aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Add optimized inversion for P-256Jack Lloyd2018-04-181-0/+75
| | | | | | Could be slightly more clever here but this is pretty decent. GH #1479
* Add early exit for P-192 reduceJack Lloyd2018-04-181-0/+5
|
* Remove now unused functionJack Lloyd2018-04-181-19/+0
|
* Optimize P-224 reductionJack Lloyd2018-04-181-47/+77
| | | | 5-7% faster ECDSA
* Further NIST reduction tweaksJack Lloyd2018-04-181-40/+44
|
* P-192 optimizationsJack Lloyd2018-04-181-34/+64
| | | | 5-7% faster for ECDSA and ECDH
* Micro optimizations in P-256 and P-384 reductionsJack Lloyd2018-04-181-30/+73
| | | | Improves ECDSA and ECDH by 1% or so.
* Minor optimizations for P-256 and P-384Jack Lloyd2018-04-171-161/+65
| | | | Improves ECDSA by ~5% on Skylake
* Add EC_Group::inverse_mod_orderJack Lloyd2018-04-176-6/+21
| | | | | | | Centralizing this logic allows curve specific implementations such as using a precomputed ladder for exponentiating by p - 2 GH #1479
* Precompute for multiexponentation when verifying ECC signaturesJack Lloyd2018-04-174-15/+19
| | | | | ECDSA already did this. Improves repeated ECGDSA, ECKCDSA, SM2, and GOST signature verification by 10-15%
* Avoid potential side channel when generating RSA primesJack Lloyd2018-04-174-43/+179
| | | | | | | | | | Add a new function dedicated to generating RSA primes. Don't test for p.bits() > bits until the very end - rarely happens, and speeds up prime generation quite noticably. Add Miller-Rabin error probabilities for 1/2**128, which again speeds up RSA keygen and DL param gen quite a bit.
* Remove debug assignment [ci skip]Jack Lloyd2018-04-161-1/+0
|
* Truncate new SKIDs to 192 bitsJack Lloyd2018-04-162-6/+9
| | | | | More than long enough, and saves quite a bit of space especially for SHA-512 certificates.
* Add vars to split the two Karatsuba sub-workspacesJack Lloyd2018-04-161-14/+20
|
* Merge GH #1540 Progress towards const-time RSAJack Lloyd2018-04-1610-47/+112
|\
| * Add const time annotationsJack Lloyd2018-04-156-7/+43
| |
| * Simplify Karatsuba codeJack Lloyd2018-04-153-39/+43
| | | | | | | | And set us up for eventually having this be completely const time.
| * Use GCC builtins for clz operationJack Lloyd2018-04-151-1/+26
| |
* | Use bad_record_mac instead of decode_error for short TLS packetsJack Lloyd2018-04-161-1/+8
|/ | | | | Decode error seems more appropriate but it confuses some automated tools including older versions of TLS-Attacker.
* Add an explicit test mode buildJack Lloyd2018-04-141-2/+2
| | | | GH #1537
* Merge GH #1538 Minor ECC optimizationsJack Lloyd2018-04-147-21/+105
|\
| * Various minor ECC optimizationsJack Lloyd2018-04-137-21/+105
| | | | | | | | | | | | | | | | | | Add a way of getting Montgomery representation of one. Reduce use of temporaries in variable point mult. Prefer doubling over addition in precomputing fixed window. Add Brainpool ECDH tests Improves ECDH by 2-3% across the board
* | Merge GH #1531 Improve XMSS test coverageJack Lloyd2018-04-143-12/+8
|\ \ | |/ |/|
| * Removes unused overload in XMSS_HashMatthias Gierlings2018-04-122-12/+0
| | | | | | | | - Removes overload `XMSS_Hash::h_msg_update(secure_vector<uint8_t>&)`
| * Codecov - cover MT code in XMSS_PrivateKeyMatthias Gierlings2018-04-121-0/+8
| | | | | | | | | | | | Codecov does not reach all parts of the `XMSS_PrivateKey` code because too few cores are detected during the CI run. To cover the missed codepaths always return a large enough core count if botan is compiled with coverage.
