aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixes for DES/3DESJack Lloyd2018-05-161-7/+7
|
* Merge GH #1570 Add ScryptJack Lloyd2018-05-166-8/+161
|\
| * Add Scrypt key dervation functionJack Lloyd2018-05-166-8/+161
| |
* | Unroll DES to encrypt/decrypt 2 rounds in parallelJack Lloyd2018-05-161-122/+198
|/ | | | About 50% faster for CBC decrypt
* Add clarifying comments and increase M-R tests for 256-bit integersJack Lloyd2018-05-151-3/+7
| | | | See #1542 and #1569
* Always use 1/2^-128 error bounds with Miller-RabinJack Lloyd2018-05-141-24/+14
| | | | | | | Simplifies the code and makes it easy to see we never use the weaker bounds even if the application expicitly requested it. GH #1569
* Merge GH #1568 Use BOTAN_ARG_CHECK moreJack Lloyd2018-05-1444-95/+138
|\
| * Add message to BOTAN_ARG_CHECK and use it more widelyJack Lloyd2018-05-1344-95/+138
| |
* | Apple Clang requires min/max be constexprJack Lloyd2018-05-131-1/+10
| | | | | | | | Add BOTAN_CONSTEXPR since we are still stuck with VC2013 for a while.
* | Fixes for compilation in C++17 mode by MSVCJack Lloyd2018-05-131-3/+7
|/ | | | Fixes GH #1566
* Inline BigInt::shrink_to_fitJack Lloyd2018-05-092-7/+5
| | | | Improves P-256 a bit
* Merge GH #1564 Add 24x Comba multiply/squareJack Lloyd2018-05-093-1/+1101
|\
| * Add 24-word wide Comba multiply/squareJack Lloyd2018-05-083-1/+1101
| | | | | | | | | | | | Improves performance on "odd" sized DH/RSA (eg 1536, 3072, 6144) where otherwise the Karatsuba operation bottoms out with 24-word operands which ended up in the basecase multiply.
* | Slight refactoring to avoid GCC signed overflow warnings. [ci skip]Jack Lloyd2018-05-081-4/+4
|/ | | | Couldn't occur since length is 24 bits but GCC couldn't figure that out.
* Merge GH #1563 Use correct calling convention for RtlGenRandomJack Lloyd2018-05-071-4/+8
|\
| * Use type BYTE instead of BOOLEANSimon Warta2018-05-081-1/+4
| |
| * Rename RtlGenRandom_f -> RtlGenRandom_fptrSimon Warta2018-05-071-3/+3
| | | | | | | | because this is a function pointer, not a function
| * Rewrite assignment of RtlGenRandom_f using "using"Simon Warta2018-05-071-1/+1
| |
| * Check return value of m_rtlgenrandom against proper typeSimon Warta2018-05-071-1/+2
| |
| * Use BOOLEAN return type for RtlGenRandom_fSimon Warta2018-05-071-1/+1
| |
| * Add missing NTAPI to RtlGenRandom_f signatureSimon Warta2018-05-071-1/+1
| |
* | Fix some warnings new in GCC 8.1Jack Lloyd2018-05-076-43/+49
| | | | | | | | | | It thinks the typedefs are "locals" that are being conflicted with, which seems wrong to me but whatever.
* | Remove needless allocation in Montgomery_Int::mul_byJack Lloyd2018-05-022-7/+41
| |
* | Make Montgomery_Int public, add function for addition with workspaceJack Lloyd2018-05-022-3/+11
| |
* | Add OpenPGP-specific curve OIDsMarcus Brinkmann2018-05-021-1/+5
| |
* | Inline this operator+ [ci skip]Jack Lloyd2018-04-262-6/+1
| |
* | Add a comment on side channels hereJack Lloyd2018-04-261-4/+5
| |
* | Correct handling of gcd(p - 1, e) in RSA keygenJack Lloyd2018-04-261-7/+25
| | | | | | | | | | | | | | | | | | | | We were calling inverse mod but because p - 1 > e the binary extended euclidean algorithm was used instead of the const time version. Use the fact that e is odd (for RSA keys) to remove the factors of 2 from p - 1 and then check coprimality that way, since it allows using our const time algo.
