| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
| |
The a93d678f previously added this condition, but the DSA key size
changed since then to 2k, which is still allowed.
* tests/pubkey.c (get_dsa_key_with_domain_new): DSA keys still work in
FIPS mode.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
| |
* cipher/dsa.c (generate): This function is never called in FIPS mode
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, the condition was in generate_std, which is never called in
FIPS mode.
* cipher/rsa.c (generate_std): Remove dead code as FIPS is using
'generate_fips'
(generate_fips): Do not allow 1024 bit key generation
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
| |
* tests/pubkey.c (get_dsa_key_with_domain_new): Remove bogus "success"
on error.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
* tests/t-secmem.c (test_secmem): Only tweak when FIPS enabled.
--
GnuPG-bug-id: 5520
Fixes-commit: 347817438990b7adf22dc71e4fb581e3232f03a7
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
| |
* tests/keygrip.c (check): Skip non-FIPS curves when FIPS.
(main): Check if FIPS is enabled.
--
GnuPG-bug-id: 5520
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
| |
* cipher/md.c (md_enable): Remove check if it's enforced or not.
--
GnuPG-bug-id: 5244
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* src/global.c (_gcry_vcontrol): Don't check NO_SECURE_MEMORY for
GCRYCTL_FIPS_MODE_P.
* tests/t-secmem.c (test_secmem): Use smaller value.
--
GnuPG-bug-id: 5520
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
| |
* tests/bench-slope.c (_ecc_bench): Check for 'in_fips_mode'.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c: Define FIPS_FORCE_FILE macro earlier.
(check_binary_integrity): Use the address of gcry_check_version.
* src/visibility.h [FIPS_FORCE_FILE] (gcry_check_version): Allow
internal use of exported function.
--
GnuPG-bug-id: 5550
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
| |
* configure.ac (AC_CHECK_HEADERS): Remove sys/msg.h.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/pubkey.c (get_dsa_key_with_domain_new): Update.
--
Values are taken from the NIST test vectors for FIPS 186-4.
CAVS 11.2 "dsa2_values".
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/fips.c (_gcry_initialize_fips_mode): Check the
environment variable LIBGCRYPT_FORCE_FIPS_MODE.
--
Useful for developers to test FIPS mode.
GnuPG-bug-id: 5541
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
| |
* tests/t-kdf.c (check_pbkdf2): Verify tests based on algorithms
unsupported in FIPS mode fail.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
| |
* cipher/md.c (md_enable): Block all non-approved digest algorithms, not
only the MD5 and do not drop from FIPS mode if not enforced.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
* tests/pubkey.c (get_dsa_key_with_domain_new): Expect failure in FIPS
mode
(check_x931_derived_key): Simplify testing for FIPS mode.
(main): Check for fips mode.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
| |
* tests/pubkey.c (check_run): Enable tests with DSA transient keys which
work in FIPS.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
| |
* tests/t-secmem.c (main): Skip overflow tests in FIPS mode because they
are fatal and there is no way to override the outofcore handler.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/dsa-rfc6979.c (check_dsa_rfc6979): Expect ECDSA 192b keys to
fail in FIPS mode.
(main): Detect FIPS mode.
--
The 192b ECDSA curve is not FIPS approved so it does not work. This adds
a flag to the list of the keys to mark if it is expected to work in FIPS
mode.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/t-cv25519.c (test_cv_hl): Expect the operation to fail in FIPS
mode.
(test_cv_x25519, test_it): Ditto.
(main) Detect FIPS mode.
* tests/t-ed25519.c (one_test): Expect the operation to fail in FIPS
mode.
(main) Detect FIPS mode.
* tests/t-ed448.c (one_test): Expect the operation to fail in FIPS
mode.
(main) Detect FIPS mode.
* tests/t-x448.c (test_cv_hl): Expect the operation to fail in FIPS
mode.
(test_cv_x448, test_cv): Ditto.
(main) Detect FIPS mode.
