diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2015-11-25 12:46:19 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2015-11-25 12:46:19 +0900 |
commit | 88e1358962e902ff1cbec8d53ba3eee46407851a (patch) | |
tree | a6f2dc2510d80c1b49daa6562a32f6267ea47d45 /mpi/ec.c | |
parent | f88adee3e1f3e2de7d63f92f90bfb3078afd3b4f (diff) | |
download | libgcrypt-88e1358962e902ff1cbec8d53ba3eee46407851a.tar.gz |
ecc: Constant-time multiplication for Weierstrass curve.
* mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary
method for Weierstrass curve when SCALAR is secure.
Diffstat (limited to 'mpi/ec.c')
-rw-r--r-- | mpi/ec.c | 19 |
1 files changed, 15 insertions, 4 deletions
@@ -1236,16 +1236,27 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, unsigned int i, loops; mpi_point_struct p1, p2, p1inv; - if (ctx->model == MPI_EC_EDWARDS) + if (ctx->model == MPI_EC_EDWARDS + || (ctx->model == MPI_EC_WEIERSTRASS + && mpi_is_secure (scalar))) { /* Simple left to right binary method. GECC Algorithm 3.27 */ unsigned int nbits; int j; nbits = mpi_get_nbits (scalar); - mpi_set_ui (result->x, 0); - mpi_set_ui (result->y, 1); - mpi_set_ui (result->z, 1); + if (ctx->model == MPI_EC_WEIERSTRASS) + { + mpi_set_ui (result->x, 1); + mpi_set_ui (result->y, 1); + mpi_set_ui (result->z, 0); + } + else + { + mpi_set_ui (result->x, 0); + mpi_set_ui (result->y, 1); + mpi_set_ui (result->z, 1); + } if (mpi_is_secure (scalar)) { |