| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
word carry = bigint_add3_nc(workspace+N, z0, N, z1, N);
carry += bigint_add2_nc(z + N2, N, workspace + N, N);
bigint_add2_nc(z + N + N2, N2, &carry, 1);
It turns out quite a bit can be shared among these function calls
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
prototyping and testing the x86-64 assembly version in C)
According to most profiles, bigint_monty_redc alone is responsible for
30%-50% of RSA, DSA, and DH benchmarks. So it seems worth tinkering with a bit.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
words. BigInt::sig_words() was showing up very hot on valgrind runs, this
seems to reduce the usage substantially.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
"More Modular Exponential (MODP) Diffie-Hellman groups for Internet
Key Exchange (IKE)", which removes Botan's dependency on standard math
library (which can be a big deal on embedded systems, and it seemed
silly to have just a single function cause us to pull in potentially
all of libm)
Also this makes the values Botan will pick for exponent sizes more
obvious; previously one would have to run through the computation or
call the function and observe the output.
|
| |
|
|
|
|
| |
of always converting to u64bit and passing to a non-inlined function.
|
|
|
|
|
| |
some DSA/NR benchmarks). Requires GCC/ICC for __builtin_ctzl, though that
will change shortly.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
These were generated using the FIPS 186-3 PRNG, with seed values
generating by applying SHA-256 to the UTF-8 encodings of the strings
"Botan 2048 DSS seed #51" and "Botan 3072 DSS seed #24"
|
| |
|
| |
|
|
|
|
|
|
| |
of similar-but-not-identical code between them. (Can't merge for performance
reasons, squaring is a special case of multiplication allowing extra
optimizations)
|
|
|
|
|
| |
Instead just call the u64bit constructor and invert using the BigInt
operator.
|
|
|
|
| |
the key schedule, and perhaps offers slightly better code generation.
|
|\
| |
| |
| | |
and 'df7d36d4e4fe81092c682b0ef92ac3a9ef12cbd3'
|
| | |
|
|/
|
|
| |
keying is supported (see section 2.3 of the specification for details)
|
|
|
|
| |
unexpected (see ticket #23, http://bugs.randombit.net/show_bug.cgi?id=23)
|
| |
|
|
|
|
| |
find square roots modulo a prime. Contributed by FlexSecure GmbH
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
bits <= 1 -> error
bits == 2 -> choose 2 or 3 at random
bits == 3 -> choose 5 or 7 at random
bits == 4 -> choose 11 or 13 at random
bits >= 5 -> procedure used previously.
Tested by running random_prime() with random bit sizes <= 16 until it had
generated all <= 16 bit primes.
|
|
|
|
|
|
| |
for the implementation in Library_State. Instead explicitly call deref_alias
on global_state() wherever the old freestanding version was used. This serves
to make (more) uses of the global state explicit rather than implicit.
|
|
|
|
|
|
|
| |
PKCS8::encrypt_key - this is slightly less flexible, but removes the
dependency on the Library_State object. And if someone wants to use
a different algorithm, they just have to pass in an actual value for the
pbe string instead of letting it default to the empty string.
|
| |
|
|
|
|
|
|
|
|
|
| |
config state: how long successful validations should be cached, and the
amount of slack to allow on time boundary checks. Now these are passed
as arguments to the constructor, as a pair of 32-bit integers representing
the number of seconds to allow as slack and the number of seconds to cache
validations for. They default to the same compiled in defaults as before,
24 hours (86400 seconds) and 30 minutes (1800 seconds), respectively.
|
|
|
|
|
|
|
|
| |
In reality, Config was a singleton, with the only owner being the
Library_State object. Theoretically one could create and use another Config
instance, but in practice it was never done. Reflect the reality and inline
the members and public functions of Config in Library_State, removing Config
entirely.
|
| |
|
|
|
|
| |
make_rng()
|
|
|
|
|
|
|
|
|
|
|
| |
RandomNumberGenerator, and make ANSI_X931_PRNG's implementations just
forward the arguments to the underlying RNG. This allows seeding the RNG
even if no entropy modules are loaded into the library. Also it allows
actually adding user-specified data; to do it otherwise would require
creating the RNG objects yourself and retaining a pointer to the Randpool,
which is pretty bogus.
Move Null_RNG to rng.h
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Randpool, it will query them as needed (or if asked to do so). New function
make_rng() that creates an RNG (X9.31 backed by a Randpool) and seeds it.
Remove the entropy source related code from the Modules/Builtin_Modules
classes.
|
| |
|
| |
|