changeset 16521:b9bb059565a3

8168724: ECDSA signing improvments Reviewed-by: valeriep, vinnie, ahgross, asmotrak, robm
author xuelei
date Thu, 10 Nov 2016 15:52:48 +0000
parents 02bb07ba5b81
children 1ae231f52d78
files src/jdk.crypto.ec/share/native/libsunec/impl/ec.c
diffstat 1 files changed, 11 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c	Thu Nov 10 15:46:40 2016 +0000
+++ b/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c	Thu Nov 10 15:52:48 2016 +0000
@@ -34,7 +34,7 @@
  *   Dr Vipul Gupta <vipul.gupta@sun.com> and
  *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
  *
- * Last Modified Date from the Original Code: Nov 2016
+ * Last Modified Date from the Original Code: November 2016
  *********************************************************************** */
 
 #include "mplogic.h"
@@ -715,6 +715,16 @@
     }
 
     /*
+     * Using an equivalent exponent of fixed length (same as n or 1 bit less
+     * than n) to keep the kG timing relatively constant.
+     *
+     * Note that this is an extra step on top of the approach defined in
+     * ANSI X9.62 so as to make a fixed length K.
+     */
+    CHECK_MPI_OK( mp_add(&k, &n, &k) );
+    CHECK_MPI_OK( mp_div_2(&k, &k) );
+
+    /*
     ** ANSI X9.62, Section 5.3.2, Step 2
     **
     ** Compute kG