1 /* |
1 /* |
2 * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved. |
3 * Use is subject to license terms. |
3 * Use is subject to license terms. |
4 * |
4 * |
5 * This library is free software; you can redistribute it and/or |
5 * This library is free software; you can redistribute it and/or |
6 * modify it under the terms of the GNU Lesser General Public |
6 * modify it under the terms of the GNU Lesser General Public |
7 * License as published by the Free Software Foundation; either |
7 * License as published by the Free Software Foundation; either |
120 * coordinates. Input and output values are assumed to be NOT |
121 * coordinates. Input and output values are assumed to be NOT |
121 * field-encoded and are in affine form. */ |
122 * field-encoded and are in affine form. */ |
122 mp_err |
123 mp_err |
123 ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, |
124 ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, |
124 const mp_int *py, mp_int *rx, mp_int *ry, |
125 const mp_int *py, mp_int *rx, mp_int *ry, |
125 const ECGroup *group); |
126 const ECGroup *group, int timing); |
126 |
127 |
127 /* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic |
128 /* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic |
128 * curve points P and R can be identical. Uses mixed Modified-Jacobian |
129 * curve points P and R can be identical. Uses mixed Modified-Jacobian |
129 * co-ordinates for doubling and Chudnovsky Jacobian coordinates for |
130 * co-ordinates for doubling and Chudnovsky Jacobian coordinates for |
130 * additions. Assumes input is already field-encoded using field_enc, and |
131 * additions. Assumes input is already field-encoded using field_enc, and |
131 * returns output that is still field-encoded. Uses 5-bit window NAF |
132 * returns output that is still field-encoded. Uses 5-bit window NAF |
132 * method (algorithm 11) for scalar-point multiplication from Brown, |
133 * method (algorithm 11) for scalar-point multiplication from Brown, |
133 * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic |
134 * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic |
134 * Curves Over Prime Fields. */ |
135 * Curves Over Prime Fields. The implementation includes a countermeasure |
|
136 * that attempts to hide the size of n from timing channels. This counter- |
|
137 * measure is enabled using the timing argument. The high-rder bits of timing |
|
138 * must be uniformly random in order for this countermeasure to work. */ |
135 mp_err |
139 mp_err |
136 ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py, |
140 ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py, |
137 mp_int *rx, mp_int *ry, const ECGroup *group); |
141 mp_int *rx, mp_int *ry, const ECGroup *group, |
|
142 int timing); |
138 |
143 |
139 #endif /* _ECP_H */ |
144 #endif /* _ECP_H */ |