#include "include/secp256k1_ecdh.h"
#include "ecmult_const_impl.h"
-static int ecdh_hash_function_sha256(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) {
- unsigned char version = (y[31] & 0x01) | 0x02;
+static int ecdh_hash_function_sha256(unsigned char *output, const unsigned char *x32, const unsigned char *y32, void *data) {
+ unsigned char version = (y32[31] & 0x01) | 0x02;
secp256k1_sha256 sha;
(void)data;
secp256k1_sha256_initialize(&sha);
secp256k1_sha256_write(&sha, &version, 1);
- secp256k1_sha256_write(&sha, x, 32);
+ secp256k1_sha256_write(&sha, x32, 32);
secp256k1_sha256_finalize(&sha, output);
return 1;
secp256k1_gej res;
secp256k1_ge pt;
secp256k1_scalar s;
+ unsigned char x[32];
+ unsigned char y[32];
+
VERIFY_CHECK(ctx != NULL);
ARG_CHECK(output != NULL);
ARG_CHECK(point != NULL);
ARG_CHECK(scalar != NULL);
+
if (hashfp == NULL) {
hashfp = secp256k1_ecdh_hash_function_default;
}
secp256k1_pubkey_load(ctx, &pt, point);
secp256k1_scalar_set_b32(&s, scalar, &overflow);
- if (overflow || secp256k1_scalar_is_zero(&s)) {
- ret = 0;
- } else {
- unsigned char x[32];
- unsigned char y[32];
-
- secp256k1_ecmult_const(&res, &pt, &s, 256);
- secp256k1_ge_set_gej(&pt, &res);
-
- /* Compute a hash of the point */
- secp256k1_fe_normalize(&pt.x);
- secp256k1_fe_normalize(&pt.y);
- secp256k1_fe_get_b32(x, &pt.x);
- secp256k1_fe_get_b32(y, &pt.y);
-
- ret = hashfp(output, x, y, data);
- }
+ overflow |= secp256k1_scalar_is_zero(&s);
+ secp256k1_scalar_cmov(&s, &secp256k1_scalar_one, overflow);
+
+ secp256k1_ecmult_const(&res, &pt, &s, 256);
+ secp256k1_ge_set_gej(&pt, &res);
+
+ /* Compute a hash of the point */
+ secp256k1_fe_normalize(&pt.x);
+ secp256k1_fe_normalize(&pt.y);
+ secp256k1_fe_get_b32(x, &pt.x);
+ secp256k1_fe_get_b32(y, &pt.y);
+
+ ret = hashfp(output, x, y, data);
+
+ memset(x, 0, 32);
+ memset(y, 0, 32);
secp256k1_scalar_clear(&s);
- return ret;
+
+ return !!ret & !overflow;
}
#endif /* SECP256K1_MODULE_ECDH_MAIN_H */
projects / secp256k1.git / blobdiff