From 097d4f555e8504f86f34dc6477324c49d4359da2 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Mon, 27 Sep 2021 12:55:33 +0200 Subject: [PATCH] Move mbedtls_cf_mpi_uint_lt function to the constant-time module Signed-off-by: Gabor Mezei --- library/bignum.c | 35 -------------------------------- library/constant_time.c | 44 +++++++++++++++++++++++++++++++++++++++++ library/constant_time.h | 11 +++++++++++ 3 files changed, 55 insertions(+), 35 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 5f0e735e2..a97bbe9f4 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1247,41 +1247,6 @@ int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ) return( 0 ); } -/** Decide if an integer is less than the other, without branches. - * - * \param x First integer. - * \param y Second integer. - * - * \return 1 if \p x is less than \p y, 0 otherwise - */ -static unsigned mbedtls_cf_mpi_uint_lt( const mbedtls_mpi_uint x, - const mbedtls_mpi_uint y ) -{ - mbedtls_mpi_uint ret; - mbedtls_mpi_uint cond; - - /* - * Check if the most significant bits (MSB) of the operands are different. - */ - cond = ( x ^ y ); - /* - * If the MSB are the same then the difference x-y will be negative (and - * have its MSB set to 1 during conversion to unsigned) if and only if x> ( sizeof( mbedtls_mpi_uint ) * 8 - 1 ); - - return (unsigned) ret; -} - /* * Compare signed values in constant time */ diff --git a/library/constant_time.c b/library/constant_time.c index 7da404662..b513c6a9d 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -20,6 +20,11 @@ #include "common.h" #include "constant_time.h" +#if defined(MBEDTLS_BIGNUM_C) +#include "mbedtls/bignum.h" +#endif + + /* constant-time buffer comparison */ int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) { @@ -229,3 +234,42 @@ unsigned mbedtls_cf_size_gt( size_t size, size_t max ) /* Return the sign bit (1 for negative) of (max - size). */ return( ( max - size ) >> ( sizeof( size_t ) * 8 - 1 ) ); } + +#if defined(MBEDTLS_BIGNUM_C) + +/** Decide if an integer is less than the other, without branches. + * + * \param x First integer. + * \param y Second integer. + * + * \return 1 if \p x is less than \p y, 0 otherwise + */ +unsigned mbedtls_cf_mpi_uint_lt( const mbedtls_mpi_uint x, + const mbedtls_mpi_uint y ) +{ + mbedtls_mpi_uint ret; + mbedtls_mpi_uint cond; + + /* + * Check if the most significant bits (MSB) of the operands are different. + */ + cond = ( x ^ y ); + /* + * If the MSB are the same then the difference x-y will be negative (and + * have its MSB set to 1 during conversion to unsigned) if and only if x> ( sizeof( mbedtls_mpi_uint ) * 8 - 1 ); + + return (unsigned) ret; +} + +#endif /* MBEDTLS_BIGNUM_C */ diff --git a/library/constant_time.h b/library/constant_time.h index eff7f446f..3c18b4ef9 100644 --- a/library/constant_time.h +++ b/library/constant_time.h @@ -19,6 +19,10 @@ #include "common.h" +#if defined(MBEDTLS_BIGNUM_C) +#include "mbedtls/bignum.h" +#endif + #include int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ); @@ -41,3 +45,10 @@ size_t mbedtls_cf_size_mask_ge( size_t x, size_t y ); size_t mbedtls_cf_size_bool_eq( size_t x, size_t y ); unsigned mbedtls_cf_size_gt( size_t size, size_t max ); + +#if defined(MBEDTLS_BIGNUM_C) + +unsigned mbedtls_cf_mpi_uint_lt( const mbedtls_mpi_uint x, + const mbedtls_mpi_uint y ); + +#endif /* MBEDTLS_BIGNUM_C */