--
The ed25519, ed448, cv25519 and cv448 curves are not available in FIPS
mode. Some of the tests already skipped these, but it is always better
to make sure thy are failing, rather than just skipping these.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/bench-slope.c (cipher_bench_one): Skip GCM mode in FIPS mode
(ecc_algo_fips_allowed): New function
(_ecc_bench): Skip algorithms disabled in FIPS mode
(main): Check for FIPS mode
* tests/benchmark.c (cipher_bench): Skip GCM in FIPS mode
--
In FIPS mode, not all the curves are allowed. This is already checked in
other parts of the code base, but not in the benchmark test.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_one_cipher_core): Expect GCM ciphers to fail in
FIPS mode
(check_cipher_modes): Skip GCM ciphers tests as they fail quite late
in gcry_cipher_gettag().
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
| |
* cipher/mac-gmac.c (_gcry_mac_type_spec_gmac_aes): Remove FIPS flag
--
The GMAC does not work in FIPS mode until libgcrypt will have internal
IV generator.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
* src/hwfeatures.c (_gcry_detect_hw_features): Remove skipping in FIPS
mode.
--
Reported-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/dsa-common.c (_gcry_dsa_compute_hash): New.
* cipher/pubkey-internal.h (_gcry_dsa_compute_hash): New.
* cipher/dsa.c (verify): Add FLAGS and HASHALGO.
(test_keys): Follow the change of verify API.
(sign, verify): Support PUBKEY_FLAG_PREHASH flag to hash internally.
(selftest_sign): Test with "prehash" flag.
* cipher/ecc-common.h (_gcry_ecc_ecdsa_verify): Add FLAGS and
HASHALGO.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Support
PUBKEY_FLAG_PREHASH flag to hash internally.
(_gcry_ecc_ecdsa_verify): Likewise.
* cipher/ecc.c (test_keys): Follow the change of
_gcry_ecc_ecdsa_verify API.
(selftest_sign): Test with "prehash" flag.
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Support handling
of "hash-algo" and "value" with "prehash" flag.
--
GnuPG-bug-id: 5530
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Support
"hash-algo" with "value" for internal hashing with RSA-PSS.
* tests/basic.c (check_pubkey_sign): Add test cases.
--
GnuPG-bug-id: 5529
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey-internal.h (_gcry_rsa_pss_verify): Support internal
hashing.
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Use opaque MPI for
RSA-PSS.
* cipher/rsa-common.c (_gcry_rsa_pss_verify): Support internal
hashing.
* cipher/rsa.c (rsa_verify): Allow opaque MPI for RSA-PSS.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey-internal.h (_gcry_rsa_pss_encode): Change the API.
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Follow the change.
* cipher/rsa-common.c (_gcry_rsa_pss_encode): Support internal hashing.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey-internal.h (_gcry_rsa_pss_encode): Change the API.
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Before the call to
_gcry_rsa_pss_encode, check the condition here, raise GPG_ERR_INV_ARG
if it's not good.
* cipher/rsa-common.c (_gcry_rsa_pss_encode): No check inside.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* src/hmac256.c [STANDALONE] (xfree): Define.
(_gcry_hmac256_new, _gcry_hmac256_release): Use xfree.
(_gcry_hmac256_file): Likewise.
--
Fixes-commit: 3e3b520fb32a37c5c23762531a7b3168e112ac36
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_one_md): Use GCRY_MD_SHA256 as 'crcalgo' for
SHAKE128/SHAKE256 testing.
--
RMD160 was used to calculate output checksum from two SHAKE extract
streams, which are run with different extract buffer size but for
same total length and with same input. Patch switches to use SHA256
for checksumming for FIPS support.
GnuPG-bug-id: 5520
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (main): Use bare gcry_control for
GCRYCTL_FORCE_FIPS_MODE.
--
GnuPG-bug-id: 5520
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (_check_poly1305_cipher):
(check_ocb_cipher_largebuf_split): Skip unavailable ciphers when
IN_FIPS_MODE.
