kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1044553d6d
boringssl/crypto/fipsmodule/bn
History
David Benjamin 1044553d6d Add new GCD and related primitives. 
RSA key generation requires computing a GCD (p-1 and q-1 are relatively
prime with e) and an LCM (the Carmichael totient). I haven't made BN_gcd
itself constant-time here to save having to implement
bn_lshift_secret_shift, since the two necessary operations can be served
by bn_rshift_secret_shift, already added for Rabin-Miller. However, the
guts of BN_gcd are replaced. Otherwise, the new functions are only
connected to tests for now, they'll be used in subsequent CLs.

To support LCM, there is also now a constant-time division function.
This does not replace BN_div because bn_div_consttime is some 40x slower
than BN_div. That penalty is fine for RSA keygen because that operation
is not bottlenecked on division, so we prefer simplicity over
performance.

Median of 29 RSA keygens: 0m0.212s -> 0m0.225s
(Accuracy beyond 0.1s is questionable.)

Bug: 238
Change-Id: Idbfbfa6e7f5a3b8782ce227fa130417b3702cf97
Reviewed-on: https://boringssl-review.googlesource.com/26369
Reviewed-by: Adam Langley <alangley@gmail.com>
2018-03-30 19:53:36 +00:00
..
asm Merge Intel copyright notice into standard 2018-02-12 21:44:27 +00:00
add.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
bn_test_to_fuzzer.go Generate bn_div and bn_mod_exp corpus from bn_tests.txt. 2017-10-27 18:57:48 +00:00
bn_test.cc Add new GCD and related primitives. 2018-03-30 19:53:36 +00:00
bn_tests.txt Add new GCD and related primitives. 2018-03-30 19:53:36 +00:00
bn.c Don't leak |a| in the primality test. 2018-03-28 01:44:31 +00:00
bytes.c Simplify BN_bn2bin_padded. 2018-02-06 02:41:38 +00:00
check_bn_tests.go Add new GCD and related primitives. 2018-03-30 19:53:36 +00:00
cmp.c Make various BIGNUM comparisons constant-time. 2018-03-26 18:53:53 +00:00
ctx.c Run the comment converter on libcrypto. 2017-08-18 21:49:04 +00:00
div.c Add new GCD and related primitives. 2018-03-30 19:53:36 +00:00
exponentiation.c Remove some easy bn_set_minimal_width calls. 2018-02-05 23:47:14 +00:00
gcd.c Add new GCD and related primitives. 2018-03-30 19:53:36 +00:00
generic.c Enable __asm__ and uint128_t code in clang-cl. 2017-12-11 22:46:26 +00:00
internal.h Add new GCD and related primitives. 2018-03-30 19:53:36 +00:00
jacobi.c Rename bn->top to bn->width. 2018-02-05 23:44:24 +00:00
montgomery_inv.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
montgomery.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
mul.c Compute p - q in constant time. 2018-03-30 19:53:28 +00:00
prime.c Change the order of GCD and trial division. 2018-03-30 19:53:06 +00:00
random.c Blind the range check for finding a Rabin-Miller witness. 2018-03-29 22:02:24 +00:00
rsaz_exp.c Document RSAZ slightly better. 2018-02-15 18:14:04 +00:00
rsaz_exp.h clang-format RSAZ C code. 2018-02-13 22:30:03 +00:00
shift.c Add new GCD and related primitives. 2018-03-30 19:53:36 +00:00
sqrt.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00