aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/math/bigint
Commit message (Collapse)AuthorAgeFilesLines
* Fix some Doxygen warningsJack Lloyd2018-08-151-1/+0
|
* Fix BigInt::to_{dec,hex}_string for zeroJack Lloyd2018-08-151-1/+8
| | | | They returned an empty string instead
* Cleanup of BigInt encoding/decoding functionsJack Lloyd2018-08-143-16/+138
| | | | | | | | | | | | | Instigated by finding a bug where BigInt::encode with decimal output would often have a leading '0' char. Which is papered over in the IO operator, but was exposed by botan_mp_to_str which called BigInt::encode directly. Split BigInt::encode/decode into two versions, one taking the Base argument and the other using the (previously default) binary base. With a view of eventually deprecating the versions taking a base. Add BigInt::to_dec_string() and BigInt::to_hex_string()
* Add Lucas test from FIPS 186-4Jack Lloyd2018-07-312-0/+21
| | | | | | | | | | This eliminates an issue identified in the paper "Prime and Prejudice: Primality Testing Under Adversarial Conditions" by Albrecht, Massimo, Paterson and Somorovsky where DL_Group::verify_group with strong=false would accept a composite q with probability 1/4096, which is exactly as the error bound is documented, but still unfortunate.
* Check arguments to BigInt::random_integerJack Lloyd2018-06-292-2/+5
|
* Document preconditions of BigInt::mod_add/mod_subJack Lloyd2018-06-231-0/+2
|
* Avoid needless alloc and copyJack Lloyd2018-06-211-0/+6
|
* Avoid unnecessary realloc in BigInt::mod_subJack Lloyd2018-06-171-2/+7
|
* Fix a bug in Barrett reductionJack Lloyd2018-06-051-4/+3
| | | | | | -x*n % n would reduce to n instead of zero. Also some small optimizations and cleanups.
* Inline BigInt::shrink_to_fitJack Lloyd2018-05-092-7/+5
| | | | Improves P-256 a bit
* Inline this operator+ [ci skip]Jack Lloyd2018-04-262-6/+1
|
* Add BigInt functions for adding, subtracting and comparing with wordsJack Lloyd2018-04-264-51/+142
| | | | Avoids needless allocations for expressions like x - 1 or y <= 4.
* Add BigInt::mod_subJack Lloyd2018-04-232-0/+65
|
* Add const time annotationsJack Lloyd2018-04-152-0/+20
|
* Square is always positiveJack Lloyd2018-04-081-0/+1
|
* Add BigInt::square plus a speed test for BigInt multiplyJack Lloyd2018-04-082-0/+22
|
* Fix some Doxygen errorsJack Lloyd2018-03-281-1/+2
|
* Shift ECDSA inputs to match OpenSSL behaviorJack Lloyd2018-03-212-0/+21
| | | | See also GH #986
* Simplify a common case BigInt constructorJack Lloyd2018-03-212-1/+13
|
* Store base point multiplies in a single std::vectorJack Lloyd2018-03-202-0/+17
| | | | | | | | | | | Since the point is public all the values are also, so this reduces pressure on the mlock allocator and may (slightly) help perf through cache read-ahead. Downside is cache based side channels are slightly easier (vs the data being stored in discontigious vectors). But we shouldn't rely on that in any case. And having it be in an array makes a masked table lookup easier to arrange.
* Improve memory handling for PointGFpJack Lloyd2018-03-141-5/+0
|
* Move declaration of word to types.hJack Lloyd2018-03-011-1/+1
|
* Remove MP_WORD_BITS constantJack Lloyd2018-03-014-17/+17
| | | | Use the BOTAN_MP_WORD_BITS consistently
* Remove BigInt using functions from mp layerJack Lloyd2018-03-011-1/+5
|
* Inline some simple BigInt sign handling functionsJack Lloyd2018-03-012-32/+17
|
* Avoid needless allocation in BigInt operator+=Jack Lloyd2018-02-281-4/+2
| | | | Kind of amazing what a difference that made for overall ECDSA perf
* Optimize P-256 and P-384 reductionJack Lloyd2018-02-262-4/+14
| | | | Precompute the multiples of the prime and then subtract directly.
* Avoid some needless allocationsJack Lloyd2018-02-261-11/+27
|
* Optimize Barrett reductionJack Lloyd2018-02-263-4/+79
| | | | | | | | | | OSS-Fuzz 6570 flagged an issue with slow modular exponentation. It turned out the problem was not in the library version but the simple square-and-multiply algorithm. Computing g^x % p with all three integers being dense (high Hamming weight) numbers took about 1.5 seconds on a fast machine with almost all of the time taken by the Barrett reductions. With these changes, same testcase now takes only a tiny fraction of a second.
* Add BigInt::operator*= taking a wordJack Lloyd2018-02-262-2/+23
| | | | Avoids memory allocation when multiplying by a small constant.
* Use reduce_below in PointGFpJack Lloyd2018-02-251-0/+2
| | | | Improves ECDSA times by 2-3%
* Add BigInt::reduce_belowJack Lloyd2018-02-252-0/+33
|
* Pass workspace size to various bigint_ functionsJack Lloyd2018-02-252-2/+2
| | | | | | These functions made assumptions about the workspace size available, which if incorrect would cause memory corruption. Since the length is always available at the caller, just provide it and avoid problems.
* Minor optimizations in BigInt memory handlingJack Lloyd2018-02-232-2/+4
| | | | Makes 4-6% difference for ECDSA
* Fix an error in BigInt operator-Jack Lloyd2018-02-231-0/+1
| | | | (x) - (-x) would result in -2x instead of the correct 2x
* In PointGFp add/double avoid creating temporariesJack Lloyd2018-02-231-1/+7
| | | | | | | We already had the temp workspace passed in but did not use it effectively... :/ Improves ECDSA sign and verify by 5-15%
* New API for blinded ECC point multiplicationJack Lloyd2018-02-211-1/+1
| | | | No shared state
* Minor optimizations for BigInt operator/Jack Lloyd2018-02-191-0/+6
| | | | Detect divisions by small powers of 2
* Tiny optimization in BigInt::const_time_lookupJack Lloyd2018-02-131-1/+3
|
* Remove needless variableJack Lloyd2017-10-061-2/+0
|
* Add wrappers for reinterpret_cast between char* and uint8_t*Jack Lloyd2017-10-033-5/+5
| | | | | | | Generally speaking reinterpret_cast is sketchy stuff. But the special case of char*/uint8_t* is both common and safe. By isolating those, the remaining (likely sketchy) cases are easier to grep for.
* Remove redundant parensJack Lloyd2017-10-031-1/+1
| | | | Sonar
* Use class for exception typesJack Lloyd2017-10-021-2/+5
|
* Use explicit on more single-argument constructorsJack Lloyd2017-09-301-1/+1
|
* Add valgrind annotations to check const_time_lookupJack Lloyd2017-09-261-0/+5
|
* Use a side channel silent table look up in the Montgomery exponentiationJack Lloyd2017-09-252-0/+35
|
* Apply final annotations to the library alsoJack Lloyd2017-09-221-2/+2
| | | | | Done by a perl script which converted all classes to final, followed by selective reversion where it caused compilation failures.
* Header file cleanupsJack Lloyd2017-09-213-4/+4
| | | | Some help from include-what-you-use
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-202-4/+4
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-192-13/+13
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 17:54:21 +0000