Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | One comment fix and one formatting fix [ci skip] | René Korthaus | 2018-02-28 | 2 | -4/+5 |
| | |||||
* | Fix overflow in monty_redc | Jack Lloyd | 2018-02-27 | 1 | -4/+4 |
| | | | | | | | | | OSS-Fuzz caught a bug introduced in 5fcc1c70d7a. bigint_monty_redc assumes z is 2*p_words+2 words long. Previously the implicit rounding up in grow_to ensured a resize would result in a sufficiently large value. OSS-Fuzz 6581 6588 6593 | ||||
* | Avoid unnecessary calls to BigInt::grow_to | Jack Lloyd | 2018-02-26 | 1 | -4/+9 |
| | |||||
* | Avoid using monty workspace for reduce_below | Jack Lloyd | 2018-02-26 | 1 | -6/+6 |
| | | | | | | | | | If the workspace is swapped, then it is too small for the Montgomery operation and will be reallocate on the next sqr/multiply operation. Also use ws[9] consistently for the Montgomery workspace, otherwise if add needs to pass off the mult2, the workspaces are not the expected size and again a reallocation occurs. | ||||
* | Optimize P-256 and P-384 reduction | Jack Lloyd | 2018-02-26 | 3 | -33/+98 |
| | | | | Precompute the multiples of the prime and then subtract directly. | ||||
* | Remove use of redc_helper in fuzzers | Jack Lloyd | 2018-02-26 | 6 | -54/+48 |
| | | | | This runs into the same weird UbSan issue as in #1370 | ||||
* | Avoid some needless allocations | Jack Lloyd | 2018-02-26 | 2 | -13/+31 |
| | |||||
* | Optimize Barrett reduction | Jack Lloyd | 2018-02-26 | 5 | -21/+134 |
| | | | | | | | | | | OSS-Fuzz 6570 flagged an issue with slow modular exponentation. It turned out the problem was not in the library version but the simple square-and-multiply algorithm. Computing g^x % p with all three integers being dense (high Hamming weight) numbers took about 1.5 seconds on a fast machine with almost all of the time taken by the Barrett reductions. With these changes, same testcase now takes only a tiny fraction of a second. | ||||
* | Add BigInt::operator*= taking a word | Jack Lloyd | 2018-02-26 | 2 | -2/+23 |
| | | | | Avoids memory allocation when multiplying by a small constant. | ||||
* | Add functions to EC_Group for getting base point coordinates | Jack Lloyd | 2018-02-25 | 7 | -26/+77 |
| | |||||
* | Merge GH #1461 Add Montgomery_Int type | Jack Lloyd | 2018-02-25 | 8 | -88/+460 |
|\ | |||||
| * | Add Montgomery_Int type | Jack Lloyd | 2018-02-25 | 8 | -88/+460 |
| | | |||||
* | | Merge ec_gfp and ec_group modules | Jack Lloyd | 2018-02-25 | 10 | -11/+3 |
| | | | | | | | | | | They were already somewhat entangled and future work will increase that (eg by having PointGFp hold a pointer to EC_Group) | ||||
* | | Add comment explaining why we are using these useless lambdas | Jack Lloyd | 2018-02-25 | 1 | -0/+2 |
| | | |||||
* | | Remove a couple of fairly bogus ECC tests | Jack Lloyd | 2018-02-25 | 1 | -67/+10 |
| | | | | | | | | | | I cannot find what curve the cdc_curve_33 test is using, and the invalid prime test is just wtf. | ||||
* | | In ECC tests don't recreate groups that are built in | Jack Lloyd | 2018-02-25 | 1 | -47/+15 |
| | | |||||
* | | Use reduce_below in PointGFp | Jack Lloyd | 2018-02-25 | 2 | -8/+6 |
|/ | | | | Improves ECDSA times by 2-3% | ||||
* | Only test strong DL_Group generation in long tests | Jack Lloyd | 2018-02-25 | 1 | -4/+7 |
| | |||||
* | Use BigInt::reduce_below in NIST prime reductions | Jack Lloyd | 2018-02-25 | 1 | -31/+5 |
| | |||||
* | Add BigInt::reduce_below | Jack Lloyd | 2018-02-25 | 2 | -0/+33 |
| | |||||
* | Benchmark larger DH values | Jack Lloyd | 2018-02-25 | 1 | -1/+1 |
| | |||||
* | Check z_size before doing Karatsuba mul/sqr | Jack Lloyd | 2018-02-25 | 1 | -2/+2 |
| | | | | | | | Since the Karatsuba functions assume z_size >= 2*N The size chooser functions should handle this already by not returning a value that is too large, but good to be sure. | ||||
