| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Previous EEA leaked information about the low word of the prime,
which is a problem for RSA.
|
|
|
|
|
|
|
|
|
|
| |
This eliminates an issue identified in the paper
"Prime and Prejudice: Primality Testing Under Adversarial Conditions"
by Albrecht, Massimo, Paterson and Somorovsky
where DL_Group::verify_group with strong=false would accept a composite
q with probability 1/4096, which is exactly as the error bound is
documented, but still unfortunate.
|
|
|
|
|
|
|
|
|
|
| |
Add a new function dedicated to generating RSA primes.
Don't test for p.bits() > bits until the very end - rarely happens,
and speeds up prime generation quite noticably.
Add Miller-Rabin error probabilities for 1/2**128, which again
speeds up RSA keygen and DL param gen quite a bit.
|
|
|
|
|
| |
Makes it easier to benchmark, or call in cases where the const
time algorithm is not required.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
First, correct a bug in the sieve code. It would break early if
a value did not match up with the sieve. However in that case,
the sieve values would be out of sync with the value of p, and
would be returning effectively random results. This caused
prime generation to be slower than it should be, both because the
sieve was incorrectly rejecting values that were not multiples of
any small prime and was allowing values that were multiples of
small primes to move on to the Miller-Rabin test.
In the sieve, also sieve so that 2*q+1 is also not a multiple of
the small primes. This speeds up safe prime generation.
GH #1411
|
| |
|
|
|
|
| |
Some help from include-what-you-use
|
|
|
|
|
|
| |
ISO C++ reserves names with double underscores in them
Closes #512
|
|
|
|
|
| |
Defined in build.h, all equal to BOTAN_DLL so ties into existing
system for exporting symbols.
|
|
|
|
| |
Found during a review by BSI
|
|
|
|
| |
Record counter value in test data, and start the search from there.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| |
|
| |
|
|
|
|
| |
Also adds a (not const time) implementation of almost Montgomery reduction.
|
| |
|
| |
|
|
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
|
|
|
|
|
| |
to specify a probability as well as if n was randomly chosen or not.
If the input is random use a better bounds to reduce the number of
needed tests.
|
|
|
|
|
| |
provides a much better worst-case error bound. Also take the nonce from anywhere
in the usable range rather than limiting the bit size.
|
|
|