(check_ocb_cipher_checksum, check_gost28147_cipher_basic): Likewise.
--
GnuPG-bug-id: 5520
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_digests): Emit message when IN_FIPS_MODE.
(check_hmac, check_mac): Likewise.
--
GnuPG-bug-id: 5520
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
| |
* cipher/rijndael-s390x.c (aes_s390x_ocb_get_l): New.
(aes_s390x_ocb_enc, aes_s390x_ocb_dec, aes_s390x_ocb_auth): Use
'aes_s390x_ocb_get_l'.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/asm-inline-s390x.h (PCC_FUNCTION_*): New.
(pcc_query, pcc_scalar_multiply): New.
* mpi/Makefile.am: Add 'ec-hw-s390x.c'.
* mpi/ec-hw-s390x.c: New.
* mpi/ec-internal.h (_gcry_s390x_ec_hw_mul_point)
(mpi_ec_hw_mul_point): New.
* mpi/ec.c (_gcry_mpi_ec_mul_point): Call 'mpi_ec_hw_mul_point'.
* src/g10lib.h (HWF_S390X_MSA_9): New.
* src/hwf-s390x.c (s390x_features): Add MSA9.
* src/hwfeatures.c (hwflist): Add 's390x-msa-9'.
--
Patch adds ECC scalar multiplication acceleration using
s390x's PCC instruction. Following curves are supported:
- Ed25519
- Ed448
- X25519
- X448
- NIST curves P-256, P-384 and P-521
Benchmark on z15 (5.2Ghz):
Before:
Ed25519 | nanosecs/iter cycles/iter
mult | 389791 2026916
keygen | 572017 2974487
sign | 636603 3310336
verify | 1189097 6183305
=
X25519 | nanosecs/iter cycles/iter
mult | 296805 1543385
=
Ed448 | nanosecs/iter cycles/iter
mult | 1693373 8805541
keygen | 2382473 12388858
sign | 2609562 13569725
verify | 5177606 26923552
=
X448 | nanosecs/iter cycles/iter
mult | 1136178 5908127
=
NIST-P256 | nanosecs/iter cycles/iter
mult | 792620 4121625
keygen | 4627835 24064740
sign | 1528268 7946991
verify | 1678205 8726664
=
NIST-P384 | nanosecs/iter cycles/iter
mult | 1766418 9185373
keygen | 10158485 52824123
sign | 3341172 17374095
verify | 3694750 19212700
=
NIST-P521 | nanosecs/iter cycles/iter
mult | 3172566 16497346
keygen | 18184747 94560683
sign | 6039956 31407771
verify | 6480882 33700588
After:
Ed25519 | nanosecs/iter cycles/iter speed-up
mult | 25913 134746 15x
keygen | 44447 231124 12x
sign | 106928 556028 6x
verify | 164681 856341 7x
=
X25519 | nanosecs/iter cycles/iter speed-up
mult | 17761 92358 16x
=
Ed448 | nanosecs/iter cycles/iter speed-up
mult | 50808 264199 33x
keygen | 68644 356951 34x
sign | 317446 1650720 8x
verify | 457115 2376997 11x
=
X448 | nanosecs/iter cycles/iter speed-up
mult | 35637 185313 31x
=
NIST-P256 | nanosecs/iter cycles/iter speed-up
mult | 30678 159528 25x
keygen | 323722 1683356 14x
sign | 114176 593713 13x
verify | 169901 883487 9x
=
NIST-P384 | nanosecs/iter cycles/iter speed-up
mult | 59966 311822 29x
keygen | 607778 3160445 16x
sign | 209832 1091128 16x
verify | 329506 1713431 11x
=
NIST-P521 | nanosecs/iter cycles/iter speed-up
mult | 98230 510797 32x
keygen | 1131686 5884765 16x
sign | 397777 2068442 15x
verify | 623076 3239998 10x
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
| |
* tests/t-mpi-point.c (check_ec_mul_reduction): Add second NIST P-256
test vector from T5510.
