Commit 337b29c3 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

Test and document EC blinding overhead

parent cac5f7d7
......@@ -427,8 +427,10 @@ int ecp_sub( const ecp_group *grp, ecp_point *R,
* \note If f_rng is not NULL, it is used to randomize projective
* coordinates of indermediate results, in order to prevent
* more elaborate timing attacks relying on intermediate
* operations. (This is a prophylactic measure since so such
* attack has been published yet.)
* operations. (This is a prophylactic measure since no such
* attack has been published yet.) Since this contermeasure
* has very low overhead, it is recommended to always provide
* a non-NULL f_rng parameter when using secret inputs.
*/
int ecp_mul( const ecp_group *grp, ecp_point *R,
const mpi *m, const ecp_point *P,
......
......@@ -28,6 +28,29 @@ int main( int argc, char *argv[] )
#else
static int myrand( void *rng_state, unsigned char *output, size_t len )
{
size_t use_len;
int rnd;
if( rng_state != NULL )
rng_state = NULL;
while( len > 0 )
{
use_len = len;
if( use_len > sizeof(int) )
use_len = sizeof(int);
rnd = rand();
memcpy( output, &rnd, use_len );
output += use_len;
len -= use_len;
}
return( 0 );
}
static void dhm_bench_case( const char *s, const char *p,
const char *g, const char *x )
{
......@@ -161,7 +184,7 @@ static void ecp_bench_case( size_t dp, const char *s, const char *m )
set_alarm( 3 );
for( i = 1; ! alarmed; i++ )
ecp_mul( &grp, &R, &M, &grp.G, NULL, NULL );
ecp_mul( &grp, &R, &M, &grp.G, myrand, NULL );
printf( "%9lu mul/s\n", i / 3 );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment