From e03d875830daa236f5b1e0d162ac01b01b29f8bc Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Tue, 23 Aug 2022 11:15:04 +0800 Subject: [PATCH] Updated is my code constant time? (markdown) --- is-my-code-constant-time?.md | 54 ++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/is-my-code-constant-time?.md b/is-my-code-constant-time?.md index 5254995..c6c6ead 100644 --- a/is-my-code-constant-time?.md +++ b/is-my-code-constant-time?.md @@ -51,3 +51,57 @@ __INLINE void cpSM2KE_reduction_x2w(BNU_CHUNK_T *r, const BNU_CHUNK_T *a, const 1. 纯golang可以通过代码生成。 1. amd64/arm64,至少需要实现加法,乘法已经有了。 +```golang +type Curve interface { + // ECDH performs a ECDH exchange and returns the shared secret. + // + // For NIST curves, this performs ECDH as specified in SEC 1, Version 2.0, + // Section 3.3.1, and returns the x-coordinate encoded according to SEC 1, + // Version 2.0, Section 2.3.5. In particular, if the result is the point at + // infinity, ECDH returns an error. (Note that for NIST curves, that's only + // possible if the private key is the all-zero value.) + // + // For X25519, this performs ECDH as specified in RFC 7748, Section 6.1. If + // the result is the all-zero value, ECDH returns an error. + ECDH(local *PrivateKey, remote *PublicKey) ([]byte, error) + + // SM2ECDH performs a SM2 exchange and returns the shared secret. + SM2ECDH(local *PrivateKey, remote *PublicKey, localUID, remoteUID []byte, keyLen int) ([]byte, error) + + // GenerateKey generates a new PrivateKey from rand. + GenerateKey(rand io.Reader) (*PrivateKey, error) + + // NewPrivateKey checks that key is valid and returns a PrivateKey. + // + // For NIST curves, this follows SEC 1, Version 2.0, Section 2.3.6, which + // amounts to decoding the bytes as a fixed length big endian integer and + // checking that the result is lower than the order of the curve. The zero + // private key is also rejected, as the encoding of the corresponding public + // key would be irregular. + // + // For X25519, this only checks the scalar length. Adversarially selected + // private keys can cause ECDH to return an error. + NewPrivateKey(key []byte) (*PrivateKey, error) + + // NewPublicKey checks that key is valid and returns a PublicKey. + // + // For NIST curves, this decodes an uncompressed point according to SEC 1, + // Version 2.0, Section 2.3.4. Compressed encodings and the point at + // infinity are rejected. + // + // For X25519, this only checks the u-coordinate length. Adversarially + // selected public keys can cause ECDH to return an error. + NewPublicKey(key []byte) (*PublicKey, error) + + // privateKeyToPublicKey converts a PrivateKey to a PublicKey. It's exposed + // as the PrivateKey.PublicKey method. + // + // This method always succeeds: for X25519, it might output the all-zeroes + // value (unlike the ECDH method); for NIST curves, it would only fail for + // the zero private key, which is rejected by NewPrivateKey. + // + // The private method also allow us to expand the ECDH interface with more + // methods in the future without breaking backwards compatibility. + privateKeyToPublicKey(*PrivateKey) *PublicKey +} +``` \ No newline at end of file