Move mbedtls_ct_base64_enc_char function to the constant-time module

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-19 06:41:22 +00:00 · 2021-11-15 16:18:54 +01:00 · 2021-11-15 16:18:54 +01:00 · 200708d30a
parent 46f79c388d
commit 200708d30a
3 changed files with 29 additions and 19 deletions
--- a/library/base64.c
+++ b/library/base64.c
@ -23,6 +23,7 @@

 #include "mbedtls/base64.h"
 #include "base64_invasive.h"
+#include "constant_time_internal.h"

 #include <stdint.h>

@ -38,25 +39,6 @@

 #define BASE64_SIZE_T_MAX   ( (size_t) -1 ) /* SIZE_T_MAX is not standard */

-/* Given a value in the range 0..63, return the corresponding Base64 digit.
- * The implementation assumes that letters are consecutive (e.g. ASCII
- * but not EBCDIC).
- */
-MBEDTLS_STATIC_TESTABLE
-unsigned char mbedtls_ct_base64_enc_char( unsigned char val )
-{
-    unsigned char digit = 0;
-    /* For each range of values, if val is in that range, mask digit with
-     * the corresponding value. Since val can only be in a single range,
-     * only at most one masking will change digit. */
-    digit |= mbedtls_ct_uchar_mask_of_range(  0, 25, val ) & ( 'A' + val );
-    digit |= mbedtls_ct_uchar_mask_of_range( 26, 51, val ) & ( 'a' + val - 26 );
-    digit |= mbedtls_ct_uchar_mask_of_range( 52, 61, val ) & ( '0' + val - 52 );
-    digit |= mbedtls_ct_uchar_mask_of_range( 62, 62, val ) & '+';
-    digit |= mbedtls_ct_uchar_mask_of_range( 63, 63, val ) & '/';
-    return( digit );
-}
-
 /*
 * Encode a buffer into base64 format
 */
--- a/library/constant_time.c
+++ b/library/constant_time.c
@ -324,6 +324,28 @@ void mbedtls_ct_mpi_uint_cond_assign( size_t n,

 #endif /* MBEDTLS_BIGNUM_C */

+#if defined(MBEDTLS_BASE64_C)
+
+/* Given a value in the range 0..63, return the corresponding Base64 digit.
+ * The implementation assumes that letters are consecutive (e.g. ASCII
+ * but not EBCDIC).
+ */
+unsigned char mbedtls_ct_base64_enc_char( unsigned char val )
+{
+    unsigned char digit = 0;
+    /* For each range of values, if val is in that range, mask digit with
+     * the corresponding value. Since val can only be in a single range,
+     * only at most one masking will change digit. */
+    digit |= mbedtls_ct_uchar_mask_of_range(  0, 25, val ) & ( 'A' + val );
+    digit |= mbedtls_ct_uchar_mask_of_range( 26, 51, val ) & ( 'a' + val - 26 );
+    digit |= mbedtls_ct_uchar_mask_of_range( 52, 61, val ) & ( '0' + val - 52 );
+    digit |= mbedtls_ct_uchar_mask_of_range( 62, 62, val ) & '+';
+    digit |= mbedtls_ct_uchar_mask_of_range( 63, 63, val ) & '/';
+    return( digit );
+}
+
+#endif /* MBEDTLS_BASE64_C */
+
 #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)

 /** Shift some data towards the left inside a buffer.
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@ -167,6 +167,12 @@ void mbedtls_ct_mpi_uint_cond_assign( size_t n,

 #endif /* MBEDTLS_BIGNUM_C */

+#if defined(MBEDTLS_BASE64_C)
+
+unsigned char mbedtls_ct_base64_enc_char( unsigned char val );
+
+#endif /* MBEDTLS_BASE64_C */
+
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)

 /** Conditional memcpy without branches.