From bdb4cd3df0e2ed94d39cff95a83fcd88141c1ef4 Mon Sep 17 00:00:00 2001 From: lloyd Date: Sat, 13 Mar 2010 18:11:23 +0000 Subject: Skip bench on very small ECC groups; 112 == DES --- checks/pk_bench.cpp | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/checks/pk_bench.cpp b/checks/pk_bench.cpp index 4acc2c5fd..5a6bbe7f6 100644 --- a/checks/pk_bench.cpp +++ b/checks/pk_bench.cpp @@ -293,9 +293,7 @@ void benchmark_ecdsa(RandomNumberGenerator& rng, double seconds, Benchmark_Report& report) { - const char* domains[] = { "1.3.132.0.6", // secp112r1 - "1.3.132.0.28", // secp128r1 - "1.3.132.0.30", // secp160r2 + const char* domains[] = { "1.3.132.0.30", // secp160r2 "1.2.840.10045.3.1.1", // secp192r1 "1.3.132.0.33", // secp224r1 "1.2.840.10045.3.1.7", // secp256r1 -- cgit v1.2.3 From 2fbe098b29b9ca611d83d8aedb7457dc925860eb Mon Sep 17 00:00:00 2001 From: lloyd Date: Sat, 13 Mar 2010 18:34:20 +0000 Subject: At startup, test if lock_mem() at least seems to work. If it doesn't, immediately fall back the the plain malloc-based allocator, which is typically quite a bit faster. --- src/libstate/libstate.cpp | 3 ++- src/utils/mlock.cpp | 9 +++++++++ src/utils/mlock.h | 5 +++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/libstate/libstate.cpp b/src/libstate/libstate.cpp index b461c1ef8..7706cef28 100644 --- a/src/libstate/libstate.cpp +++ b/src/libstate/libstate.cpp @@ -14,6 +14,7 @@ #include #include #include +#include #include #if defined(BOTAN_HAS_SELFTESTS) @@ -252,7 +253,7 @@ void Library_State::initialize(bool thread_safe) config_lock = mutex_factory->make(); cached_default_allocator = 0; - default_allocator_name = "locking"; + default_allocator_name = has_mlock() ? "locking" : "malloc"; add_allocator(new Malloc_Allocator); add_allocator(new Locking_Allocator(mutex_factory->make())); diff --git a/src/utils/mlock.cpp b/src/utils/mlock.cpp index 5d6fc3591..bc6ddc67e 100644 --- a/src/utils/mlock.cpp +++ b/src/utils/mlock.cpp @@ -16,6 +16,15 @@ namespace Botan { +bool has_mlock() + { + byte buf[4096]; + if(!lock_mem(&buf, sizeof(buf))) + return false; + unlock_mem(&buf, sizeof(buf)); + return true; + } + /* * Lock an area of memory into RAM */ diff --git a/src/utils/mlock.h b/src/utils/mlock.h index 66ced9e63..fea56d438 100644 --- a/src/utils/mlock.h +++ b/src/utils/mlock.h @@ -12,6 +12,11 @@ namespace Botan { +/** +* Check if we can at least potentially lock memory +*/ +bool has_mlock(); + /** * Lock memory into RAM if possible * @param addr the start of the memory block -- cgit v1.2.3 From 42774d979e27cd44c8a55cb1f59d90091bd21c84 Mon Sep 17 00:00:00 2001 From: lloyd Date: Sat, 13 Mar 2010 18:38:46 +0000 Subject: Document allocator change --- doc/log.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/log.txt b/doc/log.txt index 3a37e3a5e..be13cd880 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -2,6 +2,7 @@ * 1.9.5-dev, ????-??-?? - Numerous ECC optimizations - Allow PK_Signer's fault protection checks to be toggled off + - Avoid using pool-based locking allocator if we can't mlock - Remove all runtime options - Fix crash in MemoryRegion if Allocator::get failed - Fix small compilation problem on FreeBSD -- cgit v1.2.3 From 0f1ca25b51f72ea36227be72294f7cd5c70b33b6 Mon Sep 17 00:00:00 2001 From: lloyd Date: Sat, 13 Mar 2010 18:39:33 +0000 Subject: Use a Modular_Reducer in ECDSA op --- src/pubkey/ecdsa/ecdsa.cpp | 12 ++++++------ src/pubkey/ecdsa/ecdsa.h | 2 ++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/pubkey/ecdsa/ecdsa.cpp b/src/pubkey/ecdsa/ecdsa.cpp index afca6cc73..40ae7c3b9 100644 --- a/src/pubkey/ecdsa/ecdsa.cpp +++ b/src/pubkey/ecdsa/ecdsa.cpp @@ -14,7 +14,8 @@ namespace Botan { ECDSA_Signature_Operation::ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecdsa) : base_point(ecdsa.domain().get_base_point()), order(ecdsa.domain().get_order()), - x(ecdsa.private_value()) + x(ecdsa.private_value()), + mod_order(order) { } @@ -30,17 +31,15 @@ ECDSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, while(k >= order) k.randomize(rng, order.bits() - 1); - BigInt e(msg, msg_len); + BigInt m(msg, msg_len); PointGFp k_times_P = base_point * k; - BigInt r = k_times_P.get_affine_x() % order; + BigInt r = mod_order.reduce(k_times_P.get_affine_x()); if(r == 0) throw Internal_Error("ECDSA_Signature_Operation: r was zero"); - BigInt k_inv = inverse_mod(k, order); - - BigInt s = (((r * x) + e) * k_inv) % order; + BigInt s = mod_order.multiply(inverse_mod(k, order), mul_add(x, r, m)); SecureVector output(2*order.bytes()); r.binary_encode(output + (output.size() / 2 - r.bytes())); @@ -72,6 +71,7 @@ bool ECDSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, BigInt w = inverse_mod(s, order); PointGFp R = w * (e * base_point + r * public_point); + if(R.is_zero()) return false; diff --git a/src/pubkey/ecdsa/ecdsa.h b/src/pubkey/ecdsa/ecdsa.h index e20a234fc..cb4893002 100644 --- a/src/pubkey/ecdsa/ecdsa.h +++ b/src/pubkey/ecdsa/ecdsa.h @@ -11,6 +11,7 @@ #define BOTAN_ECDSA_KEY_H__ #include +#include #include namespace Botan { @@ -102,6 +103,7 @@ class BOTAN_DLL ECDSA_Signature_Operation : public PK_Ops::Signature const PointGFp& base_point; const BigInt& order; const BigInt& x; + Modular_Reducer mod_order; }; class BOTAN_DLL ECDSA_Verification_Operation : public PK_Ops::Verification -- cgit v1.2.3 From 17470c645f0d622f6be3e9e14811703c670c0cc4 Mon Sep 17 00:00:00 2001 From: lloyd Date: Sat, 13 Mar 2010 18:49:40 +0000 Subject: Fix GOST, wasn't getting found in engine --- src/engine/def_engine/def_pk_ops.cpp | 6 +++--- src/pubkey/gost_3410/gost_3410.cpp | 4 ++-- src/pubkey/gost_3410/gost_3410.h | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/engine/def_engine/def_pk_ops.cpp b/src/engine/def_engine/def_pk_ops.cpp index d3264e67e..878d7d35c 100644 --- a/src/engine/def_engine/def_pk_ops.cpp +++ b/src/engine/def_engine/def_pk_ops.cpp @@ -27,7 +27,7 @@ #include #endif -#if defined(BOTAN_HAS_GOST_3410_2001) +#if defined(BOTAN_HAS_GOST_34_10_2001) #include #endif @@ -116,7 +116,7 @@ Default_Engine::get_signature_op(const Private_Key& key) const return new ECDSA_Signature_Operation(*s); #endif -#if defined(BOTAN_HAS_GOST_3410_2001) +#if defined(BOTAN_HAS_GOST_34_10_2001) if(const GOST_3410_PrivateKey* s = dynamic_cast(&key)) return new GOST_3410_Signature_Operation(*s); @@ -153,7 +153,7 @@ Default_Engine::get_verify_op(const Public_Key& key) const return new ECDSA_Verification_Operation(*s); #endif -#if defined(BOTAN_HAS_GOST_3410_2001) +#if defined(BOTAN_HAS_GOST_34_10_2001) if(const GOST_3410_PublicKey* s = dynamic_cast(&key)) return new GOST_3410_Verification_Operation(*s); diff --git a/src/pubkey/gost_3410/gost_3410.cpp b/src/pubkey/gost_3410/gost_3410.cpp index c5cc1ddbd..0ba55cdd9 100644 --- a/src/pubkey/gost_3410/gost_3410.cpp +++ b/src/pubkey/gost_3410/gost_3410.cpp @@ -79,7 +79,7 @@ GOST_3410_Signature_Operation::GOST_3410_Signature_Operation( SecureVector