Change ecp_mul() prototype to allow randomization
(Also improve an error code while at it.)
diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h
index ad31bff..5942231 100644
--- a/include/polarssl/ecp.h
+++ b/include/polarssl/ecp.h
@@ -411,17 +411,29 @@
* \param R Destination point
* \param m Integer by which to multiply
* \param P Point to multiply
+ * \param f_rng RNG function (see notes)
+ * \param p_rng RNG parameter
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
- * POLARSSL_ERR_ECP_GENERIC if m < 0 of m has greater bit
- * length than N, the number of points in the group.
+ * POLARSSL_ERR_ECP_BAD_INPUT_DATA if m < 0 of m has greater
+ * bit length than N, the number of points in the group.
*
- * \note This function executes a constant number of operations
- * for random m in the allowed range.
+ * \note In order to prevent simple timing attacks, this function
+ * executes a constant number of operations (that is, point
+ * doubling and addition of distinct points) for random m in
+ * the allowed range.
+ *
+ * \note If f_rng is not NULL, it is used to randomize projective
+ * coordinates of indermediate results, in order to prevent
+ * more elaborate timing attacks relying on intermediate
+ * operations. (This is a prophylactic measure since so such
+ * attack has been published yet.)
*/
int ecp_mul( const ecp_group *grp, ecp_point *R,
- const mpi *m, const ecp_point *P );
+ const mpi *m, const ecp_point *P,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
/**
* \brief Check that a point is a valid public key on this curve