aboutsummaryrefslogtreecommitdiffstats
path: root/src/cli/speed.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #2298 Clean up prime generation logicJack Lloyd2020-03-061-6/+18
|\
| * Clean up prime generation logic slightlyJack Lloyd2020-03-061-6/+18
| | | | | | | | | | | | We were trying to generate safe primes using a weak check on q but actually this was rounded up to 128 bit probability check anyway. So just do that from the start then check p=2*q+1
* | Optimize inverse_modJack Lloyd2020-03-061-18/+22
|/ | | | About 25% faster
* Remove use of Binary Extended Euclidean Algorithm for inversionJack Lloyd2020-03-011-10/+27
| | | | | Instead use two specialized algorithms, one for odd modulus and the other for power of 2 modulus, then combine the results using CRT.
* Add more tests for speed utilJack Lloyd2020-02-091-2/+1
|
* Add -Werror mode for CI buildJack Lloyd2019-12-031-1/+1
|
* Tweak block cipher encryption perf testJack Lloyd2019-10-031-2/+3
| | | | | It was computing the block count from the byte length, which turned out to be about 15% of the total runtime when using AES-NI
* Merge GH #2124 Add poly_dbl speed utilJack Lloyd2019-09-281-0/+30
|\
| * Add poly_dbl speed utilJack Lloyd2019-09-281-0/+30
| |
* | OCB optimizationsJack Lloyd2019-09-281-1/+1
|/ | | | | | | Mostly avoiding/caching dynamic allocations. Also in speed, increment the IV from the low end which demonstrates OCB's enhanced handling of that case.
* Fix small bug in is_prime speed testJack Lloyd2019-09-271-2/+2
| | | | | | | We were testing p instead of p + i as intended. Also change the loop induction to work around what appears to be a lgtm false positive.
* Add a variant of RandomNumberGenerator::random_vecJack Lloyd2019-09-131-2/+2
| | | | | This avoids the unlock(rng.random_vec(...)) pattern which is pretty wasteful in terms of heap overhead.
* Remove modexp based inversion from speed testJack Lloyd2019-08-231-9/+0
| | | | Not competitive so not interesting
* Fix various MSVC warningsJack Lloyd2019-06-291-1/+2
|
* Change XMSS OIDs and feature macro nameJack Lloyd2019-06-231-2/+2
| | | | Since draft6 and final RFC are not compatible ...
* Fix some LGTM issuesJack Lloyd2019-06-191-0/+1
|
* Argon2: minor optimizations, add tests of CLI, tweak tuningJack Lloyd2019-05-301-0/+46
|
* Fix param names to match RFCJack Lloyd2019-05-131-4/+4
|
* Fix param namesJack Lloyd2019-05-101-4/+4
|
* Fix feature macro checks.Jack Lloyd2019-04-261-2/+0
| | | | Add a checker script.
* Rename OS::get_processor_timestamp to OS::get_cpu_cycle_counterJack Lloyd2018-12-231-1/+1
| | | | | Using phrase "timestamp" makes it sound like it has some relation to wall clock which it does not.
* Test how long it takes to precompute base point multiplesJack Lloyd2018-12-161-0/+20
|
* Fix more MSVC warningsJack Lloyd2018-12-101-2/+2
|
* Work around a problem when built with OpenSSLJack Lloyd2018-12-101-1/+8
| | | | | | | It appears OpenSSL has a different interpretation from us of how the message representative is formed for P-521 when given a hash to sign that is larger than the group order; signatures generated by us do not verify with OpenSSL and vice versa.
* Support recovering ECDSA public key from message/signature pairJack Lloyd2018-12-101-0/+51
| | | | | | See http://www.secg.org/sec1-v2.pdf section 4.1.6 Closes #664
* In speed, track number of invalid generated signatures and print onceJack Lloyd2018-12-081-1/+6
| | | | Otherwise this spams the output when something goes wrong.
