| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 #include "ecp.h" | 5 #include "ecp.h" |
| 6 #include "mplogic.h" | 6 #include "mplogic.h" |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 /* Checks if point P(px, py) is at infinity. Uses affine coordinates. */ | 9 /* Checks if point P(px, py) is at infinity. Uses affine coordinates. */ |
| 10 mp_err | 10 mp_err |
| (...skipping 267 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 278 /* 3: Verify that publicValue is on the curve. */ | 278 /* 3: Verify that publicValue is on the curve. */ |
| 279 if (group->meth->field_enc) { | 279 if (group->meth->field_enc) { |
| 280 group->meth->field_enc(px, &pxt, group->meth); | 280 group->meth->field_enc(px, &pxt, group->meth); |
| 281 group->meth->field_enc(py, &pyt, group->meth); | 281 group->meth->field_enc(py, &pyt, group->meth); |
| 282 } else { | 282 } else { |
| 283 mp_copy(px, &pxt); | 283 mp_copy(px, &pxt); |
| 284 mp_copy(py, &pyt); | 284 mp_copy(py, &pyt); |
| 285 } | 285 } |
| 286 /* left-hand side: y^2 */ | 286 /* left-hand side: y^2 */ |
| 287 MP_CHECKOK( group->meth->field_sqr(&pyt, &accl, group->meth) ); | 287 MP_CHECKOK( group->meth->field_sqr(&pyt, &accl, group->meth) ); |
| 288 » /* right-hand side: x^3 + a*x + b */ | 288 » /* right-hand side: x^3 + a*x + b = (x^2 + a)*x + b by Horner's rule */ |
| 289 MP_CHECKOK( group->meth->field_sqr(&pxt, &tmp, group->meth) ); | 289 MP_CHECKOK( group->meth->field_sqr(&pxt, &tmp, group->meth) ); |
| 290 » MP_CHECKOK( group->meth->field_mul(&pxt, &tmp, &accr, group->meth) ); | 290 » MP_CHECKOK( group->meth->field_add(&tmp, &group->curvea, &tmp, group->me
th) ); |
| 291 » MP_CHECKOK( group->meth->field_mul(&group->curvea, &pxt, &tmp, group->me
th) ); | 291 » MP_CHECKOK( group->meth->field_mul(&tmp, &pxt, &accr, group->meth) ); |
| 292 » MP_CHECKOK( group->meth->field_add(&tmp, &accr, &accr, group->meth) ); | |
| 293 MP_CHECKOK( group->meth->field_add(&accr, &group->curveb, &accr, group->
meth) ); | 292 MP_CHECKOK( group->meth->field_add(&accr, &group->curveb, &accr, group->
meth) ); |
| 294 /* check LHS - RHS == 0 */ | 293 /* check LHS - RHS == 0 */ |
| 295 MP_CHECKOK( group->meth->field_sub(&accl, &accr, &accr, group->meth) ); | 294 MP_CHECKOK( group->meth->field_sub(&accl, &accr, &accr, group->meth) ); |
| 296 if (mp_cmp_z(&accr) != 0) { | 295 if (mp_cmp_z(&accr) != 0) { |
| 297 res = MP_NO; | 296 res = MP_NO; |
| 298 goto CLEANUP; | 297 goto CLEANUP; |
| 299 } | 298 } |
| 300 /* 4: Verify that the order of the curve times the publicValue | 299 /* 4: Verify that the order of the curve times the publicValue |
| 301 * is the point at infinity. | 300 * is the point at infinity. |
| 302 */ | 301 */ |
| 303 MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt) ); | 302 MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt) ); |
| 304 if (ec_GFp_pt_is_inf_aff(&pxt, &pyt) != MP_YES) { | 303 if (ec_GFp_pt_is_inf_aff(&pxt, &pyt) != MP_YES) { |
| 305 res = MP_NO; | 304 res = MP_NO; |
| 306 goto CLEANUP; | 305 goto CLEANUP; |
| 307 } | 306 } |
| 308 | 307 |
| 309 res = MP_YES; | 308 res = MP_YES; |
| 310 | 309 |
| 311 CLEANUP: | 310 CLEANUP: |
| 312 mp_clear(&accl); | 311 mp_clear(&accl); |
| 313 mp_clear(&accr); | 312 mp_clear(&accr); |
| 314 mp_clear(&tmp); | 313 mp_clear(&tmp); |
| 315 mp_clear(&pxt); | 314 mp_clear(&pxt); |
| 316 mp_clear(&pyt); | 315 mp_clear(&pyt); |
| 317 return res; | 316 return res; |
| 318 } | 317 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12207073:
Update to NSS 3.14.3 Beta 1 for the TLS CBC constant-time (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/