Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/ecmult_gen_impl.h
| /********************************************************************** | /*********************************************************************** | ||||
| * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * | * Copyright (c) 2013, 2014, 2015 Pieter Wuille, Gregory Maxwell * | ||||
| * Distributed under the MIT software license, see the accompanying * | * Distributed under the MIT software license, see the accompanying * | ||||
| * file COPYING or http://www.opensource.org/licenses/mit-license.php.* | * file COPYING or https://www.opensource.org/licenses/mit-license.php.* | ||||
| **********************************************************************/ | ***********************************************************************/ | ||||
| #ifndef SECP256K1_ECMULT_GEN_IMPL_H | #ifndef SECP256K1_ECMULT_GEN_IMPL_H | ||||
| #define SECP256K1_ECMULT_GEN_IMPL_H | #define SECP256K1_ECMULT_GEN_IMPL_H | ||||
| #include "util.h" | #include "util.h" | ||||
| #include "scalar.h" | #include "scalar.h" | ||||
| #include "group.h" | #include "group.h" | ||||
| #include "ecmult_gen.h" | #include "ecmult_gen.h" | ||||
| ▲ Show 20 Lines • Show All 125 Lines • ▼ Show 20 Lines | for (j = 0; j < ECMULT_GEN_PREC_N; j++) { | ||||
| /** This uses a conditional move to avoid any secret data in array indexes. | /** This uses a conditional move to avoid any secret data in array indexes. | ||||
| * _Any_ use of secret indexes has been demonstrated to result in timing | * _Any_ use of secret indexes has been demonstrated to result in timing | ||||
| * sidechannels, even when the cache-line access patterns are uniform. | * sidechannels, even when the cache-line access patterns are uniform. | ||||
| * See also: | * See also: | ||||
| * "A word of warning", CHES 2013 Rump Session, by Daniel J. Bernstein and Peter Schwabe | * "A word of warning", CHES 2013 Rump Session, by Daniel J. Bernstein and Peter Schwabe | ||||
| * (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and | * (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and | ||||
| * "Cache Attacks and Countermeasures: the Case of AES", RSA 2006, | * "Cache Attacks and Countermeasures: the Case of AES", RSA 2006, | ||||
| * by Dag Arne Osvik, Adi Shamir, and Eran Tromer | * by Dag Arne Osvik, Adi Shamir, and Eran Tromer | ||||
| * (http://www.tau.ac.il/~tromer/papers/cache.pdf) | * (https://www.tau.ac.il/~tromer/papers/cache.pdf) | ||||
| */ | */ | ||||
| secp256k1_ge_storage_cmov(&adds, &(*ctx->prec)[j][i], i == bits); | secp256k1_ge_storage_cmov(&adds, &(*ctx->prec)[j][i], i == bits); | ||||
| } | } | ||||
| secp256k1_ge_from_storage(&add, &adds); | secp256k1_ge_from_storage(&add, &adds); | ||||
| secp256k1_gej_add_ge(r, r, &add); | secp256k1_gej_add_ge(r, r, &add); | ||||
| } | } | ||||
| bits = 0; | bits = 0; | ||||
| secp256k1_ge_clear(&add); | secp256k1_ge_clear(&add); | ||||
| ▲ Show 20 Lines • Show All 53 Lines • Show Last 20 Lines | |||||