1. 08 Oct, 2017 1 commit
  2. 02 May, 2017 1 commit
  3. 06 Feb, 2016 1 commit
  4. 30 Jan, 2016 2 commits
  5. 29 Jan, 2016 1 commit
  6. 26 Jan, 2016 1 commit
  7. 15 Jan, 2016 2 commits
    • Mike Hamburg's avatar
    • Mike Hamburg's avatar
      Working on getting cross-arch working again. Several TODOs. · a5bed6b3
      Mike Hamburg authored
      Currently compiles and passes tests on x86_64 with arch_32 and
      DECAF_FORCE_32_BIT=1 (as well as the native settigs of course),
      so that's a start.
      Want to make serialization routine cross-arch.  Need to check that
      perf is good enough (likely).  Current routine in p25519/arch_32
      is almost cross-arch, but has known bugs (FIXMEs).  Needs to take
      into account separate p and, for NEON, the LIMBPERM.
      Want to decouple arches for each curve/field.  Currently the split
      between decaf_word_t and word_t makes this fraught with peril.  Fix
      is probably to rename decaf_word_t to decaf_api_word_t and fix it
      to either uint32 or uint64, then make internal things separate per
      field.  That way we don't have to try arch detection in the header,
      which is nice.
      Need to make decaf_gen_tables use SC_LIMB.  Might as well get rid
      of API_NS there too.
  8. 20 Nov, 2015 2 commits
  9. 12 Jul, 2015 2 commits
  10. 10 Jul, 2015 1 commit
  11. 03 Jul, 2015 1 commit
  12. 23 Apr, 2015 1 commit
  13. 25 Jan, 2015 1 commit
  14. 23 Jan, 2015 3 commits
  15. 22 Jan, 2015 3 commits
  16. 15 Jan, 2015 1 commit
  17. 24 Oct, 2014 1 commit
    • Mike Hamburg's avatar
      Big changes for curve flexibility. For details see HISTORY.txt. · 1f480b0f
      Mike Hamburg authored
      Very experimental Ed480-Ridinghood support is now in.  It's not fully optimized,
      but in general the current build is 8-15% slower than Goldilocks.  It only works on
      arch_x86_64, though arch_ref64 support ought to be easy.  Support on other arches
      will be trickier, which is of course why I chose Goldilocks over Ridinghood in the
      first place.
      Next up, E-521.  Hopefully.
      The code is starting to get spread out over a lot of files.  Some are per field*arch,
      some per field, some per curve, some global.  It's hard to do much about this, though,
      with a rather ugly .c.inc system.
      There's currently no way to make a Ridinghood eBAT.  In fact, I haven't tested eBAT
      support in this commit.  I also haven't tested NEON, but at least ARCH_32 works on
  18. 21 Oct, 2014 3 commits
    • Michael Hamburg's avatar
    • Mike Hamburg's avatar
      no perf regression on haswell. Also, factored out field_cond_neg; restored... · edc6afe4
      Mike Hamburg authored
      no perf regression on haswell.  Also, factored out field_cond_neg; restored p448_ prefixes in case of multiple fields in the same lib
    • Michael Hamburg's avatar
      WARNING: This commit is largely untested. · c6d69dec
      Michael Hamburg authored
      Continuing demagication and factoring of field code.
      Removing high-level ops from p448.h and putting them in field.h.  That way they
      won't need rewriting for new fields and architectures.
      Create constant_time.h which contains constant-time lookups, condswaps, etc.
      That way the code is the same on all architectures, instead of varying depending
      on whether the field size is a multiple of the vector register size.  I should
      still add a constant_time_select to factor out field_cond_negate.
      TODO: I need to test this for correctness and performance on various platforms.
      It works on my Mac, but since Yosemite the timing is totally unpredictable
      (background tasks?  variable boost?).
  19. 19 Oct, 2014 1 commit
  20. 19 Sep, 2014 1 commit
  21. 11 Jul, 2014 1 commit
    • Michael Hamburg's avatar
      Mostly a cleanup release. Cleanup old code, improve documentation, · 4eb210cd
      Michael Hamburg authored
      improve GCC-cleanness, etc.
      Disable the crandom output buffer so that it won't return duplicate
      data across fork().  I should still stir in more entropy into the
      buffer at least when RDRAND is available, but this should prevent
      disasters for now.
      The Elligator code in the current version is incompatible with past
      versions due to a minor tweak.  It wasn't being called by any of
      the API functions, though.
      Removing "magic" constants and type names.  So for example p448_t
      is now field_t (though maybe it should really be felem_t?).  This
      should enable other curves with the Goldilocks code in the not-too-
      distant future.
      Added CRANDOM_MIGHT_IS_MUST so that you don't have to -D a bunch of
      things on the command line.
      You can `make bat` to make an eBAT which probably doesn't work.
      I haven't implemented the improved nonce generation from the
      curves@moderncrypto.org thread yet.