commit 143b5028a5a0a2ff545bc1de40d92b675e8da886
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Sep 04 16:29:59 2013 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Sep 04 16:29:59 2013 +0200
tree f0c114a50048c540220a71a51afc0a61f8e8606a
parent 2d627649bfaef83cbba70752b3e169012620724c

Implement DH blinding

include/polarssl/dhm.h

diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h
index 4d7bd8a..4874bc8 100644
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h
@@ -147,6 +147,9 @@
     mpi GY;     /*!<  peer = G^Y mod P  */
     mpi K;      /*!<  key = GY^X mod P  */
     mpi RP;     /*!<  cached R^2 mod P  */
+    mpi Vi;     /*!<  blinding value    */
+    mpi Vf;     /*!<  un-blinding value */
+    mpi _X;     /*!<  previous X        */
 }
 dhm_context;
 
@@ -223,6 +226,9 @@
  * \param p_rng    RNG parameter
  *
  * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
+ *
+ * \note           If f_rng is not NULL, it is used to blind the input as
+ *                 countermeasure against timing attacks.
  */
 int dhm_calc_secret( dhm_context *ctx,
                      unsigned char *output, size_t *olen,