ecc: Constant-time multiplication for Weierstrass curve.

* mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary method for Weierstrass curve when SCALAR is secure.
author: NIIBE Yutaka <gniibe@fsij.org> 2015-11-25 12:46:19 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2015-11-25 12:46:19 +0900
commit: 88e1358962e902ff1cbec8d53ba3eee46407851a (patch)
tree: a6f2dc2510d80c1b49daa6562a32f6267ea47d45
parent: f88adee3e1f3e2de7d63f92f90bfb3078afd3b4f (diff)
download: libgcrypt-88e1358962e902ff1cbec8d53ba3eee46407851a.tar.gz
1 files changed, 15 insertions, 4 deletions
diff --git a/mpi/ec.c b/mpi/ec.c
index 9394d89d..4d59a7e5 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -1236,16 +1236,27 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
   unsigned int i, loops;
   mpi_point_struct p1, p2, p1inv;
 
-  if (ctx->model == MPI_EC_EDWARDS)
+  if (ctx->model == MPI_EC_EDWARDS
+      || (ctx->model == MPI_EC_WEIERSTRASS
+          && mpi_is_secure (scalar)))
     {
       /* Simple left to right binary method.  GECC Algorithm 3.27 */
       unsigned int nbits;
       int j;
 
       nbits = mpi_get_nbits (scalar);
-      mpi_set_ui (result->x, 0);
-      mpi_set_ui (result->y, 1);
-      mpi_set_ui (result->z, 1);
+      if (ctx->model == MPI_EC_WEIERSTRASS)
+        {
+          mpi_set_ui (result->x, 1);
+          mpi_set_ui (result->y, 1);
+          mpi_set_ui (result->z, 0);
+        }
+      else
+        {
+          mpi_set_ui (result->x, 0);
+          mpi_set_ui (result->y, 1);
+          mpi_set_ui (result->z, 1);
+        }
 
       if (mpi_is_secure (scalar))
         {
author	NIIBE Yutaka <gniibe@fsij.org>	2015-11-25 12:46:19 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2015-11-25 12:46:19 +0900
commit	88e1358962e902ff1cbec8d53ba3eee46407851a (patch)
tree	a6f2dc2510d80c1b49daa6562a32f6267ea47d45
parent	f88adee3e1f3e2de7d63f92f90bfb3078afd3b4f (diff)
download	libgcrypt-88e1358962e902ff1cbec8d53ba3eee46407851a.tar.gz