1. 23 Mar, 2019 1 commit
  2. 06 Sep, 2018 1 commit
  3. 07 Feb, 2018 3 commits
    • Yawning Angel 's avatar
      Fix the HFS pattern to account for upstream changes. · 355f8073
      Yawning Angel authored
      The upstream `XX` pattern was defined with an old version of the spec,
      and was brought up to date by fc3a9f3b.
      
      This brings the HFS pattern in sync and makes it work again.
      355f8073
    • Yawning Angel 's avatar
      Add support for the Hybrid Forward Secrecy extension. · e3e1487f
      Yawning Angel authored
      This commit adds support for the experimental Hybrid Forward Secrecy
      extension, using NewHope-Simple as the HFS primitive.
      
      Limitations:
      
       * Only `Noise_XXhfs` is implemented because that's the only one that
         Katzenpost will use.  Supporting the other variants is mostly a
         matter of adding additional `HandshakePattern` definitions.
      
       * Kyber is the new hotness in terms of lattice based DH like
         primitives, so that should probably be used instead of
         NewHope-Simple, but I already have a NewHope-Simple implementation.
      
         (Then again, ISTR that Kyber uses the same NTT that NewHope does, and
          Peter writes clean code so implementing it should be trivial.)
      
       * Pre-message `f`/`rf` patterns are supposed to be handled, but aren't,
         because I don't use them.
      
       * This should probably enforce `5.2 Pattern Validity`, in
         `ReadMessage()`/`WriteMessage()`, but, "Don't define invalid
         patterns".
      
       * I was lazy and didn't generate test vectors.
      
      Fixes #1.
      e3e1487f
    • Yawning Angel 's avatar
      Make MaxMsgLen into a configurable parameter. · 69209051
      Yawning Angel authored
       * Yes, this violates the spec.  The limitation is arbitrary and
         lifiting it allows us to skip a lot of complexity in our use of the
         protocol.
      
       * Yes, the upstream code only enforces this for handshake messages, so
         I could have skipped doing this, but I may as well be explicit in
         what I'm doing.  Ideally CipherState.Encrypt()/Decrypt() will enforce
         this as well, but it's not my library and I see myself rewriting it
         at some point anyway.
      69209051
  4. 24 Jan, 2018 2 commits
  5. 10 Jan, 2018 1 commit
    • Ryan Huber's avatar
      Replace panics with errors (#24) · 7e398aa7
      Ryan Huber authored
      * remove panics per PanicAndRecover guidance from go authors
      
      * revert constructors to panic()
      
      * fix vectorgen
      
      * fix Write call too
      7e398aa7
  6. 28 Dec, 2017 1 commit
  7. 27 Sep, 2017 1 commit
    • David Wong's avatar
      Removed the XR pattern and added the initiator check in WriteMessage and... · fc3a9f3b
      David Wong authored
      Removed the XR pattern and added the initiator check in WriteMessage and ReadMessage according to spec (#22)
      
      * removed the XR pattern and added the initiator check in WriteMessage and ReadMessage according to spec
      
      * removed extra space I shouldn't have added
      
      * fixed vectors
      
      * re-generated via vectorgen
      fc3a9f3b
  8. 22 Sep, 2017 2 commits
  9. 11 Jul, 2017 3 commits
  10. 15 May, 2017 8 commits
  11. 09 Jan, 2017 2 commits
  12. 03 Jan, 2017 1 commit
  13. 15 Jul, 2016 1 commit
  14. 14 Jul, 2016 1 commit
  15. 13 Jul, 2016 11 commits
  16. 03 Apr, 2016 1 commit