haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[P256] add warning for non constant time operation

Browse Source
This commit is contained in:
Vincent Hanquez 2015-05-30 10:38:59 +01:00
parent e2c1b82234
commit 4edb580cda
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Crypto/PubKey/ECC/P256.hs
View File

@ -81,6 +81,8 @@ pointAdd a b = withNewPoint $ \dx dy ->
ccryptonite_p256e_point_add ax ay bx by dx dy ccryptonite_p256e_point_add ax ay bx by dx dy
-- | Multiply a point by a scalar -- | Multiply a point by a scalar
--
-- warning: variable time
pointMul :: Scalar -> Point -> Point pointMul :: Scalar -> Point -> Point
pointMul scalar p = withNewPoint $ \dx dy -> pointMul scalar p = withNewPoint $ \dx dy ->
withScalar scalar $ \n -> withPoint p $ \px py -> withScalarZero $ \nzero -> withScalar scalar $ \n -> withPoint p $ \px py -> withScalarZero $ \nzero ->
@ -89,6 +91,8 @@ pointMul scalar p = withNewPoint $ \dx dy ->
-- | multiply the point @p with @n2 and add a lifted to curve value @n1 -- | multiply the point @p with @n2 and add a lifted to curve value @n1
-- --
-- > n1 * G + n2 * p -- > n1 * G + n2 * p
--
-- warning: variable time
pointsMulVarTime :: Scalar -> Scalar -> Point -> Point pointsMulVarTime :: Scalar -> Scalar -> Point -> Point
pointsMulVarTime n1 n2 p = withNewPoint $ \dx dy -> pointsMulVarTime n1 n2 p = withNewPoint $ \dx dy ->
withScalar n1 $ \pn1 -> withScalar n2 $ \pn2 -> withPoint p $ \px py -> withScalar n1 $ \pn1 -> withScalar n2 $ \pn2 -> withPoint p $ \px py ->
@ -130,7 +134,7 @@ scalarSub a b =
-- --
-- > 1 / a -- > 1 / a
-- --
-- variable time. -- warning: variable time
scalarInv :: Scalar -> Scalar scalarInv :: Scalar -> Scalar
scalarInv a = scalarInv a =
withNewScalarFreeze $ \b -> withScalar a $ \pa -> withNewScalarFreeze $ \b -> withScalar a $ \pa ->
@ -177,7 +181,6 @@ withTempScalar :: (Ptr P256Scalar -> IO a) -> IO a
withTempScalar f = ignoreSnd <$> B.allocRet scalarSize f withTempScalar f = ignoreSnd <$> B.allocRet scalarSize f
where ignoreSnd :: (a, ScrubbedBytes) -> a where ignoreSnd :: (a, ScrubbedBytes) -> a
ignoreSnd = fst ignoreSnd = fst
{-# NOINLINE withTempScalar #-}
withScalar :: Scalar -> (Ptr P256Scalar -> IO a) -> IO a withScalar :: Scalar -> (Ptr P256Scalar -> IO a) -> IO a
withScalar (Scalar d) f = B.withByteArray d f withScalar (Scalar d) f = B.withByteArray d f