GOST_3410_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { BigInt k; do @@ -117,7 +117,7 @@ GOST_3410_Verification_Operation::GOST_3410_Verification_Operation(const GOST_34 } bool GOST_3410_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { if(sig_len != order.bytes()*2) return false; diff --git a/src/pubkey/gost_3410/gost_3410.h b/src/pubkey/gost_3410/gost_3410.h index ffdbc6e19..36fa2912d 100644 --- a/src/pubkey/gost_3410/gost_3410.h +++ b/src/pubkey/gost_3410/gost_3410.h @@ -106,7 +106,7 @@ class BOTAN_DLL GOST_3410_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return order.bits(); } SecureVector sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const PointGFp& base_point; @@ -126,7 +126,7 @@ class BOTAN_DLL GOST_3410_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const PointGFp& base_point; const PointGFp& public_point; -- cgit v1.2.3 From 72a154f3d7eef286b42a116232f8b7be88ccb6d6 Mon Sep 17 00:00:00 2001 From: lloyd Date: Sat, 13 Mar 2010 19:08:01 +0000 Subject: Centralize which ECC domains are used for benchmarking --- checks/pk_bench.cpp | 51 +++++++++++++++++---------------------------------- 1 file changed, 17 insertions(+), 34 deletions(-) diff --git a/checks/pk_bench.cpp b/checks/pk_bench.cpp index 5a6bbe7f6..e3e96ae04 100644 --- a/checks/pk_bench.cpp +++ b/checks/pk_bench.cpp @@ -7,6 +7,7 @@ #include #include #include +#include #include #if defined(BOTAN_HAS_RSA) @@ -66,6 +67,16 @@ using namespace Botan; namespace { +const char* ec_domains[] = { + "secp160r2", + "secp192r1", + "secp224r1", + "secp256r1", + "secp384r1", + "secp521r1", + 0 +}; + class Benchmark_Report { public: @@ -293,18 +304,9 @@ void benchmark_ecdsa(RandomNumberGenerator& rng, double seconds, Benchmark_Report& report) { - const char* domains[] = { "1.3.132.0.30", // secp160r2 - "1.2.840.10045.3.1.1", // secp192r1 - "1.3.132.0.33", // secp224r1 - "1.2.840.10045.3.1.7", // secp256r1 - "1.3.132.0.34", // secp384r1 - "1.3.132.0.35", // secp512r1 - NULL }; - - for(size_t j = 0; domains[j]; j++) + for(size_t j = 0; ec_domains[j]; j++) { - OID oid(domains[j]); - EC_Domain_Params params(oid); + EC_Domain_Params params(OIDS::lookup(ec_domains[j])); u32bit pbits = params.get_curve().get_p().bits(); @@ -351,19 +353,9 @@ void benchmark_gost_3410(RandomNumberGenerator& rng, double seconds, Benchmark_Report& report) { - const char* domains[] = { "1.3.132.0.6", // secp112r1 - "1.3.132.0.28", // secp128r1 - "1.3.132.0.30", // secp160r2 - "1.3.132.0.33", // secp224r1 - "1.2.643.2.2.35.1", // gost 256p - "1.3.132.0.34", // secp384r1 - "1.3.132.0.35", // secp512r1 - NULL }; - - for(size_t j = 0; domains[j]; j++) + for(size_t j = 0; ec_domains[j]; j++) { - OID oid(domains[j]); - EC_Domain_Params params(oid); + EC_Domain_Params params(OIDS::lookup(ec_domains[j])); u32bit pbits = params.get_curve().get_p().bits(); @@ -410,18 +402,9 @@ void benchmark_ecdh(RandomNumberGenerator& rng, double seconds, Benchmark_Report& report) { - const char* domains[] = { "1.3.132.0.6", // secp112r1 - "1.3.132.0.28", // secp128r1 - "1.3.132.0.30", // secp160r2 - "1.3.132.0.33", // secp224r1 - "1.3.132.0.34", // secp384r1 - "1.3.132.0.35", // secp512r1 - NULL }; - - for(size_t j = 0; domains[j]; j++) + for(size_t j = 0; ec_domains[j]; j++) { - OID oid(domains[j]); - EC_Domain_Params params(oid); + EC_Domain_Params params(OIDS::lookup(ec_domains[j])); u32bit pbits = params.get_curve().get_p().bits(); -- cgit v1.2.3