comparison src/jdk.crypto.ec/share/native/libsunec/impl/ecp.h @ 17280:f09a6beb1e23

8175110: Higher quality ECDSA operations Reviewed-by: jnimeh, valeriep, vinnie, xuelei
author apetcher
date Fri, 12 May 2017 17:30:47 +0100
parents f08705540498
children
comparison
equal deleted inserted replaced
0:4173ee34ff3f 1:97c87342b294
1 /* 1 /*
2 * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. 2 * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
3 * Use is subject to license terms. 3 * Use is subject to license terms.
4 * 4 *
5 * This library is free software; you can redistribute it and/or 5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public 6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either 7 * License as published by the Free Software Foundation; either
31 * the Initial Developer. All Rights Reserved. 31 * the Initial Developer. All Rights Reserved.
32 * 32 *
33 * Contributor(s): 33 * Contributor(s):
34 * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories 34 * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
35 * 35 *
36 * Last Modified Date from the Original Code: May 2017
36 *********************************************************************** */ 37 *********************************************************************** */
37 38
38 #ifndef _ECP_H 39 #ifndef _ECP_H
39 #define _ECP_H 40 #define _ECP_H
40 41
120 * coordinates. Input and output values are assumed to be NOT 121 * coordinates. Input and output values are assumed to be NOT
121 * field-encoded and are in affine form. */ 122 * field-encoded and are in affine form. */
122 mp_err 123 mp_err
123 ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, 124 ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
124 const mp_int *py, mp_int *rx, mp_int *ry, 125 const mp_int *py, mp_int *rx, mp_int *ry,
125 const ECGroup *group); 126 const ECGroup *group, int timing);
126 127
127 /* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic 128 /* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
128 * curve points P and R can be identical. Uses mixed Modified-Jacobian 129 * curve points P and R can be identical. Uses mixed Modified-Jacobian
129 * co-ordinates for doubling and Chudnovsky Jacobian coordinates for 130 * co-ordinates for doubling and Chudnovsky Jacobian coordinates for
130 * additions. Assumes input is already field-encoded using field_enc, and 131 * additions. Assumes input is already field-encoded using field_enc, and
131 * returns output that is still field-encoded. Uses 5-bit window NAF 132 * returns output that is still field-encoded. Uses 5-bit window NAF
132 * method (algorithm 11) for scalar-point multiplication from Brown, 133 * method (algorithm 11) for scalar-point multiplication from Brown,
133 * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic 134 * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic
134 * Curves Over Prime Fields. */ 135 * Curves Over Prime Fields. The implementation includes a countermeasure
136 * that attempts to hide the size of n from timing channels. This counter-
137 * measure is enabled using the timing argument. The high-rder bits of timing
138 * must be uniformly random in order for this countermeasure to work. */
135 mp_err 139 mp_err
136 ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py, 140 ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
137 mp_int *rx, mp_int *ry, const ECGroup *group); 141 mp_int *rx, mp_int *ry, const ECGroup *group,
142 int timing);
138 143
139 #endif /* _ECP_H */ 144 #endif /* _ECP_H */