aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Skip bench on very small ECC groups; 112 == DESlloyd2010-03-131-3/+1
|
* Cache BigInts as well. Kind of like the old scheme, but created insidelloyd2010-03-132-27/+74
| | | | operator+= and operator*= instead of being class var, so no thread issues.
* Clarifylloyd2010-03-131-2/+2
|
* Document changes since 1.9.4lloyd2010-03-131-0/+5
|
* Always keep coord_{x,y,z} < p, so don't ever have to copy or use reducerlloyd2010-03-131-22/+10
| | | | in monty_mult()
* Save workspace for addition calls inside operator*=lloyd2010-03-132-20/+28
|
* Share workspace among calls to mult2lloyd2010-03-132-10/+9
|
* Cache a workspace; much fasterlloyd2010-03-132-31/+43
|
* Correct Doxygen commentlloyd2010-03-131-3/+3
|
* Small optimizationslloyd2010-03-131-6/+13
| | | | | Especially try to keep the size of inputs down, so it doesn't have to do an extra reduction step. Ideally this should be eliminated entirely.
* Add 192 and 256 bit groups to the ECDSA benchmark lineuplloyd2010-03-131-1/+3
|
* Kill stdio includelloyd2010-03-131-2/+0
|
* Unroll point multiply to look at two bits of scalar each iteration.lloyd2010-03-131-2/+24
| | | | Helps out quite a bit.
* Precompute a*rlloyd2010-03-132-2/+9
|
* Disable fault protection for ECDSA benchmark, easier profilinglloyd2010-03-131-1/+1
|
* More monty_mult cleanupslloyd2010-03-131-6/+4
|
* Small monty_mult cleanuplloyd2010-03-131-10/+8
|
* Inline/simplifiy monty multlloyd2010-03-131-31/+15
|
* Single word p-dashlloyd2010-03-131-3/+4
|
* Only need a single word from p_dash, so only save that single word.lloyd2010-03-131-94/+9
| | | | Remove hand-coded montgomery reduction, use bigint_mont_redc() instead
* Use Montgomery reduction for the important parts of PointGFp, usinglloyd2010-03-132-74/+78
| | | | | code cobbled together from 1.8/InSiTo. Faster than it was in 1.9.4, but still quite slow.
* Name args to bigint_{mul,sqr} in headerlloyd2010-03-131-5/+5
|
* Give PK_Signer users the option of disabling fault protectionlloyd2010-03-132-6/+17
|
* Move monty params to curve, since only depend on the primelloyd2010-03-131-4/+37
|
* Simple cleanupslloyd2010-03-131-6/+13
|
* Add back code for montgomery PointGFp mult (not used atm)lloyd2010-03-132-14/+165
|
* Hide PointGFp constructorslloyd2010-03-132-7/+14
|
* Remove access to the Jacobian coordinate getters get_{x,y,z}, as welllloyd2010-03-133-169/+68
| | | | | | | | | | | | | | as the 4-argument constructor. Define operator==() in terms of the affine coordinates. Rewrite tests that assumed access to the Jacobian coodinates in terms of the affine coordinates. This change allows for using arbitrary coordinate systems in PointGFp, as long as it can convert to the normal affine coordinates (which are what is used by all ECC algorithms implemented currently, and probably all interesting ECC algorithms in general).
* I had listed Olivier de Gaalon in the license, for the SQLite codec,lloyd2010-03-122-1/+5
| | | | | | | but not in credits. Conversely, I had listed Vaclav Ovsik in the credits for the Perl-XS wrapper, but not in the license.
* Include <netinet/in.h>; needed on FreeBSD at leastlloyd2010-03-101-1/+2
|
* Tick version to 1.9.5-devlloyd2010-03-103-4/+6
|
* Remove config options to toggle if X.509 extensions are critical orlloyd2010-03-107-96/+47
| | | | | | | | not. Instead provide via Extensions::add(). No way to modify behavior currently, it just follows the previous default police. Remove the config options from Library_State entirely. Die, mutable singletons, die.
* Make cert decoding errors more verboselloyd2010-03-101-2/+2
|
* Remove the base/default_allocator option, instead save as a per-libstatelloyd2010-03-103-19/+25
| | | | variable directly.
* Remove call to disable key testing, now a per-build optionlloyd2010-03-101-4/+2
|
* Guard call to the allocator in deallocate() by checking if the alloclloyd2010-03-101-1/+1
| | | | | | | | | | | | | | | | | | pointer was actually set. Otherwise, the following problem could occur if an allocator could not be found: init() will call Allocator::get, which throws an exception init() is called from the constructor of the subclasses (MemoryVector, etc) Since the constructor of MemoryRegion has already finished, its destructor will be called. ~MemoryRegion will call deallocate() deallocate() will then access a NULL pointer By guarding the call, the exception is propagated correctly.
* Update version to 1.9.4 release1.9.4lloyd2010-03-093-3/+3
|
* DSA and NR require certain parameters (which depend on the randomlylloyd2010-03-092-18/+24
| | | | | | choosen nonce) not be 0. Previously it would just check and throw an exception if this was the case. Change to generate a new nonce and retry if this happens.
* Remove decls of removed RSA encrypt/decryptlloyd2010-03-091-5/+0
|
* Oops. Secret nonce/seed for blinding for DH and ElGamal was 2^x mod p.lloyd2010-03-092-2/+2
| | | | | | | | | However if the group generator is 2, that's precisely the public key, which is hardly secret at all. Instead use y^x mod p, which while a little dubious in terms of mathematical structure is probably OK after being hashed through SHA-512 with some high resolution timestamps.
* De-name unused rng arglloyd2010-03-091-1/+1
|
* Deconstify PK_Ops. It's quite reasonable that some op will want tolloyd2010-03-0925-148/+114
| | | | | | | | | | | | | precompute only as needed, or will want to access some other expensive resource or etc. Change how the secret for generating blinding is done in cases where a PRNG isn't available. Use the operations public op to hide the secret, for instance the seed for a DH blinding variable is 2^x mod p. Make use of being able to mutate internal structures in the RW signer, since that does have access to a PRNG, so use it to initialize the blinder on first call to sign().
* Dont need RNG in this testlloyd2010-03-091-3/+2
|
* Consolidate code for choosing a window size for fixed width windowlloyd2010-03-094-72/+41
| | | | exponentiation algorithms.
* Add back RSA consistency checking (decrypt only)lloyd2010-03-092-3/+8
|
* Have PK_Signer check the validity of all signatures before releasing.lloyd2010-03-092-8/+52
| | | | Should help against many forms of fault attacks.
* Use preexisting powermod precomputations for setting up blinderslloyd2010-03-092-2/+2
|
* Remove decls of unimplemented functionslloyd2010-03-081-3/+0
|
* Blinder::choose_nonce added a single byte of the timestamps 8 times,lloyd2010-03-081-2/+2
| | | | instead of each byte once...
* Add back in blinding to RSA, RW, ElGamal, and DH.lloyd2010-03-0815-103/+175
| | | | | | | | | | | | | | | | There are multiple unsatisfactory elements to the current solution, as compared to how blinding was previously done: Firstly, blinding is only used in the baseline implementations; the code using OpenSSL and GMP is not protected by blinding at all. Secondly, at the point we need to set up blinding, there is no access to a PRNG. Currently I am going with a quite nasty solution, of using a private key parameter to seed a simple PRNG constructed as: SHA-512(TS1 || private_key_param || public_key_param || TS2) I really want to fix both of these elements but I'm not sure how to do so easily.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 05:21:01 +0000