aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* One comment fix and one formatting fix [ci skip]René Korthaus2018-02-282-4/+5
|
* Fix overflow in monty_redcJack Lloyd2018-02-271-4/+4
| | | | | | | | | OSS-Fuzz caught a bug introduced in 5fcc1c70d7a. bigint_monty_redc assumes z is 2*p_words+2 words long. Previously the implicit rounding up in grow_to ensured a resize would result in a sufficiently large value. OSS-Fuzz 6581 6588 6593
* Avoid unnecessary calls to BigInt::grow_toJack Lloyd2018-02-261-4/+9
|
* Avoid using monty workspace for reduce_belowJack Lloyd2018-02-261-6/+6
| | | | | | | | | If the workspace is swapped, then it is too small for the Montgomery operation and will be reallocate on the next sqr/multiply operation. Also use ws[9] consistently for the Montgomery workspace, otherwise if add needs to pass off the mult2, the workspaces are not the expected size and again a reallocation occurs.
* Optimize P-256 and P-384 reductionJack Lloyd2018-02-263-33/+98
| | | | Precompute the multiples of the prime and then subtract directly.
* Remove use of redc_helper in fuzzersJack Lloyd2018-02-266-54/+48
| | | | This runs into the same weird UbSan issue as in #1370
* Avoid some needless allocationsJack Lloyd2018-02-262-13/+31
|
* Optimize Barrett reductionJack Lloyd2018-02-265-21/+134
| | | | | | | | | | OSS-Fuzz 6570 flagged an issue with slow modular exponentation. It turned out the problem was not in the library version but the simple square-and-multiply algorithm. Computing g^x % p with all three integers being dense (high Hamming weight) numbers took about 1.5 seconds on a fast machine with almost all of the time taken by the Barrett reductions. With these changes, same testcase now takes only a tiny fraction of a second.
* Add BigInt::operator*= taking a wordJack Lloyd2018-02-262-2/+23
| | | | Avoids memory allocation when multiplying by a small constant.
* Add functions to EC_Group for getting base point coordinatesJack Lloyd2018-02-257-26/+77
|
* Merge GH #1461 Add Montgomery_Int typeJack Lloyd2018-02-258-88/+460
|\
| * Add Montgomery_Int typeJack Lloyd2018-02-258-88/+460
| |
* | Merge ec_gfp and ec_group modulesJack Lloyd2018-02-2510-11/+3
| | | | | | | | | | They were already somewhat entangled and future work will increase that (eg by having PointGFp hold a pointer to EC_Group)
* | Add comment explaining why we are using these useless lambdasJack Lloyd2018-02-251-0/+2
| |
* | Remove a couple of fairly bogus ECC testsJack Lloyd2018-02-251-67/+10
| | | | | | | | | | I cannot find what curve the cdc_curve_33 test is using, and the invalid prime test is just wtf.
* | In ECC tests don't recreate groups that are built inJack Lloyd2018-02-251-47/+15
| |
* | Use reduce_below in PointGFpJack Lloyd2018-02-252-8/+6
|/ | | | Improves ECDSA times by 2-3%
* Only test strong DL_Group generation in long testsJack Lloyd2018-02-251-4/+7
|
* Use BigInt::reduce_below in NIST prime reductionsJack Lloyd2018-02-251-31/+5
|
* Add BigInt::reduce_belowJack Lloyd2018-02-252-0/+33
|
* Benchmark larger DH valuesJack Lloyd2018-02-251-1/+1
|
* Check z_size before doing Karatsuba mul/sqrJack Lloyd2018-02-251-2/+2
| | | | | | | Since the Karatsuba functions assume z_size >= 2*N The size chooser functions should handle this already by not returning a value that is too large, but good to be sure.
* Add a size check for basecase mulJack Lloyd2018-02-251-8/+11
|
* Pass workspace size to various bigint_ functionsJack Lloyd2018-02-258-41/+52
| | | | | | These functions made assumptions about the workspace size available, which if incorrect would cause memory corruption. Since the length is always available at the caller, just provide it and avoid problems.
* Change pow_mod fuzzer to also accept p from inputJack Lloyd2018-02-251-11/+15
| | | | | Previously it used a hardcoded (random) prime, but accepting all three inputs allows much better coverage of corner cases.
* Unroll ARMv8 AES instructions by 4 to allow pipeliningJack Lloyd2018-02-251-84/+307
| | | | Runs as much as 50% faster for bulk operations. Improves GCM by 10%
* Fix autodetection of sparc64/mips64 [ci skip]Jack Lloyd2018-02-251-0/+10
|
* Implement decryptionJack Lloyd2018-02-232-43/+148
|
* AES encryption using POWER8 intrinsicsJack Lloyd2018-02-236-0/+299
|
* Fix handling of misaligned loads in AltiVec SIMD wrapperJack Lloyd2018-02-231-22/+12
| | | | Handling little+big endian is a PITA, easier to bounce though a union here
* Add misaligned load/store test to SIMDJack Lloyd2018-02-231-35/+52
|
* Specify in test message that input is misalignedJack Lloyd2018-02-231-2/+2
|
* Do runtime endian check when CPUID is initializedJack Lloyd2018-02-231-0/+1
| | | | | Otherwise cross-endian builds (ie building big-endian for little-endian) can have massive test breakage but with no hints.
* Test block ciphers with mis-aligned inputsJack Lloyd2018-02-231-2/+28
|
* Use GetProcessWorkingSetSize instead of GetProcessWorkingSetSizeExJack Lloyd2018-02-231-2/+1
| | | | | The Ex variant is not available in older Wine (including the version in Trusty) and GetProcessWorkingSetSize is sufficient.
* Add DL_Group::estimated_strengthJack Lloyd2018-02-234-4/+25
|
* Add EC_Group::verify_public_elementJack Lloyd2018-02-233-28/+33
|
* Add DL_Group functions to verify elementsJack Lloyd2018-02-233-31/+48
|
* Simplify IDEA key scheduleJack Lloyd2018-02-231-23/+28
|
* Use 2-bit wide table in PointGFp multi_exponentiateJack Lloyd2018-02-232-17/+56
| | | | ECDSA verification is 10-15% faster
* Inline NIST normalize function, use bigint_sub3Jack Lloyd2018-02-231-12/+3
|
* Minor optimizations in BigInt memory handlingJack Lloyd2018-02-232-2/+4
| | | | Makes 4-6% difference for ECDSA
* Avoid unneeded grow_to callsJack Lloyd2018-02-231-1/+2
|
* Small cleanups in NIST reduction codeJack Lloyd2018-02-231-35/+22
|
* Fix an error in BigInt operator-Jack Lloyd2018-02-233-6/+59
| | | | (x) - (-x) would result in -2x instead of the correct 2x
* In PointGFp add/double avoid creating temporariesJack Lloyd2018-02-233-40/+60
| | | | | | | We already had the temp workspace passed in but did not use it effectively... :/ Improves ECDSA sign and verify by 5-15%
* Merge GH #1457 Use faster algorithm for ECC multiplicationJack Lloyd2018-02-2220-293/+536
|\
| * Fix fuzzer buildJack Lloyd2018-02-221-3/+6
| |
| * Move declarations that don't need to be friends of PointGFpJack Lloyd2018-02-211-21/+20
| |
| * Small cleanupJack Lloyd2018-02-211-3/+8
| |