kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
85c2cd8a45
boringssl/crypto/fipsmodule/bn
History
Adam Langley eb7c3008cc Only do 16 iterations to blind the primality test. 
With this, in 0.02% of 1024-bit primes (which is what's used with an RSA
2048 generation), we'll leak that we struggled to generate values less
than the prime. I.e. that there's a greater likelihood of zero bits
after the leading 1 bit in the prime.

But this recovers all the speed loss from making key generation
constant-time, and then some.

Did 273 RSA 2048 key-gen operations in 30023223us (9.1 ops/sec)
  min: 23867us, median: 93688us, max: 421466us
Did 66 RSA 3072 key-gen operations in 30041763us (2.2 ops/sec)
  min: 117044us, median: 402095us, max: 1096538us
Did 31 RSA 4096 key-gen operations in 31673405us (1.0 ops/sec)
  min: 245109us, median: 769480us, max: 2659386us

Change-Id: Id82dedde35f5fbb36b278189c0685a13c7824590
Reviewed-on: https://boringssl-review.googlesource.com/26924
Reviewed-by: Adam Langley <alangley@gmail.com>
2018-03-30 22:31:36 +00:00
..
asm Merge Intel copyright notice into standard 2018-02-12 21:44:27 +00:00
add.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
bn_test_to_fuzzer.go
bn_test.cc Add a constant-time generic modular inverse function. 2018-03-30 19:53:44 +00:00
bn_tests.txt Add new GCD and related primitives. 2018-03-30 19:53:36 +00:00
bn.c Don't leak |a| in the primality test. 2018-03-28 01:44:31 +00:00
bytes.c Simplify BN_bn2bin_padded. 2018-02-06 02:41:38 +00:00
check_bn_tests.go Add new GCD and related primitives. 2018-03-30 19:53:36 +00:00
cmp.c Make various BIGNUM comparisons constant-time. 2018-03-26 18:53:53 +00:00
ctx.c
div.c Add new GCD and related primitives. 2018-03-30 19:53:36 +00:00
exponentiation.c Remove some easy bn_set_minimal_width calls. 2018-02-05 23:47:14 +00:00
gcd.c Add a constant-time generic modular inverse function. 2018-03-30 19:53:44 +00:00
generic.c
internal.h Add a constant-time generic modular inverse function. 2018-03-30 19:53:44 +00:00
jacobi.c Rename bn->top to bn->width. 2018-02-05 23:44:24 +00:00
montgomery_inv.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
montgomery.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00
mul.c Compute p - q in constant time. 2018-03-30 19:53:28 +00:00
prime.c Only do 16 iterations to blind the primality test. 2018-03-30 22:31:36 +00:00
random.c Blind the range check for finding a Rabin-Miller witness. 2018-03-29 22:02:24 +00:00
rsaz_exp.c Document RSAZ slightly better. 2018-02-15 18:14:04 +00:00
rsaz_exp.h clang-format RSAZ C code. 2018-02-13 22:30:03 +00:00
shift.c Add new GCD and related primitives. 2018-03-30 19:53:36 +00:00
sqrt.c Name constant-time functions more consistently. 2018-03-29 23:30:55 +00:00