Version 2.1.0
·
40 commits
to master
since this release
v2.1.0
paragonie-security
P.I.E. Security Team
This tag was signed with the committer’s verified signature.
paragonie-security
P.I.E. Security Team
Introduced hardened implementations of NIST P-256 and NIST P-384.
This implementations assumes that bigint multiplication is constant-time. On most hardware, this is a good assumption. BearSSL has good documentation on the hardware where this assumption is false. The odds are good that you're running PHP on hardware that uses constant-time multiplication.
Despite being PHP implementations of constant-time code, the performance hit for using these curves is minimal. There is probably some opportunity for further optimizations.
We do not force the use of our implementation by default, due to the minor performance hit it does have. To use the new code:
$nistFactory = EccFactory::getNistCurves($adapter);
- $g256 = $nistFactory->generator256($rng);
+ $g256 = $nistFactory->generator256($rng, true);
- $g384 = $nistFactory->generator384$rng);
+ $g384 = $nistFactory->generator384($rng, true);
- $p256 = $nistFactory->curve256();
+ $p256 = $nistFactory->optimizedCurve256();
- $p384 = $nistFactory->curve384();
+ $p384 = $nistFactory->optimizedCurve384();We will update EasyECC to use this API in the next release.