Bitcoin Core  0.20.99
P2P Digital Currency
Functions | Variables
ecmult_gen_impl.h File Reference
#include "util.h"
#include "scalar.h"
#include "group.h"
#include "ecmult_gen.h"
#include "hash_impl.h"
Include dependency graph for ecmult_gen_impl.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

static void secp256k1_ecmult_gen_context_init (secp256k1_ecmult_gen_context *ctx)
 
static void secp256k1_ecmult_gen_context_build (secp256k1_ecmult_gen_context *ctx, void **prealloc)
 
static int secp256k1_ecmult_gen_context_is_built (const secp256k1_ecmult_gen_context *ctx)
 
static void secp256k1_ecmult_gen_context_finalize_memcpy (secp256k1_ecmult_gen_context *dst, const secp256k1_ecmult_gen_context *src)
 
static void secp256k1_ecmult_gen_context_clear (secp256k1_ecmult_gen_context *ctx)
 
static void secp256k1_ecmult_gen (const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *gn)
 
static void secp256k1_ecmult_gen_blind (secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32)
 

Variables

static const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE = ROUND_TO_ALIGN(sizeof(*((secp256k1_ecmult_gen_context*) NULL)->prec))
 

Function Documentation

◆ secp256k1_ecmult_gen()

static void secp256k1_ecmult_gen ( const secp256k1_ecmult_gen_context ctx,
secp256k1_gej r,
const secp256k1_scalar gn 
)
static

This uses a conditional move to avoid any secret data in array indexes. Any use of secret indexes has been demonstrated to result in timing sidechannels, even when the cache-line access patterns are uniform. See also: "A word of warning", CHES 2013 Rump Session, by Daniel J. Bernstein and Peter Schwabe (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and "Cache Attacks and Countermeasures: the Case of AES", RSA 2006, by Dag Arne Osvik, Adi Shamir, and Eran Tromer (http://www.tau.ac.il/~tromer/papers/cache.pdf)

Definition at line 125 of file ecmult_gen_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ecmult_gen_blind()

static void secp256k1_ecmult_gen_blind ( secp256k1_ecmult_gen_context ctx,
const unsigned char *  seed32 
)
static

Using a CSPRNG allows a failure free interface, avoids needing large amounts of random data, and guards against weak or adversarial seeds. This is a simpler and safer interface than asking the caller for blinding values directly and expecting them to retry on failure.

Definition at line 160 of file ecmult_gen_impl.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ secp256k1_ecmult_gen_context_build()

static void secp256k1_ecmult_gen_context_build ( secp256k1_ecmult_gen_context ctx,
void **  prealloc 
)
static

Definition at line 29 of file ecmult_gen_impl.h.

Here is the call graph for this function:

◆ secp256k1_ecmult_gen_context_clear()

static void secp256k1_ecmult_gen_context_clear ( secp256k1_ecmult_gen_context ctx)
static

Definition at line 119 of file ecmult_gen_impl.h.

Here is the call graph for this function:

◆ secp256k1_ecmult_gen_context_finalize_memcpy()

static void secp256k1_ecmult_gen_context_finalize_memcpy ( secp256k1_ecmult_gen_context dst,
const secp256k1_ecmult_gen_context src 
)
static

Definition at line 108 of file ecmult_gen_impl.h.

◆ secp256k1_ecmult_gen_context_init()

static void secp256k1_ecmult_gen_context_init ( secp256k1_ecmult_gen_context ctx)
static

Definition at line 25 of file ecmult_gen_impl.h.

◆ secp256k1_ecmult_gen_context_is_built()

static int secp256k1_ecmult_gen_context_is_built ( const secp256k1_ecmult_gen_context ctx)
static

Definition at line 104 of file ecmult_gen_impl.h.

Variable Documentation

◆ SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE

const size_t SECP256K1_ECMULT_GEN_CONTEXT_PREALLOCATED_SIZE = ROUND_TO_ALIGN(sizeof(*((secp256k1_ecmult_gen_context*) NULL)->prec))
static

Definition at line 20 of file ecmult_gen_impl.h.