• Adam Langley's avatar
    crypto/(ec)dsa: use Fermat's inversion. · f23d3ea8
    Adam Langley authored
    Now that we have a constant-time P-256 implementation, it's worth
    paying more attention elsewhere.
    
    The inversion of k in (EC)DSA was using Euclid's algorithm which isn't
    constant-time. This change switches to Fermat's algorithm, which is
    much better. However, it's important to note that math/big itself isn't
    constant time and is using a 4-bit window for exponentiation with
    variable memory access patterns.
    
    (Since math/big depends quite deeply on its values being in minimal (as
    opposed to fixed-length) represetation, perhaps crypto/elliptic should
    grow a constant-time implementation of exponentiation in the scalar
    field.)
    
    R=bradfitz
    Fixes #7652.
    
    LGTM=rsc
    R=golang-codereviews, bradfitz, rsc
    CC=golang-codereviews
    https://golang.org/cl/82740043
    f23d3ea8
Name
Last commit
Last update
..
aes Loading commit data...
cipher Loading commit data...
des Loading commit data...
dsa Loading commit data...
ecdsa Loading commit data...
elliptic Loading commit data...
hmac Loading commit data...
md5 Loading commit data...
rand Loading commit data...
rc4 Loading commit data...
rsa Loading commit data...
sha1 Loading commit data...
sha256 Loading commit data...
sha512 Loading commit data...
subtle Loading commit data...
tls Loading commit data...
x509 Loading commit data...
crypto.go Loading commit data...