aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Use individual variables intead of an array inside the Salsa20 function,lloyd2008-09-091-37/+65
| | | | shows a 35% speedup on my Core2 with G++ vs previous version.
* Add implementation of Salsa20 stream cipherlloyd2008-09-092-0/+182
|
* In get_cipher, do not call cipher->set_iv unless the IV is non-emptylloyd2008-09-091-1/+4
|
* Reindentlloyd2008-09-071-172/+172
|
* Comment fixlloyd2008-09-071-1/+1
|
* Remove bigint_mul_add_words. It was only used now in two callers,lloyd2008-09-072-31/+38
| | | | | | | bigint_simple_mul and bigint_simple_sqr. Examining these functions made it clear inlining would be beneficial, so these two functions have been moved from an anonymous namespace into mp_mulop.cpp (to allow assembly versions).
* Inline BigInt::Rep::operator[], BigInt::sig_words, and BigInt::Rep::sig_wordslloyd2008-09-071-58/+0
|
* Inline BigInt::operator[]lloyd2008-09-071-16/+0
|
* Combine redundant definitions of blocks variablelloyd2008-09-071-7/+6
|
* Inline BigInt::is_zerolloyd2008-09-071-11/+1
|
* Inline similarly in karatsuba_mullloyd2008-09-071-11/+32
|
* In karatsuba_square, inline the sequencelloyd2008-09-071-3/+25
| | | | | | | | word carry = bigint_add3_nc(workspace+N, z0, N, z1, N); carry += bigint_add2_nc(z + N2, N, workspace + N, N); bigint_add2_nc(z + N + N2, N2, &carry, 1); It turns out quite a bit can be shared among these function calls
* Comment cleanuplloyd2008-09-071-4/+2
|
* Rewrite without gotoslloyd2008-09-071-135/+11
|
* Inline bigint_sub2 into bigint_monty_redclloyd2008-09-071-5/+20
|
* Inline bigint_cmp in bigint_monty_redc (using goto, the horror; I'm basicallylloyd2008-09-071-27/+10
| | | | | | | prototyping and testing the x86-64 assembly version in C) According to most profiles, bigint_monty_redc alone is responsible for 30%-50% of RSA, DSA, and DH benchmarks. So it seems worth tinkering with a bit.
* Move bigint_monty_redc to its own file to make asm implementations easierlloyd2008-09-072-29/+205
|
* Use i instead of j for iterator varlloyd2008-09-071-4/+4
|
* Remove iostream includelloyd2008-09-051-2/+0
|
* Optimize right shift a littlelloyd2008-09-051-14/+38
|
* Replace __builtin_ctzl with a new ctz function in bit_ops.hlloyd2008-09-051-1/+1
|
* Wrap the BigInt register in a small class that caches the significantlloyd2008-09-052-38/+81
| | | | | words. BigInt::sig_words() was showing up very hot on valgrind runs, this seems to reduce the usage substantially.
* Revert change to dl_work_factor for now - breaks ElGamal testslloyd2008-09-051-0/+14
|
* Rewrite dl_work_factor using a lookup table with data from RFC 3526,lloyd2008-09-051-16/+18
| | | | | | | | | | | | "More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)", which removes Botan's dependency on standard math library (which can be a big deal on embedded systems, and it seemed silly to have just a single function cause us to pull in potentially all of libm) Also this makes the values Botan will pick for exponent sizes more obvious; previously one would have to run through the computation or call the function and observe the output.
* Add the IKE 6144-bit MODP group, from RFC 3526lloyd2008-09-051-0/+37
|
* Define the functions from bit_ops.h as inline template functions, insteadlloyd2008-09-051-68/+0
| | | | of always converting to u64bit and passing to a non-inlined function.
* A possible optimization to low_zero_bits (which was showing up hot inlloyd2008-09-021-6/+22
| | | | | some DSA/NR benchmarks). Requires GCC/ICC for __builtin_ctzl, though that will change shortly.
