Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/modules/ecdh/main_impl.h
| Show All 24 Lines | int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *result, const secp256k1_pubkey *point, const unsigned char *scalar) { | ||||
| secp256k1_scalar_set_b32(&s, scalar, &overflow); | secp256k1_scalar_set_b32(&s, scalar, &overflow); | ||||
| if (overflow || secp256k1_scalar_is_zero(&s)) { | if (overflow || secp256k1_scalar_is_zero(&s)) { | ||||
| ret = 0; | ret = 0; | ||||
| } else { | } else { | ||||
| unsigned char x[32]; | unsigned char x[32]; | ||||
| unsigned char y[1]; | unsigned char y[1]; | ||||
| secp256k1_sha256 sha; | secp256k1_sha256 sha; | ||||
| secp256k1_ecmult_const(&res, &pt, &s); | secp256k1_ecmult_const(&res, &pt, &s, 256); | ||||
| secp256k1_ge_set_gej(&pt, &res); | secp256k1_ge_set_gej(&pt, &res); | ||||
| /* Compute a hash of the point in compressed form | /* Compute a hash of the point in compressed form | ||||
| * Note we cannot use secp256k1_eckey_pubkey_serialize here since it does not | * Note we cannot use secp256k1_eckey_pubkey_serialize here since it does not | ||||
| * expect its output to be secret and has a timing sidechannel. */ | * expect its output to be secret and has a timing sidechannel. */ | ||||
| secp256k1_fe_normalize(&pt.x); | secp256k1_fe_normalize(&pt.x); | ||||
| secp256k1_fe_normalize(&pt.y); | secp256k1_fe_normalize(&pt.y); | ||||
| secp256k1_fe_get_b32(x, &pt.x); | secp256k1_fe_get_b32(x, &pt.x); | ||||
| y[0] = 0x02 | secp256k1_fe_is_odd(&pt.y); | y[0] = 0x02 | secp256k1_fe_is_odd(&pt.y); | ||||
| Show All 13 Lines | |||||