Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Speed up DSA param gen | Jack Lloyd | 2018-05-21 | 1 | -3/+6 |
| | | | | Using Barrett reduction instead of division is ~10x faster. | ||||
* | Fix typo in comment [ci skip] | Jack Lloyd | 2018-05-17 | 1 | -1/+1 |
| | |||||
* | Add clarifying comments and increase M-R tests for 256-bit integers | Jack Lloyd | 2018-05-15 | 1 | -3/+7 |
| | | | | See #1542 and #1569 | ||||
* | Always use 1/2^-128 error bounds with Miller-Rabin | Jack Lloyd | 2018-05-14 | 1 | -24/+14 |
| | | | | | | | Simplifies the code and makes it easy to see we never use the weaker bounds even if the application expicitly requested it. GH #1569 | ||||
* | Add message to BOTAN_ARG_CHECK and use it more widely | Jack Lloyd | 2018-05-13 | 1 | -2/+1 |
| | |||||
* | Inline BigInt::shrink_to_fit | Jack Lloyd | 2018-05-09 | 2 | -7/+5 |
| | | | | Improves P-256 a bit | ||||
* | Add 24-word wide Comba multiply/square | Jack Lloyd | 2018-05-08 | 3 | -1/+1101 |
| | | | | | | Improves performance on "odd" sized DH/RSA (eg 1536, 3072, 6144) where otherwise the Karatsuba operation bottoms out with 24-word operands which ended up in the basecase multiply. | ||||
* | Remove needless allocation in Montgomery_Int::mul_by | Jack Lloyd | 2018-05-02 | 2 | -7/+41 |
| | |||||
* | Make Montgomery_Int public, add function for addition with workspace | Jack Lloyd | 2018-05-02 | 2 | -3/+11 |
| | |||||
* | Inline this operator+ [ci skip] | Jack Lloyd | 2018-04-26 | 2 | -6/+1 |
| | |||||
* | Correct handling of gcd(p - 1, e) in RSA keygen | Jack Lloyd | 2018-04-26 | 1 | -7/+25 |
| | | | | | | | | | | We were calling inverse mod but because p - 1 > e the binary extended euclidean algorithm was used instead of the const time version. Use the fact that e is odd (for RSA keys) to remove the factors of 2 from p - 1 and then check coprimality that way, since it allows using our const time algo. | ||||
* | Rewrite GCD in less branchy way, and use Montgomery in M-R test | Jack Lloyd | 2018-04-26 | 1 | -16/+30 |
| | |||||
* | Add BigInt functions for adding, subtracting and comparing with words | Jack Lloyd | 2018-04-26 | 4 | -51/+142 |
| | | | | Avoids needless allocations for expressions like x - 1 or y <= 4. | ||||
* | Add BigInt::mod_sub | Jack Lloyd | 2018-04-23 | 2 | -0/+65 |
| | |||||
* | Add early exit for P-192 reduce | Jack Lloyd | 2018-04-18 | 1 | -0/+5 |
| | |||||
* | Remove now unused function | Jack Lloyd | 2018-04-18 | 1 | -19/+0 |
| | |||||
* | Optimize P-224 reduction | Jack Lloyd | 2018-04-18 | 1 | -47/+77 |
| | | | | 5-7% faster ECDSA | ||||
* | Further NIST reduction tweaks | Jack Lloyd | 2018-04-18 | 1 | -40/+44 |
| | |||||
* | P-192 optimizations | Jack Lloyd | 2018-04-18 | 1 | -34/+64 |
| | | | | 5-7% faster for ECDSA and ECDH | ||||
* | Micro optimizations in P-256 and P-384 reductions | Jack Lloyd | 2018-04-18 | 1 | -30/+73 |
| | | | | Improves ECDSA and ECDH by 1% or so. | ||||
* | Minor optimizations for P-256 and P-384 | Jack Lloyd | 2018-04-17 | 1 | -161/+65 |
| | | | | Improves ECDSA by ~5% on Skylake | ||||
* | Avoid potential side channel when generating RSA primes | Jack Lloyd | 2018-04-17 | 3 | -41/+173 |
| | | | | | | | | | | Add a new function dedicated to generating RSA primes. Don't test for p.bits() > bits until the very end - rarely happens, and speeds up prime generation quite noticably. Add Miller-Rabin error probabilities for 1/2**128, which again speeds up RSA keygen and DL param gen quite a bit. | ||||
* | Add vars to split the two Karatsuba sub-workspaces | Jack Lloyd | 2018-04-16 | 1 | -14/+20 |
| | |||||
* | Add const time annotations | Jack Lloyd | 2018-04-15 | 5 | -6/+42 |
| | |||||
* | Simplify Karatsuba code | Jack Lloyd | 2018-04-15 | 3 | -39/+43 |
| | | | | And set us up for eventually having this be completely const time. | ||||