--
GnuPG-bug-id: T5510
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/bench-slope.c (ECC_ALGO_X25519, ECC_ALGO_X448): New.
(ecc_algo_name, ecc_algo_curve, ecc_nbits): Add X25519 and X448.
(bench_ecc_mult_do_bench): Pass Y as NULL to ec_get_affine with
X25519 and X448.
(cipher_ecc_one): Run only multiplication bench for X25519 and X448.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/mpicoder.c (mpi_read_from_buffer): Add word-size buffer
reading loop using 'buf_get_be(32|64)'.
(mpi_fromstr): Use look-up tables for HEX conversion; Add fast-path
loop for converting 8 hex-characters at once; Add string length
parameter.
(do_get_buffer): Use 'buf_put_be(32|64)' instead of byte writes; Add
fast-path for reversing buffer with 'buf_get_(be64|be32|le64|le32)'.
(_gcry_mpi_set_buffer): Use 'buf_get_be(32|64)' instead of byte reads.
(twocompl): Use _gcry_ctz instead of open-coded if-clauses to get
first bit set; Add fast-path for inverting buffer with
'buf_get_(he64|he32)'.
(_gcry_mpi_scan): Use 'buf_get_be32' where possible; Provide string
length to 'mpi_fromstr'.
(_gcry_mpi_print): Use 'buf_put_be32' where possible; Use look-up
table for HEX conversion; Add fast-path loop for converting to
8 hex-characters at once.
* tests/t-convert.c (check_formats): Add new tests for larger values.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
| |
* mpi/ec.c (field_table_mpis): New.
(ec_p_init): Cache converted field table MPIs.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
| |
* mpi/ec.c (_gcry_mpi_ec_get_affine): Return X and Y as is
if Z is 1 (for Weierstrass and Edwards curves).
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
| |
* tests/t-mpi-point.c (check_ec_mul_reduction): Add secp256k1 test
vectors.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/ec-inline.h (MASK_AND64, LIMB_OR64): New.
[__x86_64__]: Use "rme" operand type instead of "g" to fix use
of large 32-bit constants.
* mpi/ec-nist.c (_gcry_mpi_ec_nist192_mod, _gcry_mpi_ec_nist224_mod)
(_gcry_mpi_ec_nist256_mod, _gcry_mpi_ec_nist384_mod): At end,
check if 's[]' is negative instead result of last addition, for
output masks; Use 'p_mult' table entry for P instead of 'ctx->p'.
(_gcry_mpi_ec_nist256_mod): Handle corner case were 2*P needs to be
added after carry based subtraction.
* tests/t-mpi-point.c (check_ec_mul_reduction): New.
(main): Call 'check_ec_mul_reduction'.
--
GnuPG-bug-id: T5510
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/ec.c (ec_secp256k1_mod): New.
(field_table): Add 'secp256k1'.
* tests/t-mpi-point.c (check_ec_mul): Add secp256k1 test vectors.
--
Benchmark on Ryzen 7 5800X (x86_64):
Before:
secp256k1 | nanosecs/iter cycles/iter auto Mhz
mult | 482336 2340443 4852
After (~20% faster):
secp256k1 | nanosecs/iter cycles/iter auto Mhz
mult | 392941 1906540 4852
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (ASM_DISABLED): New.
* mpi/Makefile.am: Add 'ec-nist.c' and 'ec-inline.h'.
* mpi/ec-nist.c: New.
* mpi/ec-inline.h: New.
* mpi/ec-internal.h (_gcry_mpi_ec_nist192_mod)
(_gcry_mpi_ec_nist224_mod, _gcry_mpi_ec_nist256_mod)
(_gcry_mpi_ec_nist384_mod, _gcry_mpi_ec_nist521_mod): New.
* mpi/ec.c (ec_addm, ec_subm, ec_mulm, ec_mul2): Use
'ctx->mod'.
