aboutsummaryrefslogtreecommitdiffstats
path: root/src/math/numbertheory
Commit message (Collapse)AuthorAgeFilesLines
* Tidylloyd2010-09-301-1/+2
|
* Modify bigint_monty_redc to take an additional workspace argument.lloyd2010-09-243-44/+53
| | | | | | | Modify it to avoid a timing condition during the compare at the end; this is done by always doing the subtraction, and then copying to the output either the pre-subtraction or post-subtraction value depending on if the final borrow was set or not.
* More vector->pointer conversion removals.lloyd2010-09-131-3/+1
| | | | | | | | | | | Add RandomNumberGenerator::random_vec, which takes an length n and returns a new SecureVector with randomized contents of that size. This nicely covers most of the cases where randomize was being called on a vector, and is a little cleaner in the code as well, instead of vec.resize(length); rng.randomize(&vec[0], vec.size()); we just write vec = rng.random_vec(length);
* First set of changes for avoiding use implicit vector->pointer conversionslloyd2010-09-132-7/+7
|
* Anywhere where we use MemoryRegion::begin to get access to the raw pointerlloyd2010-09-132-12/+12
| | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
* Big, invasive but mostly automated change, with a further attempt atlloyd2010-09-072-6/+6
| | | | | | | | | | | | | | harmonising MemoryRegion with std::vector: The MemoryRegion::clear() function would zeroise the buffer, but keep the memory allocated and the size unchanged. This is very different from STL's clear(), which is basically the equivalent to what is called destroy() in MemoryRegion. So to be able to replace MemoryRegion with a std::vector, we have to rename destroy() to clear() and we have to expose the current functionality of clear() in some other way, since vector doesn't support this operation. Do so by adding a global function named zeroise() which takes a MemoryRegion which is zeroed. Remove clear() to ensure all callers are updated.
* Avoid name clashing, Sun Studio doesn't like thislloyd2010-09-071-2/+3
|
* Make round_up and round_down templates instead of fixed to use u32bitslloyd2010-06-291-1/+1
|
* Doxygenlloyd2010-06-221-5/+17
|
* Doxygenlloyd2010-06-211-3/+7
|
* Doxygenlloyd2010-06-211-13/+92
|
* More Doxygenlloyd2010-06-161-2/+9
|
* More Doxygen updates. Also, don't expose divide() in numthry.hlloyd2010-06-161-12/+48
| | | | anymore, only in divide.h
* More Doxygen updates/fixeslloyd2010-06-154-7/+21
|
* Replace PointGFp::check_invaraints, which would either return silentlylloyd2010-03-192-13/+17
| | | | | | | | | | | or throw an exception, with PointGFp::on_the_curve, which returns a bool. Update callers. This showed several cases where check_invaraints was being called multiple times, for instance when decoding a point with OS2ECP, check_invaraints was called; many callers of OS2ECP would then call check_invaraints again on the same object.
* A number of changes to primality tests:lloyd2010-03-195-167/+45
| | | | | | | | | | | | | | Use 64 bit nonces in the Miller-Rabin test, instead of 40 bits. Rename check_prime to quick_check_prime and is_prime to check_prime Remove some internal functions which weren't used outside the primality test code, along with the prime products table. For quick checking, instead of doing Miller-Rabin with fixed base 2, do a small number of randomized tests. Always use random bases instead of the first n primes.
* The logic PointGFp::operator*= was basically doinglloyd2010-03-162-29/+31
| | | | | | | | | *this = scalar * *this; And operator* was doing a needless copy. Instead make operator* a real multiplication operation, define *= in terms of it.
* Shuffle functions for easier readinglloyd2010-03-162-74/+75
|
* Fix include. <botan/mp_core.h> was picking up the system installed version,lloyd2010-03-161-1/+1
| | | | which happened to be compatible enough to work.
* Various microoptimizations, 5-12% improvementlloyd2010-03-151-8/+15
|
* Use a 4-bit wide window for point multiplicationlloyd2010-03-151-14/+21
|
* Rewrite point mult to make larger windows easierlloyd2010-03-151-7/+14
|
* Strength reduce on multiplies in PointGFplloyd2010-03-151-4/+5
|
* Cache memory used for operations in pointlloyd2010-03-151-16/+18
|
* Modify to allow better memory cachinglloyd2010-03-152-21/+52
|
* Cache p.sig_words() in curve objectlloyd2010-03-153-27/+68
| | | | Avoid using Barett reduction in core operations; seems to help perf.
