h

From: Dmitry Eremin-Solenikov Move Galois polynomial shifts to block-internal.h, simplifying common code. GCM is left unconverted for now, this will be fixed later. Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 2 +- block-internal.h | 76

[PATCH 3/5] block-internal: add block XORing functions

From: Dmitry Eremin-Solenikov Add common implementations for functions doing XOR over nettle_block16/nettle_block8. Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 3 +- block-internal.h | 93 cmac.c | 11 +++---

[PATCH 1/5] gcm: use uint64_t member of nettle_block16

From: Dmitry Eremin-Solenikov Remove last usage of unsigned long member of nettle_block16. Signed-off-by: Dmitry Eremin-Solenikov --- gcm.c | 47 --- 1 file changed, 12 insertions(+), 35 deletions(-) diff --git a/gcm.c b/gcm.c index

[PATCH] nettle-meta: add meta interface for CMAC-DES3 functions

From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- Makefile.in | 2 +- cmac-des3-meta.c | 43 +++ nettle-meta-macs.c| 1 + nettle-meta.h | 13 testsuite/cmac-test.c | 12