* | Remove unused includeJack Lloyd2018-04-261-1/+0
| |
* | Rewrite GCD in less branchy way, and use Montgomery in M-R testJack Lloyd2018-04-261-16/+30
| |
* | Add BigInt functions for adding, subtracting and comparing with wordsJack Lloyd2018-04-264-51/+142
| | | | | | | | Avoids needless allocations for expressions like x - 1 or y <= 4.
* | Add final annotations [ci skip]Jack Lloyd2018-04-241-3/+3
| |
* | Add BigInt::mod_subJack Lloyd2018-04-234-93/+128
| |
* | Use EC_Group::inverse_mod_order where appropriateJack Lloyd2018-04-202-6/+3
| |
* | Add Fermat based inversion of P-384 field elementsJack Lloyd2018-04-191-0/+72
| | | | | | | | | | | | | | | | | | Cuts about 100K cycles from the inversion, improving ECDSA sign by 10% and ECDH by ~2% Addition chain from https://briansmith.org/ecc-inversion-addition-chains-01 GH #1479
* | Add field inversion for P-521Jack Lloyd2018-04-181-0/+68
| | | | | | | | ECDSA sign about 10% faster, ECDSA verify and ECDH about 5% faster.
* | Add optimized inversion for P-256Jack Lloyd2018-04-181-0/+75
| | | | | | | | | | | | Could be slightly more clever here but this is pretty decent. GH #1479
* | Add early exit for P-192 reduceJack Lloyd2018-04-181-0/+5
| |
* | Remove now unused functionJack Lloyd2018-04-181-19/+0
| |
* | Optimize P-224 reductionJack Lloyd2018-04-181-47/+77
| | | | | | | | 5-7% faster ECDSA
* | Further NIST reduction tweaksJack Lloyd2018-04-181-40/+44
| |
* | P-192 optimizationsJack Lloyd2018-04-181-34/+64
| | | | | | | | 5-7% faster for ECDSA and ECDH
* | Micro optimizations in P-256 and P-384 reductionsJack Lloyd2018-04-181-30/+73
| | | | | | | | Improves ECDSA and ECDH by 1% or so.
* | Minor optimizations for P-256 and P-384Jack Lloyd2018-04-171-161/+65
| | | | | | | | Improves ECDSA by ~5% on Skylake
* | Add EC_Group::inverse_mod_orderJack Lloyd2018-04-176-6/+21
| | | | | | | | | | | | | | Centralizing this logic allows curve specific implementations such as using a precomputed ladder for exponentiating by p - 2 GH #1479
* | Precompute for multiexponentation when verifying ECC signaturesJack Lloyd2018-04-174-15/+19
| | | | | | | | | | ECDSA already did this. Improves repeated ECGDSA, ECKCDSA, SM2, and GOST signature verification by 10-15%
* | Avoid potential side channel when generating RSA primesJack Lloyd2018-04-174-43/+179
| | | | | | | | | | | | | | | | | | | | Add a new function dedicated to generating RSA primes. Don't test for p.bits() > bits until the very end - rarely happens, and speeds up prime generation quite noticably. Add Miller-Rabin error probabilities for 1/2**128, which again speeds up RSA keygen and DL param gen quite a bit.
* | Remove debug assignment [ci skip]Jack Lloyd2018-04-161-1/+0
| |
* | Truncate new SKIDs to 192 bitsJack Lloyd2018-04-162-6/+9
| | | | | | | | | | More than long enough, and saves quite a bit of space especially for SHA-512 certificates.
* | Add vars to split the two Karatsuba sub-workspacesJack Lloyd2018-04-161-14/+20
| |
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-13 05:16:21 +0000