Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(134)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/lib/freebl/ecl/ecp_256_32.c

Issue 13898013: Update NSS to NSS_3_15_BETA2. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « nss/lib/freebl/ecl/ecp_256.c ('k') | nss/lib/freebl/ecl/ecp_384.c » ('j') | nss/lib/ssl/sslerr.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 4
5 /* A 32-bit implementation of the NIST P-256 elliptic curve. */ 5 /* A 32-bit implementation of the NIST P-256 elliptic curve. */
6 6
7 #include <string.h> 7 #include <string.h>
8 8
9 #include "prtypes.h" 9 #include "prtypes.h"
10 #include "mpi.h" 10 #include "mpi.h"
11 #include "mpi-priv.h" 11 #include "mpi-priv.h"
12 #include "ecp.h" 12 #include "ecp.h"
13 #include "secport.h"
14 13
15 typedef PRUint8 u8; 14 typedef PRUint8 u8;
16 typedef PRUint32 u32; 15 typedef PRUint32 u32;
17 typedef PRUint64 u64; 16 typedef PRUint64 u64;
18 17
19 /* Our field elements are represented as nine, unsigned 32-bit words. Freebl's 18 /* Our field elements are represented as nine, unsigned 32-bit words. Freebl's
20 * MPI library calls them digits, but here they are called limbs, which is 19 * MPI library calls them digits, but here they are called limbs, which is
21 * GMP's terminology. 20 * GMP's terminology.
22 * 21 *
23 * The value of an felem (field element) is: 22 * The value of an felem (field element) is:
(...skipping 1334 matching lines...) Expand 10 before | Expand all | Expand 10 after
1358 } 1357 }
1359 1358
1360 /* scalar_from_mp_int sets out_scalar=n, where n < the group order. */ 1359 /* scalar_from_mp_int sets out_scalar=n, where n < the group order. */
1361 static void scalar_from_mp_int(u8 out_scalar[32], const mp_int *n) 1360 static void scalar_from_mp_int(u8 out_scalar[32], const mp_int *n)
1362 { 1361 {
1363 /* We require that |n| is less than the order of the group and therefore it 1362 /* We require that |n| is less than the order of the group and therefore it
1364 * will fit into |out_scalar|. However, these is a timing side-channel here 1363 * will fit into |out_scalar|. However, these is a timing side-channel here
1365 * that we cannot avoid: if |n| is sufficiently small it may be one or more 1364 * that we cannot avoid: if |n| is sufficiently small it may be one or more
1366 * words too short and we'll copy less data. 1365 * words too short and we'll copy less data.
1367 */ 1366 */
1368 PORT_Assert(MP_USED(n) * sizeof(mp_digit) <= 32);
wtc 2013/04/23 00:58:05 In the NSS upstream, it is difficult for this file
agl 2013/04/24 22:27:00 I think this is fine.
1369 memset(out_scalar, 0, 32); 1367 memset(out_scalar, 0, 32);
1370 #ifdef IS_LITTLE_ENDIAN 1368 #ifdef IS_LITTLE_ENDIAN
1371 memcpy(out_scalar, MP_DIGITS(n), MP_USED(n) * sizeof(mp_digit)); 1369 memcpy(out_scalar, MP_DIGITS(n), MP_USED(n) * sizeof(mp_digit));
1372 #else 1370 #else
1373 { 1371 {
1374 mp_size i; 1372 mp_size i;
1375 mp_digit swapped[MP_DIGITS_IN_256_BITS]; 1373 mp_digit swapped[MP_DIGITS_IN_256_BITS];
1376 for (i = 0; i < MP_USED(n); i++) { 1374 for (i = 0; i < MP_USED(n); i++) {
1377 swapped[i] = BYTESWAP_MP_DIGIT_TO_LE(MP_DIGIT(n, i)); 1375 swapped[i] = BYTESWAP_MP_DIGIT_TO_LE(MP_DIGIT(n, i));
1378 } 1376 }
(...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after
1497 /* Wire in fast point multiplication for named curves. */ 1495 /* Wire in fast point multiplication for named curves. */
1498 mp_err ec_group_set_gfp256_32(ECGroup *group, ECCurveName name) 1496 mp_err ec_group_set_gfp256_32(ECGroup *group, ECCurveName name)
1499 { 1497 {
1500 if (name == ECCurve_NIST_P256) { 1498 if (name == ECCurve_NIST_P256) {
1501 group->base_point_mul = &ec_GFp_nistp256_base_point_mul; 1499 group->base_point_mul = &ec_GFp_nistp256_base_point_mul;
1502 group->point_mul = &ec_GFp_nistp256_point_mul; 1500 group->point_mul = &ec_GFp_nistp256_point_mul;
1503 group->points_mul = &ec_GFp_nistp256_points_mul_vartime; 1501 group->points_mul = &ec_GFp_nistp256_points_mul_vartime;
1504 } 1502 }
1505 return MP_OKAY; 1503 return MP_OKAY;
1506 } 1504 }
OLDNEW
« no previous file with comments | « nss/lib/freebl/ecl/ecp_256.c ('k') | nss/lib/freebl/ecl/ecp_384.c » ('j') | nss/lib/ssl/sslerr.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698