* Add a constant time divide variant for dividing by uint8_tJack Lloyd2018-12-021-0/+43
| | | | | | | | | Originally wrote it for div-by-word but that ends up requiring a dword type which we don't always have. And uint8_t covers the most important cases of n = 10 and n = 58 (whenever I get around to writing base58). We could portably support up to div-by-uint32, but I don't think we need it. Nicely for n = 10, this is actually faster than the variable time division.
* Add a const-time division algorithmJack Lloyd2018-12-021-0/+45
| | | | | | | | It is stupid and slow (~50-100x slower than variable time version) but still useful for protecting critical algorithms. Not currently used, waiting for OSS-Fuzz to test it for a while before we commit to it.
* Fix more MSVC warningsJack Lloyd2018-10-011-1/+1
|
* Merge GH #1670 New password hashing interfaceJack Lloyd2018-09-131-306/+18
|\
| * Add testsJack Lloyd2018-09-101-9/+12
| | | | | | | | This is a contribution of Ribose Inc (@riboseinc)
| * Promote Timer to an internal util classJack Lloyd2018-09-101-301/+10
| |
* | Better error repoting for invalid/out of range --buf-size argJack Lloyd2018-09-101-2/+7
| |
* | Fix cipher mode speed benchmark ignoring provider argumentJose Pereira2018-09-061-2/+2
|/
* In speed test, check for availability of NIST reducer functionsJack Lloyd2018-08-151-0/+2
| | | | This caused compilation to fail if MP_WORD_BITS was 8 or 16
* Improve speed of cli testsJack Lloyd2018-08-101-12/+23
| | | | | Exit early from scrypt bench if we only computed a single value in the requested msec bounds. Reduce speed timeouts across board.
* Add Lucas test from FIPS 186-4Jack Lloyd2018-07-311-0/+37
| | | | | | | | | | This eliminates an issue identified in the paper "Prime and Prejudice: Primality Testing Under Adversarial Conditions" by Albrecht, Massimo, Paterson and Somorovsky where DL_Group::verify_group with strong=false would accept a composite q with probability 1/4096, which is exactly as the error bound is documented, but still unfortunate.
* Update password hashing default settingsJack Lloyd2018-07-131-0/+65
| | | | | | | | Bcrypt work factor 10 is looking pretty low these days, as is 100K iterations of PBKDF2. Increase bcrypt to 12 and PBKDF2 to 150K, and also transition passhash9 to using SHA-512 instead of SHA-256. Also document bcrypt better, and add speed tests for bcrypt and passhash9
* In speed command warn if some unknown flag is passed to --clear-cpuidJack Lloyd2018-07-111-1/+7
|
* More CLI testsJack Lloyd2018-06-281-2/+2
|
* Avoid a small timing channel in Barrett reductionJack Lloyd2018-06-201-17/+19
| | | | No known exploit for this but no point taking chances.
* Benchmark only H10 XMSS signaturesJack Lloyd2018-05-281-4/+4
|
* Correct comment on XMSS speedsJack Lloyd2018-05-281-5/+9
| | | | | Not sure where I got the hour+ figure from. This may have been true with the initial release.
* Support scrypt for encrypting private keysJack Lloyd2018-05-221-2/+2
|
* Test speed of different scrypt paramsJack Lloyd2018-05-221-10/+24
|
* Tweak default `speed` targetsJack Lloyd2018-05-211-8/+8
|
* Add Scrypt key dervation functionJack Lloyd2018-05-161-0/+32
|
* Add 24-word wide Comba multiply/squareJack Lloyd2018-05-081-1/+1
| | | | | | Improves performance on "odd" sized DH/RSA (eg 1536, 3072, 6144) where otherwise the Karatsuba operation bottoms out with 24-word operands which ended up in the basecase multiply.
* Add timing for ECC double and addition algorithmsJack Lloyd2018-04-181-0/+33
|
* Add cycle counter for NIST reductionJack Lloyd2018-04-181-0/+52
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-23 18:57:26 +0000