* Where bit_ops.h was used to get xor_buf, include xor_buf.h insteadlloyd2008-09-0226-25/+25
|
* Reduce RW creation min also to 512 for benchmarkslloyd2008-09-021-1/+1
|
* The counter is not specified, so do not mention itlloyd2008-08-311-1/+1
|
* Add DSS groups with 2048 and 3072 bit p values (and 256 bit q subgroups).lloyd2008-08-311-105/+141
| | | | | | These were generated using the FIPS 186-3 PRNG, with seed values generating by applying SHA-256 to the UTF-8 encodings of the strings "Botan 2048 DSS seed #51" and "Botan 3072 DSS seed #24"
* Allow generating 512 and 768 bit DSA keys.lloyd2008-08-311-6/+9
|
* Allow creating 512 bit RSA keys again (for benchmark, mostly)lloyd2008-08-311-1/+1
|
* Merge mp_sqr.cpp and mp_mul.cpp into mp_karat.cpp, since there is a lotlloyd2008-08-272-147/+132
| | | | | | of similar-but-not-identical code between them. (Can't merge for performance reasons, squaring is a special case of multiplication allowing extra optimizations)
* Use -BigInt(1) instead of BigInt("-1") to avoid the parsing overhead.lloyd2008-08-271-2/+2
| | | | | Instead just call the u64bit constructor and invert using the BigInt operator.
* Add a specialized version of theta() for NullVector, since it cleans uplloyd2008-07-151-4/+25
| | | | the key schedule, and perhaps offers slightly better code generation.
* merge of '17a621a99c0fb8685efd5f3f3411a44e4d5ff835'lloyd2008-07-131-0/+1
|\ | | | | | | and 'df7d36d4e4fe81092c682b0ef92ac3a9ef12cbd3'
| * Missing include of timers.h, error if no timer modules usedlloyd2008-07-081-0/+1
| |
* | Add the block cipher Noekeon (http://gro.noekeon.org/). Only "indirect mode"lloyd2008-07-112-0/+177
|/ | | | keying is supported (see section 2.3 of the specification for details)
* Fix return values for ressol(), saying BigInt x = -1 does somethinglloyd2008-07-071-2/+2
| | | | unexpected (see ticket #23, http://bugs.randombit.net/show_bug.cgi?id=23)
* Remove unneeded parenslloyd2008-07-071-1/+1
|
* Add an implementation of the Shanks-Tonelli algorithm, which is used tolloyd2008-07-071-0/+82
| | | | find square roots modulo a prime. Contributed by FlexSecure GmbH
* Remove printf in catch blocklloyd2008-07-071-1/+0
|
* Extend random_prime() to be able to generate primes of any bit size.lloyd2008-07-051-1/+10
| | | | | | | | | | | bits <= 1 -> error bits == 2 -> choose 2 or 3 at random bits == 3 -> choose 5 or 7 at random bits == 4 -> choose 11 or 13 at random bits >= 5 -> procedure used previously. Tested by running random_prime() with random bit sizes <= 16 until it had generated all <= 16 bit primes.
* Remove the free-standing function deref_alias. It only served as a forwarderlloyd2008-06-307-33/+32
| | | | | | for the implementation in Library_State. Instead explicitly call deref_alias on global_state() wherever the old freestanding version was used. This serves to make (more) uses of the global state explicit rather than implicit.
* Remove the default_pbe option. Instead hardcode the default intolloyd2008-06-302-5/+2
| | | | | | | PKCS8::encrypt_key - this is slightly less flexible, but removes the dependency on the Library_State object. And if someone wants to use a different algorithm, they just have to pass in an actual value for the pbe string instead of letting it default to the empty string.
* Remove option v1_assume_ca, no longer usedlloyd2008-06-301-2/+0
|
* Previously X509_Store took two configuration values from the librarylloyd2008-06-302-9/+3
| | | | | | | | | config state: how long successful validations should be cached, and the amount of slack to allow on time boundary checks. Now these are passed as arguments to the constructor, as a pair of 32-bit integers representing the number of seconds to allow as slack and the number of seconds to cache validations for. They default to the same compiled in defaults as before, 24 hours (86400 seconds) and 30 minutes (1800 seconds), respectively.
* Remove the Config class.lloyd2008-06-3011-166/+104
| | | | | | | | In reality, Config was a singleton, with the only owner being the Library_State object. Theoretically one could create and use another Config instance, but in practice it was never done. Reflect the reality and inline the members and public functions of Config in Library_State, removing Config entirely.
* Remove global_config() - replace by direct calls to global_state()lloyd2008-06-3012-41/+47
|