Add ECCPoint_mult_safer() function This avoids the need for each calling site to manually regularize the scalar and randomize coordinates, which makes for simpler safe use and saves 50 bytes of code size in the library.

commit: ef238283d55fff7b4ae8601013596f5639a56988 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Nov 04 11:19:30 2019 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Nov 04 11:19:30 2019 +0100
tree: 06d2cd24835443b92d7d996e5034645b67d5b267
parent: c78d86b4991c260ff59fe06d54ae350f5f7720af [diff] [blame]
diff --git a/include/tinycrypt/ecc.h b/include/tinycrypt/ecc.h
index 9c53f3e..3996cd4 100644
--- a/include/tinycrypt/ecc.h
+++ b/include/tinycrypt/ecc.h

@@ -310,6 +310,20 @@
 		   bitcount_t num_bits, uECC_Curve curve);
 
 /*
+ * @brief Point multiplication algorithm using Montgomery's ladder with co-Z
+ * coordinates. See http://eprint.iacr.org/2011/338.pdf.
+ * Uses scalar regularization and coordinate randomization (if a global RNG
+ * function is set) in order to protect against some side channel attacks.
+ * @note Result may overlap point.
+ * @param result OUT -- returns scalar*point
+ * @param point IN -- elliptic curve point
+ * @param scalar IN -- scalar
+ * @param curve IN -- elliptic curve
+ */
+int EccPoint_mult_safer(uECC_word_t * result, const uECC_word_t * point,
+			const uECC_word_t * scalar, uECC_Curve curve);
+
+/*
  * @brief Constant-time comparison to zero - secure way to compare long integers
  * @param vli IN -- very long integer
  * @param num_words IN -- number of words in the vli
commit	ef238283d55fff7b4ae8601013596f5639a56988	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Nov 04 11:19:30 2019 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Nov 04 11:19:30 2019 +0100
tree	06d2cd24835443b92d7d996e5034645b67d5b267
parent	c78d86b4991c260ff59fe06d54ae350f5f7720af [diff] [blame]