| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
the same, so clearly GCC 4.6 and/or the Core i7 are very good about
renames, but might help on less capable systems.
|
|
|
|
|
|
|
|
|
|
| |
a witness'. Instead call it 'is_witness', returning true if a is a
witness for n's compositness, or otherwise false.
Also, the previous version would not check that the final value of y
was n-1; if it isn't, then n is not prime. This would mean the false
negative rate was higher than it should have been, though I'm not sure
by how much exactly.
|
| |
|
|
|
|
|
|
| |
not exposed to callers)
Switch back redc to using the inlined version (accidental change)
|
|
|
|
| |
redc, currently)
|
| |
|
|
|
|
|
|
| |
bit window may well improve things further. Currently seeing 20-25%
improvement in ECDSA signature verification and 25 to 40% in
GOST-34.10 verifications.
|
|
|
|
| |
Fix build log; copy and paste error.
|
| |
|
|
|
|
| |
abs(x) < modulus. Also remove unused member variables.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
converting back and forth. This gives a 10 to 20% speedup on a Core
i7. In addition, the CurveGFp no longer contains a Barrett reducer,
saving 3 BigInts worth of memory.
Add a #if'ed out alternative to point multiplication using the
Montgomery ladder technique. It runs in (more or less) constant time,
but rather significantly slower than the 4 bit window technique
currently used.
Tweak the window sizes to match the theoretical optimums.
|
| |
|
|
|
|
| |
not well tested.
|
|
|
|
|
|
|
| |
Fix BigInt::get_substring when length is equal to 32 - an overflow
would cause the mask to be equal to 0 thus producing nothing at all.
Disable CVC by default, it's not ready for prime time in any sense.
|
|
|
|
| |
overzealous perl script...
|
|
|
|
|
|
|
| |
for Montgomery or multiply/square currently exist and almost ceratainly
won't be added during 1.10
Fix the name for Sun Studio in mp_asm64
|
|
|
|
|
|
| |
Back the reported version from 1.10.0 to 1.9.17 for the time
being. Still on the fence if this will be 1.10.0 or another release
candidate instead.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
u32bit. Maybe should be word? But that would restrict window sizes
more than might be desirable (we couldn't use more than 8 bit window
on the assumption that the lib might be using byte limbs). Messy.
|
|
|
|
|
| |
value, so you can always safely capture the result by a const
reference.
|
| |
|
| |
|
|
|
|
|
|
| |
it should use add with carry or conditional moves if available.
Also remove the amd64 asm; the mp_amd64 code should be used for this case.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
division algorithm unless x == y, but this could result in n - t + 1
being negative which would cause an attempt to allocate about 4
gigabytes of memory. Fix this, and also add an assertion check in
the code to ensure that can't happen in any other way.
Never reproduced this with 32 bit digits but it would show up if the build
used 8 or 16 bit words.
|
|
|
|
| |
for the implementation of the BigInt class
|
| |
|
|
|
|
| |
to. Helps more than I would have thought.
|
|
|
|
|
|
|
| |
Modify it to avoid a timing condition during the compare at the end;
this is done by always doing the subtraction, and then copying to the
output either the pre-subtraction or post-subtraction value depending
on if the final borrow was set or not.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
depending on the value of the final carry out for anything
control-flow related.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add RandomNumberGenerator::random_vec, which takes an length n and
returns a new SecureVector with randomized contents of that size. This
nicely covers most of the cases where randomize was being called on a
vector, and is a little cleaner in the code as well, instead of
vec.resize(length);
rng.randomize(&vec[0], vec.size());
we just write
vec = rng.random_vec(length);
|
| |
|
|
|
|
|
| |
representation (rather than in an interator context), instead use &buf[0],
which works for both MemoryRegion and std::vector
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
harmonising MemoryRegion with std::vector:
The MemoryRegion::clear() function would zeroise the buffer, but keep
the memory allocated and the size unchanged. This is very different
from STL's clear(), which is basically the equivalent to what is
called destroy() in MemoryRegion. So to be able to replace MemoryRegion
with a std::vector, we have to rename destroy() to clear() and we have
to expose the current functionality of clear() in some other way, since
vector doesn't support this operation. Do so by adding a global function
named zeroise() which takes a MemoryRegion which is zeroed. Remove clear()
to ensure all callers are updated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
container like vector, truncate is simply resize, but what
MemoryRegion called resize will zap the entire contents, and then what
was resize was called grow_to. This is really problematic in terms of
the goal of replacing MemoryRegion with a vector with a custom
allocator.
In this checkin:
- Remove MemoryRegion::grow_to and MemoryRegion::truncate
- Change the semantics of MemoryRegion::resize to change the size
while keeping any current contents intact (up to the new size),
zero initializing any new values.
Unrelated, just noticed the lack while I was in there, add a version
of CryptoBox::decrypt taking a std::string for the input.
|