* | Merge GH #1537 Add missing XMSS signature length checkJack Lloyd2018-04-122-22/+21
|\ \
| * | Adds missing XMSS signature length check.Matthias Gierlings2018-04-122-22/+21
| | | | | | | | | | | | | | | | | | | | | | | | - Fixes out of bounds read in `XMSS_Signature` constructor when the raw signature data supplied as arguments is shorter than the signature size defined by the XMSS parameter set encoded in the `XMSS_PublicKey`. - Fixes valid signatures with arbitrary appended data to be verified as correct signature.
* | | In XMSS_Tools::bench_threads only call hardware_concurrency onceJack Lloyd2018-04-121-7/+9
| | | | | | | | | | | | | | | Getting this value will typically require either a system call or a cpuid call, both of which are fairly expensive.
* | | Allow year up to 2200 in ASN1 time objectsJack Lloyd2018-04-122-4/+19
| |/ |/| | | | | | | | | Also tighten up checking of days Fixes GH #1536
* | Optimize EC point doubling for a == 0 and a == -3Jack Lloyd2018-04-113-9/+61
|/
* Add EC_Group::a_is_zeroJack Lloyd2018-04-112-1/+14
|
* Add missing errno.h include to entropy/dev_randomfwsGonzo2018-04-111-0/+1
|
* Add DL_Group::exponent_bitsJack Lloyd2018-04-094-7/+25
| | | | Just a useful helper
* Add a Montgomery exponentiation that takes variable timeJack Lloyd2018-04-093-7/+52
| | | | | | | | In the case of RSA encryption/verification the public exponent is... public. So we don't need to carefully guard against side channels that leak the exponent. Improves RSA verification performance by 50% or more.
* Fix bug that broke session decryption (and thus resumption)Jack Lloyd2018-04-091-1/+1
| | | | Introduced in 3657639ab. Add a test that would have caught this
* Fix off by one when decoding TLS-CBC ciphertextsJack Lloyd2018-04-093-27/+30
|
* Fix interop bug in TLS serverJack Lloyd2018-04-083-0/+33
| | | | | The connection would fail if the client advertised any signature algorithm we did not support (eg RSA/SHA-224)
* Square is always positiveJack Lloyd2018-04-081-0/+1
|
* Add BigInt::square plus a speed test for BigInt multiplyJack Lloyd2018-04-083-8/+25
|
* Convert comba script to Python3Jack Lloyd2018-04-081-1/+1
|
* Work around unique_ptr conversion bug in older GCCJack Lloyd2018-04-071-1/+1
|
* Add RAII versions of get_cipher_mode and get_aeadJack Lloyd2018-04-0713-76/+143
| | | | See also #1526
* Add defensive assert to buffer_insertJack Lloyd2018-04-071-0/+2
| | | | | Otherwise an integer overflow bug elsewhere could turn into a heap overflow.
* Add pk_workfactor CLI and refactor workfactor estimator functionsJack Lloyd2018-04-051-12/+19
| | | | No reason to duplicate the NFS workfactor estimator twice
* Split up asm constructs to avoid miscompilationJack Lloyd2018-04-051-30/+49
| | | | | | | The constraints were invalid as they missed the clobber of a/d registers. This caused miscompilation when using GCC -fno-plt option. GH #1524
* Merge GH #1523 RSA optimizations and exponent blindingJack Lloyd2018-04-042-25/+53
|\
| * Work around a bug in MSVC lambda handlingJack Lloyd2018-04-041-1/+1
| |
| * Add RSA exponent blindingJack Lloyd2018-04-042-5/+14
| | | | | | | | Additional paranoia never hurt.
| * Tweak how RSA private operations are performedJack Lloyd2018-04-041-25/+44
| | | | | | | | Improves perf by about 15%
* | Add DL_Group::monty_params_p to get Montgomery paramsJack Lloyd2018-04-042-2/+13
|/
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 20:15:14 +0000