From 2aadc03ef15cb5ca5cc2af8a7c08e070742f0ac4 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 4 May 2024 14:47:55 +0200
Subject: Adding upstream version 0.70.1+ds1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 vendor/elliptic-curve/src/scalar/blinded.rs | 74 +++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 vendor/elliptic-curve/src/scalar/blinded.rs

(limited to 'vendor/elliptic-curve/src/scalar/blinded.rs')

diff --git a/vendor/elliptic-curve/src/scalar/blinded.rs b/vendor/elliptic-curve/src/scalar/blinded.rs
new file mode 100644
index 0000000..29cfea9
--- /dev/null
+++ b/vendor/elliptic-curve/src/scalar/blinded.rs
@@ -0,0 +1,74 @@
+//! Random blinding support for [`Scalar`]
+
+use super::Scalar;
+use crate::{ops::Invert, CurveArithmetic};
+use group::ff::Field;
+use rand_core::CryptoRngCore;
+use subtle::CtOption;
+use zeroize::Zeroize;
+
+/// Scalar blinded with a randomly generated masking value.
+///
+/// This provides a randomly blinded impl of [`Invert`] which is useful for
+/// e.g. ECDSA ephemeral (`k`) scalars.
+///
+/// It implements masked variable-time inversions using Stein's algorithm, which
+/// may be helpful for performance on embedded platforms.
+#[derive(Clone)]
+pub struct BlindedScalar<C>
+where
+    C: CurveArithmetic,
+{
+    /// Actual scalar value.
+    scalar: Scalar<C>,
+
+    /// Mask value.
+    mask: Scalar<C>,
+}
+
+impl<C> BlindedScalar<C>
+where
+    C: CurveArithmetic,
+{
+    /// Create a new [`BlindedScalar`] from a scalar and a [`CryptoRngCore`].
+    pub fn new(scalar: Scalar<C>, rng: &mut impl CryptoRngCore) -> Self {
+        Self {
+            scalar,
+            mask: Scalar::<C>::random(rng),
+        }
+    }
+}
+
+impl<C> AsRef<Scalar<C>> for BlindedScalar<C>
+where
+    C: CurveArithmetic,
+{
+    fn as_ref(&self) -> &Scalar<C> {
+        &self.scalar
+    }
+}
+
+impl<C> Invert for BlindedScalar<C>
+where
+    C: CurveArithmetic,
+{
+    type Output = CtOption<Scalar<C>>;
+
+    fn invert(&self) -> CtOption<Scalar<C>> {
+        // prevent side channel analysis of scalar inversion by pre-and-post-multiplying
+        // with the random masking scalar
+        (self.scalar * self.mask)
+            .invert_vartime()
+            .map(|s| s * self.mask)
+    }
+}
+
+impl<C> Drop for BlindedScalar<C>
+where
+    C: CurveArithmetic,
+{
+    fn drop(&mut self) {
+        self.scalar.zeroize();
+        self.mask.zeroize();
+    }
+}
-- 
cgit v1.2.3