(field_table): Add 'mod' function; Add NIST reduction
functions.
(ec_p_init): Setup ctx->mod; Setup function pointers
from field_table only if pointer is not NULL; Resize
ctx->a and ctx->b only if set.
* mpi/mpi-internal.h (RESIZE_AND_CLEAR_IF_NEEDED): New.
* mpi/mpiutil.c (_gcry_mpi_resize): Clear all unused
limbs also in realloc case.
* src/ec-context.h (mpi_ec_ctx_s): Add 'mod' function.
--
Benchmark on AMD Ryzen 7 5800X (x86_64):
Before:
NIST-P192 | nanosecs/iter cycles/iter auto Mhz
mult | 283346 1369473 4833
keygen | 1688442 8185744 4848
sign | 549683 2662984 4845
verify | 615284 2984325 4850
=
NIST-P224 | nanosecs/iter cycles/iter auto Mhz
mult | 516443 2501173 4843
keygen | 2859746 13866802 4849
sign | 918472 4455043 4850
verify | 1057940 5131372 4850
=
NIST-P256 | nanosecs/iter cycles/iter auto Mhz
mult | 423536 2054040 4850
keygen | 2383097 11557572 4850
sign | 774346 3754243 4848
verify | 864934 4196315 4852
=
NIST-P384 | nanosecs/iter cycles/iter auto Mhz
mult | 929985 4511881 4852
keygen | 5230788 25367299 4850
sign | 1671432 8109726 4852
verify | 1902729 9228568 4850
=
NIST-P521 | nanosecs/iter cycles/iter auto Mhz
mult | 2123546 10300952 4851
keygen | 12019340 58297774 4850
sign | 3886988 18853054 4850
verify | 4507885 21864015 4850
After:
NIST-P192 | nanosecs/iter cycles/iter auto Mhz speed-up
mult | 186679 905603 4851 +51%
keygen | 1161423 5623822 4842 +46%
sign | 389531 1887557 4846 +41%
verify | 412936 2000461 4844 +49%
=
NIST-P224 | nanosecs/iter cycles/iter auto Mhz speed-up
mult | 260621 1256327 4821 +99%
keygen | 1557845 7531677 4835 +84%
sign | 521678 2527083 4844 +76%
verify | 554084 2677949 4833 +92%
=
NIST-P256 | nanosecs/iter cycles/iter auto Mhz speed-up
mult | 319045 1542061 4833 +33%
keygen | 1834822 8898950 4850 +30%
sign | 612866 2972630 4850 +26%
verify | 664821 3222597 4847 +30%
=
NIST-P384 | nanosecs/iter cycles/iter auto Mhz speed-up
mult | 593894 2875260 4841 +57%
keygen | 3526600 17089717 4846 +48%
sign | 1178098 5710151 4847 +42%
verify | 1260185 6107449 4846 +51%
=
NIST-P521 | nanosecs/iter cycles/iter auto Mhz speed-up
mult | 1160220 5621946 4846 +83%
keygen | 6862975 33247351 4844 +75%ยด
sign | 2287366 11096711 4851 +70%
verify | 2455858 11888045 4841 +84%
Benchmark on AMD Ryzen 7 5800X (i386):
Before:
NIST-P192 | nanosecs/iter cycles/iter auto Mhz
mult | 648039 3143236 4850
keygen | 3554452 17244822 4852
sign | 1163173 5641932 4850
verify | 1300076 6305673 4850
=
NIST-P224 | nanosecs/iter cycles/iter auto Mhz
mult | 798607 3874405 4851
keygen | 4657604 22589864 4850
sign | 1515803 7352049 4850
verify | 1635470 7935373 4852
=
NIST-P256 | nanosecs/iter cycles/iter auto Mhz
mult | 927033 4496283 4850
keygen | 5313601 25771983 4850
sign | 1735795 8418514 4850
verify | 1945804 9438212 4851
=
NIST-P384 | nanosecs/iter cycles/iter auto Mhz
mult | 2301781 11164473 4850
keygen | 12856001 62353242 4850
sign | 4161041 20180651 4850
verify | 4705961 22827478 4851
=
