aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Add message to BOTAN_ARG_CHECK and use it more widelyJack Lloyd2018-05-1344-95/+138
|
* Inline BigInt::shrink_to_fitJack Lloyd2018-05-092-7/+5
| | | | Improves P-256 a bit
* Merge GH #1564 Add 24x Comba multiply/squareJack Lloyd2018-05-093-1/+1101
|\
| * Add 24-word wide Comba multiply/squareJack Lloyd2018-05-083-1/+1101
| | | | | | | | | | | | Improves performance on "odd" sized DH/RSA (eg 1536, 3072, 6144) where otherwise the Karatsuba operation bottoms out with 24-word operands which ended up in the basecase multiply.
* | Slight refactoring to avoid GCC signed overflow warnings. [ci skip]Jack Lloyd2018-05-081-4/+4
|/ | | | Couldn't occur since length is 24 bits but GCC couldn't figure that out.
* Merge GH #1563 Use correct calling convention for RtlGenRandomJack Lloyd2018-05-071-4/+8
|\
| * Use type BYTE instead of BOOLEANSimon Warta2018-05-081-1/+4
| |
| * Rename RtlGenRandom_f -> RtlGenRandom_fptrSimon Warta2018-05-071-3/+3
| | | | | | | | because this is a function pointer, not a function
| * Rewrite assignment of RtlGenRandom_f using "using"Simon Warta2018-05-071-1/+1
| |
| * Check return value of m_rtlgenrandom against proper typeSimon Warta2018-05-071-1/+2
| |
| * Use BOOLEAN return type for RtlGenRandom_fSimon Warta2018-05-071-1/+1
| |
| * Add missing NTAPI to RtlGenRandom_f signatureSimon Warta2018-05-071-1/+1
| |
* | Fix some warnings new in GCC 8.1Jack Lloyd2018-05-076-43/+49
| | | | | | | | | | It thinks the typedefs are "locals" that are being conflicted with, which seems wrong to me but whatever.
* | Remove needless allocation in Montgomery_Int::mul_byJack Lloyd2018-05-022-7/+41
| |
* | Make Montgomery_Int public, add function for addition with workspaceJack Lloyd2018-05-022-3/+11
| |
* | Add OpenPGP-specific curve OIDsMarcus Brinkmann2018-05-021-1/+5
| |
* | Inline this operator+ [ci skip]Jack Lloyd2018-04-262-6/+1
| |
* | Add a comment on side channels hereJack Lloyd2018-04-261-4/+5
| |
* | Correct handling of gcd(p - 1, e) in RSA keygenJack Lloyd2018-04-261-7/+25
| | | | | | | | | | | | | | | | | | | | We were calling inverse mod but because p - 1 > e the binary extended euclidean algorithm was used instead of the const time version. Use the fact that e is odd (for RSA keys) to remove the factors of 2 from p - 1 and then check coprimality that way, since it allows using our const time algo.
* | Remove unused includeJack Lloyd2018-04-261-1/+0
| |
* | Rewrite GCD in less branchy way, and use Montgomery in M-R testJack Lloyd2018-04-261-16/+30
| |
* | Add BigInt functions for adding, subtracting and comparing with wordsJack Lloyd2018-04-264-51/+142
| | | | | | | | Avoids needless allocations for expressions like x - 1 or y <= 4.
* | Add final annotations [ci skip]Jack Lloyd2018-04-241-3/+3
| |
* | Add BigInt::mod_subJack Lloyd2018-04-234-93/+128
| |
* | Use EC_Group::inverse_mod_order where appropriateJack Lloyd2018-04-202-6/+3
| |
* | Add Fermat based inversion of P-384 field elementsJack Lloyd2018-04-191-0/+72
| | | | | | | | | | | | | | | | | | Cuts about 100K cycles from the inversion, improving ECDSA sign by 10% and ECDH by ~2% Addition chain from https://briansmith.org/ecc-inversion-addition-chains-01 GH #1479
* | Add field inversion for P-521Jack Lloyd2018-04-181-0/+68
| | | | | | | | ECDSA sign about 10% faster, ECDSA verify and ECDH about 5% faster.
