aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey
Commit message (Collapse)AuthorAgeFilesLines
* Catch exceptions by reference not valueJack Lloyd2018-03-161-1/+1
| | | | Fixes a new warning in GCC 8
* Avoid using threads in DSA operationsJack Lloyd2018-03-151-25/+3
| | | | | | | | | For DSA signing using a thread turned out to be purely a pessimization. The single threaded code is faster even on a 4-core machine running Linux (which has very fast thread creation). It would likely be much worse on a single core machine or an OS with slower thread primitives. For DSA verification, use Montgomery multi-exponentiation instead.
* Add multiexponentation interface to DL_GroupJack Lloyd2018-03-152-3/+17
|
* Add a facility for debug-mode assertionsJack Lloyd2018-03-143-2/+9
| | | | | When we want to check something but it is to expensive to do so in normal builds.
* Assume CurveGFp inputs are at most p words longJack Lloyd2018-03-141-13/+27
| | | | Lets us avoid calling sig_words much of the time. Improves ECDSA 5-7%
* Avoid creating a temp hereJack Lloyd2018-03-141-4/+4
|
* Improve memory handling for PointGFpJack Lloyd2018-03-145-63/+83
|
* Tweaks to force_all_affineJack Lloyd2018-03-121-7/+5
|
* Merge GH #1483 Use uncompressed points for ECC by defaultJack Lloyd2018-03-107-44/+72
|\
| * Rename point_format to point_encodingJack Lloyd2018-03-102-2/+2
| | | | | | | | Matches setter
| * Add PointGFp::encode as replacement for EC2OSPJack Lloyd2018-03-106-45/+48
| | | | | | | | | | | | Literally every single call to EC2OSP is converting the returned secure_vector to a std::vector. Which makes sense since private points are not really a thing in any protocol I know of.
| * Default to encoding ECC public keys as uncompressed. GH #1480Jack Lloyd2018-03-102-1/+26
| |
* | Revert "Use move to avoid needless some needless copies"Jack Lloyd2018-03-101-16/+16
|/ | | | | | | | This reverts commit 5185c2aaa8bf9556556e4507869042a71eaba6c0. Clang says warning: moving a temporary object prevents copy elision [-Wpessimizing-move]
* Use move to avoid needless some needless copiesJack Lloyd2018-03-091-16/+16
|
* Cleanup commentsJack Lloyd2018-03-091-10/+7
|
* Use blinded_base_point_multiply_x in the various signature schemesJack Lloyd2018-03-085-14/+17
|
* Avoid creating too-large values during ECDSA signingJack Lloyd2018-03-081-3/+5
| | | | | It would cause the Barrett reduction to fallback to schoolbook division. Small but noticable speedup (2-3%)
* Add blinded_base_point_multiply_xJack Lloyd2018-03-082-0/+20
| | | | Often useful when the point is not needed
* Mul into temps to avoid allocationsJack Lloyd2018-03-081-7/+8
|
* Add PointGFp::force_all_affine using Montgomery's trickJack Lloyd2018-03-083-9/+68
| | | | Also be somewhat smarter in force_affine avoids several muls
* Require explicit calls to add_affineJack Lloyd2018-03-082-5/+2
| | | | Skipping the checks saves 3-7% for ECDSA
* Add destructor for unique_ptrJack Lloyd2018-03-082-0/+7
|
* Add mixed (J+A) point addition, new scalar mul for base pointsJack Lloyd2018-03-0812-136/+403
| | | | | | | | | Adds PointGFp::force_affine(), ::add_affine(), and ::is_affine() Use a (very simple) technique for base point precomputations. Stick with fixed window for variable point inputs. Scalar blinding is now always enabled
* Support decoding of ECC groups with seed parameterJack Lloyd2018-03-041-0/+2
| | | | Closes GH #874
* Use Barrett instead of repeated divisions by p hereJack Lloyd2018-03-041-3/+6
| | | | Doesn't matter much since its a one time setup cost but can't hurt.
* Reduce temp usage in PointGFp addition and doublingJack Lloyd2018-03-044-104/+95
| | | | No noticable change in performance
* Avoid confusing error if invalid EC_Group is usedJack Lloyd2018-03-021-3/+9
| | | | | If an unknown group name was passed it would give a PEM error, instead of saying unknown group.
* Remove BigInt using functions from mp layerJack Lloyd2018-03-011-6/+19
|
* Fix overflow in monty_redcJack Lloyd2018-02-271-4/+4
| | | | | | | | | OSS-Fuzz caught a bug introduced in 5fcc1c70d7a. bigint_monty_redc assumes z is 2*p_words+2 words long. Previously the implicit rounding up in grow_to ensured a resize would result in a sufficiently large value. OSS-Fuzz 6581 6588 6593
* Avoid unnecessary calls to BigInt::grow_toJack Lloyd2018-02-261-4/+9
|
* Avoid using monty workspace for reduce_belowJack Lloyd2018-02-261-6/+6
| | | | | | | | | If the workspace is swapped, then it is too small for the Montgomery operation and will be reallocate on the next sqr/multiply operation. Also use ws[9] consistently for the Montgomery workspace, otherwise if add needs to pass off the mult2, the workspaces are not the expected size and again a reallocation occurs.
* Avoid some needless allocationsJack Lloyd2018-02-261-2/+4
|
* Add functions to EC_Group for getting base point coordinatesJack Lloyd2018-02-254-16/+68
|
* Merge GH #1461 Add Montgomery_Int typeJack Lloyd2018-02-251-1/+4
|\
| * Add Montgomery_Int typeJack Lloyd2018-02-251-1/+4
| |
* | Merge ec_gfp and ec_group modulesJack Lloyd2018-02-256-2/+1525
|/ | | | | They were already somewhat entangled and future work will increase that (eg by having PointGFp hold a pointer to EC_Group)
* Add DL_Group::estimated_strengthJack Lloyd2018-02-233-4/+20
|
* Add EC_Group::verify_public_elementJack Lloyd2018-02-233-28/+33
|
* Add DL_Group functions to verify elementsJack Lloyd2018-02-233-31/+48
|
* Merge GH #1457 Use faster algorithm for ECC multiplicationJack Lloyd2018-02-2210-49/+112
|\
| * Small cleanupJack Lloyd2018-02-211-3/+8
| |
| * Minimize header dependenciesJack Lloyd2018-02-211-1/+2
| |
| * Expose EC_Group::a_is_minus_3Jack Lloyd2018-02-212-1/+15
| |
| * New API for blinded ECC point multiplicationJack Lloyd2018-02-2110-44/+87
| | | | | | | | No shared state
* | Fix incorrect check in DL key checkJack Lloyd2018-02-221-6/+3
| | | | | | | | get_q returns zero instead of throwing if q is not set
* | Remove unused include [ci skip]Jack Lloyd2018-02-221-1/+0
|/
* Add some additional error checking to DL_GroupJack Lloyd2018-02-201-0/+6
|
* Fix validation of SRP groupsJack Lloyd2018-02-192-12/+24
| | | | | For whatever reason in the SRP groups g generates the group mod p rather than the subgroup of size q.
* Remove PK_Ops::Decryption_with_EME::max_raw_input_bitsJack Lloyd2018-02-193-5/+0
| | | | | Unused and not exposed to higher levels. RSA and ElGamal both check their inputs vs the system parameters (n, p) after decoding.
* Merge GH #1454 Used shared_ptr repr for DL_GroupJack Lloyd2018-02-1910-788/+617
|\
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 22:22:37 +0000