Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/ecmult_gen_impl.h
/********************************************************************** | /*********************************************************************** | ||||
* Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * | * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * | ||||
* Distributed under the MIT software license, see the accompanying * | * Distributed under the MIT software license, see the accompanying * | ||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.* | * file COPYING or https://www.opensource.org/licenses/mit-license.php.* | ||||
**********************************************************************/ | ***********************************************************************/ | ||||
#ifndef SECP256K1_ECMULT_GEN_IMPL_H | #ifndef SECP256K1_ECMULT_GEN_IMPL_H | ||||
#define SECP256K1_ECMULT_GEN_IMPL_H | #define SECP256K1_ECMULT_GEN_IMPL_H | ||||
#include "util.h" | #include "util.h" | ||||
#include "scalar.h" | #include "scalar.h" | ||||
#include "group.h" | #include "group.h" | ||||
#include "ecmult_gen.h" | #include "ecmult_gen.h" | ||||
▲ Show 20 Lines • Show All 125 Lines • ▼ Show 20 Lines | for (j = 0; j < ECMULT_GEN_PREC_N; j++) { | ||||
/** This uses a conditional move to avoid any secret data in array indexes. | /** This uses a conditional move to avoid any secret data in array indexes. | ||||
* _Any_ use of secret indexes has been demonstrated to result in timing | * _Any_ use of secret indexes has been demonstrated to result in timing | ||||
* sidechannels, even when the cache-line access patterns are uniform. | * sidechannels, even when the cache-line access patterns are uniform. | ||||
* See also: | * See also: | ||||
* "A word of warning", CHES 2013 Rump Session, by Daniel J. Bernstein and Peter Schwabe | * "A word of warning", CHES 2013 Rump Session, by Daniel J. Bernstein and Peter Schwabe | ||||
* (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and | * (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and | ||||
* "Cache Attacks and Countermeasures: the Case of AES", RSA 2006, | * "Cache Attacks and Countermeasures: the Case of AES", RSA 2006, | ||||
* by Dag Arne Osvik, Adi Shamir, and Eran Tromer | * by Dag Arne Osvik, Adi Shamir, and Eran Tromer | ||||
* (http://www.tau.ac.il/~tromer/papers/cache.pdf) | * (https://www.tau.ac.il/~tromer/papers/cache.pdf) | ||||
*/ | */ | ||||
secp256k1_ge_storage_cmov(&adds, &(*ctx->prec)[j][i], i == bits); | secp256k1_ge_storage_cmov(&adds, &(*ctx->prec)[j][i], i == bits); | ||||
} | } | ||||
secp256k1_ge_from_storage(&add, &adds); | secp256k1_ge_from_storage(&add, &adds); | ||||
secp256k1_gej_add_ge(r, r, &add); | secp256k1_gej_add_ge(r, r, &add); | ||||
} | } | ||||
bits = 0; | bits = 0; | ||||
secp256k1_ge_clear(&add); | secp256k1_ge_clear(&add); | ||||
▲ Show 20 Lines • Show All 53 Lines • Show Last 20 Lines |