* | Add optimized inversion for P-256Jack Lloyd2018-04-181-0/+75
| | | | | | | | | | | | Could be slightly more clever here but this is pretty decent. GH #1479
* | Add early exit for P-192 reduceJack Lloyd2018-04-181-0/+5
| |
* | Remove now unused functionJack Lloyd2018-04-181-19/+0
| |
* | Optimize P-224 reductionJack Lloyd2018-04-181-47/+77
| | | | | | | | 5-7% faster ECDSA
* | Further NIST reduction tweaksJack Lloyd2018-04-181-40/+44
| |
* | P-192 optimizationsJack Lloyd2018-04-181-34/+64
| | | | | | | | 5-7% faster for ECDSA and ECDH
* | Micro optimizations in P-256 and P-384 reductionsJack Lloyd2018-04-181-30/+73
| | | | | | | | Improves ECDSA and ECDH by 1% or so.
* | Minor optimizations for P-256 and P-384Jack Lloyd2018-04-171-161/+65
| | | | | | | | Improves ECDSA by ~5% on Skylake
* | Add EC_Group::inverse_mod_orderJack Lloyd2018-04-176-6/+21
| | | | | | | | | | | | | | Centralizing this logic allows curve specific implementations such as using a precomputed ladder for exponentiating by p - 2 GH #1479
* | Precompute for multiexponentation when verifying ECC signaturesJack Lloyd2018-04-174-15/+19
| | | | | | | | | | ECDSA already did this. Improves repeated ECGDSA, ECKCDSA, SM2, and GOST signature verification by 10-15%
* | Avoid potential side channel when generating RSA primesJack Lloyd2018-04-174-43/+179
| | | | | | | | | | | | | | | | | | | | Add a new function dedicated to generating RSA primes. Don't test for p.bits() > bits until the very end - rarely happens, and speeds up prime generation quite noticably. Add Miller-Rabin error probabilities for 1/2**128, which again speeds up RSA keygen and DL param gen quite a bit.
* | Remove debug assignment [ci skip]Jack Lloyd2018-04-161-1/+0
| |
* | Truncate new SKIDs to 192 bitsJack Lloyd2018-04-162-6/+9
| | | | | | | | | | More than long enough, and saves quite a bit of space especially for SHA-512 certificates.
* | Add vars to split the two Karatsuba sub-workspacesJack Lloyd2018-04-161-14/+20
| |
* | Merge GH #1540 Progress towards const-time RSAJack Lloyd2018-04-1610-47/+112
|\ \
| * | Add const time annotationsJack Lloyd2018-04-156-7/+43
| | |
| * | Simplify Karatsuba codeJack Lloyd2018-04-153-39/+43
| | | | | | | | | | | | And set us up for eventually having this be completely const time.
| * | Use GCC builtins for clz operationJack Lloyd2018-04-151-1/+26
| | |
* | | Use bad_record_mac instead of decode_error for short TLS packetsJack Lloyd2018-04-161-1/+8
|/ / | | | | | | | | Decode error seems more appropriate but it confuses some automated tools including older versions of TLS-Attacker.
* | Add an explicit test mode buildJack Lloyd2018-04-141-2/+2
| | | | | | | | GH #1537
* | Merge GH #1538 Minor ECC optimizationsJack Lloyd2018-04-147-21/+105
|\ \
| * | Various minor ECC optimizationsJack Lloyd2018-04-137-21/+105
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add a way of getting Montgomery representation of one. Reduce use of temporaries in variable point mult. Prefer doubling over addition in precomputing fixed window. Add Brainpool ECDH tests Improves ECDH by 2-3% across the board
* | | Merge GH #1531 Improve XMSS test coverageJack Lloyd2018-04-143-12/+8
|\ \ \ | |/ / |/| |