Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/ecmult_gen_impl.h
Show First 20 Lines • Show All 181 Lines • ▼ Show 20 Lines | if (seed32 != NULL) { | ||||
memcpy(keydata + 32, seed32, 32); | memcpy(keydata + 32, seed32, 32); | ||||
} | } | ||||
secp256k1_rfc6979_hmac_sha256_initialize(&rng, keydata, seed32 ? 64 : 32); | secp256k1_rfc6979_hmac_sha256_initialize(&rng, keydata, seed32 ? 64 : 32); | ||||
memset(keydata, 0, sizeof(keydata)); | memset(keydata, 0, sizeof(keydata)); | ||||
/* Retry for out of range results to achieve uniformity. */ | /* Retry for out of range results to achieve uniformity. */ | ||||
do { | do { | ||||
secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); | secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); | ||||
retry = !secp256k1_fe_set_b32(&s, nonce32); | retry = !secp256k1_fe_set_b32(&s, nonce32); | ||||
retry |= secp256k1_fe_is_zero(&s); | retry = retry || secp256k1_fe_is_zero(&s); | ||||
} while (retry); /* This branch true is cryptographically unreachable. Requires sha256_hmac output > Fp. */ | } while (retry); /* This branch true is cryptographically unreachable. Requires sha256_hmac output > Fp. */ | ||||
/* Randomize the projection to defend against multiplier sidechannels. */ | /* Randomize the projection to defend against multiplier sidechannels. */ | ||||
secp256k1_gej_rescale(&ctx->initial, &s); | secp256k1_gej_rescale(&ctx->initial, &s); | ||||
secp256k1_fe_clear(&s); | secp256k1_fe_clear(&s); | ||||
do { | do { | ||||
secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); | secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); | ||||
secp256k1_scalar_set_b32(&b, nonce32, &retry); | secp256k1_scalar_set_b32(&b, nonce32, &retry); | ||||
/* A blinding value of 0 works, but would undermine the projection hardening. */ | /* A blinding value of 0 works, but would undermine the projection hardening. */ | ||||
retry |= secp256k1_scalar_is_zero(&b); | retry = retry || secp256k1_scalar_is_zero(&b); | ||||
} while (retry); /* This branch true is cryptographically unreachable. Requires sha256_hmac output > order. */ | } while (retry); /* This branch true is cryptographically unreachable. Requires sha256_hmac output > order. */ | ||||
secp256k1_rfc6979_hmac_sha256_finalize(&rng); | secp256k1_rfc6979_hmac_sha256_finalize(&rng); | ||||
memset(nonce32, 0, 32); | memset(nonce32, 0, 32); | ||||
secp256k1_ecmult_gen(ctx, &gb, &b); | secp256k1_ecmult_gen(ctx, &gb, &b); | ||||
secp256k1_scalar_negate(&b, &b); | secp256k1_scalar_negate(&b, &b); | ||||
ctx->blind = b; | ctx->blind = b; | ||||
ctx->initial = gb; | ctx->initial = gb; | ||||
secp256k1_scalar_clear(&b); | secp256k1_scalar_clear(&b); | ||||
secp256k1_gej_clear(&gb); | secp256k1_gej_clear(&gb); | ||||
} | } | ||||
#endif /* SECP256K1_ECMULT_GEN_IMPL_H */ | #endif /* SECP256K1_ECMULT_GEN_IMPL_H */ |