diff options
author | Werner Koch <wk@gnupg.org> | 2013-12-02 17:09:04 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2013-12-02 17:09:04 +0100 |
commit | d4ce0cfe0d35d7ec69c115456848b5b735c928ea (patch) | |
tree | 7f3bb2af41c2de5a61c1bca8343cb0b12d131ff6 /mpi | |
parent | 14ae6224b1b17abbfc80c26ad0f4c60f1e8635e2 (diff) | |
download | libgcrypt-d4ce0cfe0d35d7ec69c115456848b5b735c928ea.tar.gz |
ecc: Use constant time point operation for Twisted Edwards.
* mpi/ec.c (_gcry_mpi_ec_mul_point): Try to do a constant time
operation if needed.
* tests/benchmark.c (main): Add option --use-secmem.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'mpi')
-rw-r--r-- | mpi/ec.c | 27 |
1 files changed, 23 insertions, 4 deletions
@@ -1117,11 +1117,30 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, mpi_set_ui (result->y, 1); mpi_set_ui (result->z, 1); - for (j=nbits-1; j >= 0; j--) + if (mpi_is_secure (scalar)) { - _gcry_mpi_ec_dup_point (result, result, ctx); - if (mpi_test_bit (scalar, j) == 1) - _gcry_mpi_ec_add_points (result, result, point, ctx); + /* If SCALAR is in secure memory we assume that it is the + secret key we use constant time operation. */ + mpi_point_struct tmppnt; + + point_init (&tmppnt); + for (j=nbits-1; j >= 0; j--) + { + _gcry_mpi_ec_dup_point (result, result, ctx); + _gcry_mpi_ec_add_points (&tmppnt, result, point, ctx); + if (mpi_test_bit (scalar, j)) + point_set (result, &tmppnt); + } + point_free (&tmppnt); + } + else + { + for (j=nbits-1; j >= 0; j--) + { + _gcry_mpi_ec_dup_point (result, result, ctx); + if (mpi_test_bit (scalar, j)) + _gcry_mpi_ec_add_points (result, result, point, ctx); + } } return; } |