NIST-P521 | nanosecs/iter cycles/iter auto Mhz
mult | 6066635 29422721 4850
keygen | 32995868 160046407 4850
sign | 10503306 50945387 4850
verify | 12225252 59294323 4850
After:
NIST-P192 | nanosecs/iter cycles/iter auto Mhz speed-up
mult | 413605 2007498 4854 +57%
keygen | 2479429 12010926 4844 +44%
sign | 825111 3997147 4844 +41%
verify | 890206 4318723 4851 +46%
=
NIST-P224 | nanosecs/iter cycles/iter auto Mhz speed-up
mult | 551703 2676454 4851 +45%
keygen | 3257022 15781844 4845 +43%
sign | 1085678 5258894 4844 +40%
verify | 1172195 5678499 4844 +40%
=
NIST-P256 | nanosecs/iter cycles/iter auto Mhz speed-up
mult | 720395 3497486 4855 +29%
keygen | 4217758 20461257 4851 +26%
sign | 1404350 6814131 4852 +24%
verify | 1515136 7353955 4854 +28%
=
NIST-P384 | nanosecs/iter cycles/iter auto Mhz speed-up
mult | 1525742 7400771 4851 +51%
keygen | 9046660 43877889 4850 +42%
sign | 2974641 14408703 4844 +40%
verify | 3265285 15834951 4849 +44%
=
NIST-P521 | nanosecs/iter cycles/iter auto Mhz speed-up
mult | 3289348 15968678 4855 +84%
keygen | 19354174 93873531 4850 +70%
sign | 6351493 30830140 4854 +65%
verify | 6979292 33854215 4851 +75%
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/ec.c (ec_addm_448, ec_subm_448): Change order of sub_n and
set_cond to remove need to clear 'n'.
(ec_mulm_448): Use memcpy where possible; Use mpih_rshift where
possible; Use mpih_lshift for doubling a3; Remove one addition
at end.
--
Benchmarks on AMD Ryzen 7 5800X:
Before:
Ed448 | nanosecs/iter cycles/iter auto Mhz
keygen | 893096 4343326 4863
sign | 988422 4795694 4852
verify | 1899706 9215952 4851
After (~5% faster):
Ed448 | nanosecs/iter cycles/iter auto Mhz
keygen | 822078 3987952 4851
sign | 947327 4595433 4851
verify | 1776259 8616675 4851
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/ec.c (ec_addm_25519): Remove one addition.
(ec_subm_25519): Change order of add_n and set_cond to remove
need to clear 'n'.
(ec_mulm_25519): Avoid extra memory copies; Use _gcry_mpih_addmul_1
for multiplying by 19 and adding; Remove one addition at end.
--
Benchmarks on AMD Ryzen 7 5800X:
Before:
Ed25519 | nanosecs/iter cycles/iter auto Mhz
keygen | 304980 1478913 4849
sign | 328657 1589657 4837
verify | 625133 3032355 4851
After (~22% faster):
Ed25519 | nanosecs/iter cycles/iter auto Mhz
keygen | 244288 1184862 4850
sign | 267831 1298934 4850
verify | 504745 2449106 4852
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/longlong.h [__alpha] (umul_ppmm): Add parentheses around
used parameters.
[__i370__] (sdiv_qrnnd): Ditto.
[__mips__] (umul_ppmm): Ditto.
[__vax__] (sdiv_qrnnd): Ditto.
--
Noticed issue after wrong results on mips64 with new mpi/ec code.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
| |
* tests/t-mpi-point.c (mpi_base10_scan, check_ec_mul): New.
(main): Call 'check_ec_mul'.
--
These vectors are from: http://point-at-infinity.org/ecc/nisttv
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|