aboutsummaryrefslogtreecommitdiff
path: root/rsa.c
AgeCommit message (Collapse)Author
2017-09-09Start hacking for systolic modexp.Rob Austein
Work in progress. Probably won't even compile, much less run. Requires corresponding new core/math/modexpa7 core. No support (yet) for ASN.1 encoding of speedup factors or storage of same in keystore. No support (yet) for running CRT algorithm in parallel cores. Minor cleanup of ancient bus I/O code, including EIM and I2C bus code we'll probably never use again.
2017-07-24Split compile-time control of RSA ModExp.Rob Austein
At least for now, the speed tradeoff between software ModExp and our Verilog ModExp core differs significantly between signature and key generation. We don't really know why, but since key generation does not need to be constant time, we split out control over whether to use the software or FPGA implementation, so that we can use the FPGA for signature while using software for key generation. Revisit this if and when we figure out what the bottleneck is, as well as any time that the FPGA core itself changes significantly.
2017-07-24Use ModExp fast mode for Miller-Rabin tests.Rob Austein
Trying to make RSA key generation run in constant time is probably both futile and unnecessary, so we can speed it up a bit by switching the ModExpA7 core to use "fast" mode rather than "constant time" mode. Sadly, while this change produces a measureable improvement, it doesn't bring FGPA ModExp anywhere near the speed of the software equivalent in this case. Don't really know why.
2017-06-14Tidy up new prime generation code.Rob Austein
2017-06-14Faster prime generation algorithm for RSA.Rob Austein
Algorithm suggested by a note in Handbook of Applied Cryptography, motivated by profiling of libtfm fp_isprime() function showing something close to 50% of CPU time spent running Montgomery reductions in the small primes test, before we even get to Miller-Rabin.
2017-05-23"core" arguments have not been const since we switched to core_selector.Rob Austein
2017-04-03PKCS #8 code for RSA and ECDSA.Rob Austein
Compiles, not yet tested. Existing tests need conversion to PKCS #8 before we can do anything useful with this. Once everything uses PKCS #8 instead of algorithm-specific formats, we can revisit API issues like whether hal_rpc_pkey_load() should still be taking `type` and `curve` arguments.
2016-09-20Clean up the defines around rpc client, software hash cores, etc.Paul Selkirk
2016-07-05Attempt to add resource management, for multiple cores of the same type.Paul Selkirk
Find a suitable core, and mark it busy. Don't forget to release it as soon as you're done. This has a knock-on effect of un-const'ing core arguments and struct fields in a lot of places, and it moves some core checks around.
2016-06-14Add support for ModExpA7Paul Selkirk
2016-06-13Allow NULL der_len parameter in hal-rsa_private_key_to_der().Rob Austein
2016-05-14Trailing whitespace cleanup.Rob Austein
2016-03-29Client-side rsa and ecdsa need to call remote get_random.Paul Selkirk
2015-12-23RPC interface to TRNG and (incomplete) PIN code.Rob Austein
2015-12-23Software modexp() implementation didn't compile due to missing proRob Austein
forma hal_core_t* argument.
2015-12-22Add ASN.1 support for public keys (X.509 SubjectPublicKeyInfo format).Rob Austein
2015-12-21Fix names of private key DER functions.Rob Austein
2015-12-20RPC server stuff mostly written. Compiles, not yet tested. RPCRob Austein
public key extraction functions on hold pending ASN.1 cleanup.
2015-12-13whack copyrightsPaul Selkirk
2015-10-04Whack libhal API to use current configure_core_selector mechanism.Rob Austein
Compiles, not yet tested.
2015-10-03Use initializers for automatic variables of type fp_int because it's aRob Austein
bit more obvious when we've forgotten to do this than when we've forgotten to call fp_init() or memset(). Convert rsa.c to use the one-element-array idiom so we can get stop prefixing every bignum reference with "&".
2015-09-08Merge branch 'master' into ecdsaRob Austein
This required a bit of manual cleanup in hal.h, hash.c, and rsa.c. No intended changes to functionality provided by parent comments, just a few tweaks to track API changes beyond git's ken.
2015-09-06Add ECPoint I/O functions. ASN.1 cleanup.Rob Austein
2015-09-02Still more const-ification.Rob Austein
2015-09-02Clean up excessively complicated handling of opaque types in hash andRob Austein
RSA code; use simpler model (pointer to incomplete structure) used in ECDSA code. Refactor RSA code to use shared ASN.1 routines.
2015-07-14Changes to support Pavel's ModExpS6 core.Rob Austein
2015-07-01Change default to use software modexp until we sort out performanceRob Austein
issues in ModExp core.
2015-06-24Rework API for loading keys from components. Relax key sizeRob Austein
constraints to allow any key size within our supported range, since hsmbully seems to want to twist this knob to every possible setting.
2015-06-21libcryptech -> libhal, doh.Rob Austein
2015-06-21Add digest algorithm IDs.Rob Austein
2015-06-19Add methods to extract public components from an RSA key. Other minorRob Austein
cleanup and commenting within RSA module.
2015-06-19Add temporary workaround to let us use software ModExp when we'reRob Austein
testing other code and don't want to wait for the as-yet-unoptimized FPGA ModExp core.
2015-06-19Add replacement for fp_exptmod() using our ModExp core, so we don'tRob Austein
drag in all of TFM's Montgomery just to support the Miller-Rabin test.
2015-06-18Supply public exponent as bigendian byte string rather than unsignedRob Austein
long, since that's the form we'll need for PKCS #11.
2015-06-18Helps to set the return value when reading a key, doh.Rob Austein
2015-06-18Add RSA blinding.Rob Austein
2015-06-18Refactor CRT code into public API.Rob Austein
2015-06-17Debug RSA key generation.Rob Austein
2015-06-17RSA key generation and DER support.Rob Austein
2015-06-17RSA key generation. Compiles, not (yet) tested otherwise.Rob Austein
2015-06-16Refactor key loading code.Rob Austein
2015-06-11Debug modexp_fp() buffer handling. Add basic timing report.Rob Austein
Compensate for PyCrypto's weird inversion of p and q when calculating CRT coefficients, and add key the key components PyCrypto doesn't bother pre-calculating to our test data.
2015-06-11First cut at RSA decryption/signature using the Chinese RemainderRob Austein
Theorem. Not yet tested, and given the number of moving parts I would be astonished if this version actually worked, but it does compile. Added some timing code to tests/test-rsa.c so we can see whether this is doing anything useful once it does work.