* Use bigint_{mul,sqr} in PointGFp monty opslloyd2010-03-152-9/+8
|
* Add PointGFp::monty_sqrlloyd2010-03-152-10/+44
|
* Cache BigInts as well. Kind of like the old scheme, but created insidelloyd2010-03-132-27/+74
| | | | operator+= and operator*= instead of being class var, so no thread issues.
* Always keep coord_{x,y,z} < p, so don't ever have to copy or use reducerlloyd2010-03-131-22/+10
| | | | in monty_mult()
* Save workspace for addition calls inside operator*=lloyd2010-03-132-20/+28
|
* Share workspace among calls to mult2lloyd2010-03-132-10/+9
|
* Cache a workspace; much fasterlloyd2010-03-132-31/+43
|
* Small optimizationslloyd2010-03-131-6/+13
| | | | | Especially try to keep the size of inputs down, so it doesn't have to do an extra reduction step. Ideally this should be eliminated entirely.
* Kill stdio includelloyd2010-03-131-2/+0
|
* Unroll point multiply to look at two bits of scalar each iteration.lloyd2010-03-131-2/+24
| | | | Helps out quite a bit.
* Precompute a*rlloyd2010-03-132-2/+9
|
* More monty_mult cleanupslloyd2010-03-131-6/+4
|
* Small monty_mult cleanuplloyd2010-03-131-10/+8
|
* Inline/simplifiy monty multlloyd2010-03-131-31/+15
|
* Single word p-dashlloyd2010-03-131-3/+4
|
* Only need a single word from p_dash, so only save that single word.lloyd2010-03-131-94/+9
| | | | Remove hand-coded montgomery reduction, use bigint_mont_redc() instead
* Use Montgomery reduction for the important parts of PointGFp, usinglloyd2010-03-132-74/+78
| | | | | code cobbled together from 1.8/InSiTo. Faster than it was in 1.9.4, but still quite slow.
* Move monty params to curve, since only depend on the primelloyd2010-03-131-4/+37
|
* Add back code for montgomery PointGFp mult (not used atm)lloyd2010-03-132-14/+165
|
* Hide PointGFp constructorslloyd2010-03-132-7/+14
|
* Remove access to the Jacobian coordinate getters get_{x,y,z}, as welllloyd2010-03-132-33/+9
| | | | | | | | | | | | | | as the 4-argument constructor. Define operator==() in terms of the affine coordinates. Rewrite tests that assumed access to the Jacobian coodinates in terms of the affine coordinates. This change allows for using arbitrary coordinate systems in PointGFp, as long as it can convert to the normal affine coordinates (which are what is used by all ECC algorithms implemented currently, and probably all interesting ECC algorithms in general).
* Deconstify PK_Ops. It's quite reasonable that some op will want tolloyd2010-03-091-1/+1
| | | | | | | | | | | | | precompute only as needed, or will want to access some other expensive resource or etc. Change how the secret for generating blinding is done in cases where a PRNG isn't available. Use the operations public op to hide the secret, for instance the seed for a DH blinding variable is 2^x mod p. Make use of being able to mutate internal structures in the RW signer, since that does have access to a PRNG, so use it to initialize the blinder on first call to sign().
* Consolidate code for choosing a window size for fixed width windowlloyd2010-03-094-72/+41
| | | | exponentiation algorithms.
* Add back in blinding to RSA, RW, ElGamal, and DH.lloyd2010-03-083-85/+0
| | | | | | | | | | | | | | | | There are multiple unsatisfactory elements to the current solution, as compared to how blinding was previously done: Firstly, blinding is only used in the baseline implementations; the code using OpenSSL and GMP is not protected by blinding at all. Secondly, at the point we need to set up blinding, there is no access to a PRNG. Currently I am going with a quite nasty solution, of using a private key parameter to seed a simple PRNG constructed as: SHA-512(TS1 || private_key_param || public_key_param || TS2) I really want to fix both of these elements but I'm not sure how to do so easily.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 10:20:15 +0000