* | Add a size check for basecase mul | Jack Lloyd | 2018-02-25 | 1 | -8/+11 |
| | |||||
* | Pass workspace size to various bigint_ functions | Jack Lloyd | 2018-02-25 | 8 | -41/+52 |
| | | | | | | These functions made assumptions about the workspace size available, which if incorrect would cause memory corruption. Since the length is always available at the caller, just provide it and avoid problems. | ||||
* | Change pow_mod fuzzer to also accept p from input | Jack Lloyd | 2018-02-25 | 1 | -11/+15 |
| | | | | | Previously it used a hardcoded (random) prime, but accepting all three inputs allows much better coverage of corner cases. | ||||
* | Unroll ARMv8 AES instructions by 4 to allow pipelining | Jack Lloyd | 2018-02-25 | 1 | -84/+307 |
| | | | | Runs as much as 50% faster for bulk operations. Improves GCM by 10% | ||||
* | Fix autodetection of sparc64/mips64 [ci skip] | Jack Lloyd | 2018-02-25 | 1 | -0/+10 |
| | |||||
* | Implement decryption | Jack Lloyd | 2018-02-23 | 2 | -43/+148 |
| | |||||
* | AES encryption using POWER8 intrinsics | Jack Lloyd | 2018-02-23 | 6 | -0/+299 |
| | |||||
* | Fix handling of misaligned loads in AltiVec SIMD wrapper | Jack Lloyd | 2018-02-23 | 1 | -22/+12 |
| | | | | Handling little+big endian is a PITA, easier to bounce though a union here | ||||
* | Add misaligned load/store test to SIMD | Jack Lloyd | 2018-02-23 | 1 | -35/+52 |
| | |||||
* | Specify in test message that input is misaligned | Jack Lloyd | 2018-02-23 | 1 | -2/+2 |
| | |||||
* | Do runtime endian check when CPUID is initialized | Jack Lloyd | 2018-02-23 | 1 | -0/+1 |
| | | | | | Otherwise cross-endian builds (ie building big-endian for little-endian) can have massive test breakage but with no hints. | ||||
* | Test block ciphers with mis-aligned inputs | Jack Lloyd | 2018-02-23 | 1 | -2/+28 |
| | |||||
* | Use GetProcessWorkingSetSize instead of GetProcessWorkingSetSizeEx | Jack Lloyd | 2018-02-23 | 1 | -2/+1 |
| | | | | | The Ex variant is not available in older Wine (including the version in Trusty) and GetProcessWorkingSetSize is sufficient. | ||||
* | Add DL_Group::estimated_strength | Jack Lloyd | 2018-02-23 | 4 | -4/+25 |
| | |||||
* | Add EC_Group::verify_public_element | Jack Lloyd | 2018-02-23 | 3 | -28/+33 |
| | |||||
* | Add DL_Group functions to verify elements | Jack Lloyd | 2018-02-23 | 3 | -31/+48 |
| | |||||
* | Simplify IDEA key schedule | Jack Lloyd | 2018-02-23 | 1 | -23/+28 |
| | |||||
* | Use 2-bit wide table in PointGFp multi_exponentiate | Jack Lloyd | 2018-02-23 | 2 | -17/+56 |
| | | | | ECDSA verification is 10-15% faster | ||||
* | Inline NIST normalize function, use bigint_sub3 | Jack Lloyd | 2018-02-23 | 1 | -12/+3 |
| | |||||
* | Minor optimizations in BigInt memory handling | Jack Lloyd | 2018-02-23 | 2 | -2/+4 |
| | | | | Makes 4-6% difference for ECDSA | ||||
* | Avoid unneeded grow_to calls | Jack Lloyd | 2018-02-23 | 1 | -1/+2 |
| | |||||
* | Small cleanups in NIST reduction code | Jack Lloyd | 2018-02-23 | 1 | -35/+22 |
| | |||||
* | Fix an error in BigInt operator- | Jack Lloyd | 2018-02-23 | 3 | -6/+59 |
| | | | | (x) - (-x) would result in -2x instead of the correct 2x | ||||
* | In PointGFp add/double avoid creating temporaries | Jack Lloyd | 2018-02-23 | 3 | -40/+60 |
| | | | | | | | We already had the temp workspace passed in but did not use it effectively... :/ Improves ECDSA sign and verify by 5-15% | ||||
* | Merge GH #1457 Use faster algorithm for ECC multiplication | Jack Lloyd | 2018-02-22 | 20 | -293/+536 |
|\ | |||||
| * | Fix fuzzer build | Jack Lloyd | 2018-02-22 | 1 | -3/+6 |
| | | |||||
| * | Move declarations that don't need to be friends of PointGFp | Jack Lloyd | 2018-02-21 | 1 | -21/+20 |
| | | |||||
| * | Small cleanup | Jack Lloyd | 2018-02-21 | 1 | -3/+8 |
| | |