* | Add a Montgomery exponentiation that takes variable time | Jack Lloyd | 2018-04-09 | 2 | -0/+38 |
| | | | | | | | | In the case of RSA encryption/verification the public exponent is... public. So we don't need to carefully guard against side channels that leak the exponent. Improves RSA verification performance by 50% or more. | ||||
* | Square is always positive | Jack Lloyd | 2018-04-08 | 1 | -0/+1 |
| | |||||
* | Add BigInt::square plus a speed test for BigInt multiply | Jack Lloyd | 2018-04-08 | 3 | -8/+25 |
| | |||||
* | Convert comba script to Python3 | Jack Lloyd | 2018-04-08 | 1 | -1/+1 |
| | |||||
* | Split up asm constructs to avoid miscompilation | Jack Lloyd | 2018-04-05 | 1 | -30/+49 |
| | | | | | | | The constraints were invalid as they missed the clobber of a/d registers. This caused miscompilation when using GCC -fno-plt option. GH #1524 | ||||
* | Fix some Doxygen errors | Jack Lloyd | 2018-03-28 | 2 | -1/+3 |
| | |||||
* | In Barrett avoid creating an unnecessary temp | Jack Lloyd | 2018-03-25 | 1 | -4/+4 |
| | |||||
* | Fix some corner cases for small values in power_mod | Jack Lloyd | 2018-03-24 | 1 | -1/+15 |
| | |||||
* | Tiny optimization in Montgomery inverse | Jack Lloyd | 2018-03-22 | 1 | -1/+1 |
| | |||||
* | Shift ECDSA inputs to match OpenSSL behavior | Jack Lloyd | 2018-03-21 | 2 | -0/+21 |
| | | | | See also GH #986 | ||||
* | Simplify a common case BigInt constructor | Jack Lloyd | 2018-03-21 | 2 | -1/+13 |
| | |||||
* | Store base point multiplies in a single std::vector | Jack Lloyd | 2018-03-20 | 2 | -0/+17 |
| | | | | | | | | | | | Since the point is public all the values are also, so this reduces pressure on the mlock allocator and may (slightly) help perf through cache read-ahead. Downside is cache based side channels are slightly easier (vs the data being stored in discontigious vectors). But we shouldn't rely on that in any case. And having it be in an array makes a masked table lookup easier to arrange. | ||||
* | Remove use of ;; to end lines | Jack Lloyd | 2018-03-19 | 2 | -2/+2 |
| | |||||
* | Add basecase_sqr function | Jack Lloyd | 2018-03-16 | 1 | -3/+29 |
| | | | | | | Just a simple adaption of the n^2 multiply algorithm, so no performance impact. However makes the difference between squaring and multiply easier to see when profiling. | ||||
* | Add Montgomery multiexponentiation | Jack Lloyd | 2018-03-15 | 4 | -0/+95 |
| | |||||
* | Some additional operations on Montgomery_Int | Jack Lloyd | 2018-03-14 | 2 | -0/+45 |
| | | | | Needed for #1432 | ||||
* | Add a facility for debug-mode assertions | Jack Lloyd | 2018-03-14 | 1 | -3/+7 |
| | | | | | When we want to check something but it is to expensive to do so in normal builds. | ||||
* | Improve memory handling for PointGFp | Jack Lloyd | 2018-03-14 | 3 | -6/+3 |
| | |||||
* | Allow passing workspace to Montgomery_Int | Jack Lloyd | 2018-03-13 | 3 | -34/+140 |
| | | | | | | | Improves DH and RSA by 5-15% depending on param sizes. At larger sizes (3072+) doesn't make much difference since the cost of allocation is relatively small compared to the work. | ||||
* | Reduce exponent size here | Jack Lloyd | 2018-03-10 | 1 | -1/+1 |
| | | | | Triggers for RSA exponents which improves RSA verify time by ~10% | ||||
* | Add some helper functions for checking for Comba sizes | Jack Lloyd | 2018-03-10 | 1 | -15/+27 |
| | |||||
* | Simplify indexing in this loop | Jack Lloyd | 2018-03-04 | 1 | -5/+5 |
| | |||||
* | Fix header includes | Jack Lloyd | 2018-03-02 | 2 | -2/+3 |
| | |||||
* | Implement product-scanning Montgomery reduction | Jack Lloyd | 2018-03-02 | 2 | -30/+88 |
| | | | | | Results in 10-20% improvement for DH and RSA, 5% for ECC curves that use Montgomery form. | ||||
* | Tiny but useful optimization in bigint_monty_redc | Jack Lloyd | 2018-03-01 | 1 | -1/+1 |
| | | | | Increases perf of larger DH by 5-8% |