From 3d4dba84b71ff669ac81e2f1520f0ef2ad486765 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 15 Nov 2021 16:22:37 +0100 Subject: [PATCH] Move mbedtls_ct_base64_dec_value function to the constant-time module Signed-off-by: Gabor Mezei --- library/base64.c | 29 ----------------------------- library/constant_time.c | 28 ++++++++++++++++++++++++++++ library/constant_time_internal.h | 2 ++ 3 files changed, 30 insertions(+), 29 deletions(-) diff --git a/library/base64.c b/library/base64.c index f1a605501..b2e6dabcb 100644 --- a/library/base64.c +++ b/library/base64.c @@ -109,35 +109,6 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, return( 0 ); } -/* Given a Base64 digit, return its value. - * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'), - * return -1. - * - * The implementation assumes that letters are consecutive (e.g. ASCII - * but not EBCDIC). - * - * The implementation is constant-flow (no branch or memory access depending - * on the value of c) unless the compiler inlines and optimizes a specific - * access. - */ -MBEDTLS_STATIC_TESTABLE -signed char mbedtls_ct_base64_dec_value( unsigned char c ) -{ - unsigned char val = 0; - /* For each range of digits, if c is in that range, mask val with - * the corresponding value. Since c can only be in a single range, - * only at most one masking will change val. Set val to one plus - * the desired value so that it stays 0 if c is in none of the ranges. */ - val |= mbedtls_ct_uchar_mask_of_range( 'A', 'Z', c ) & ( c - 'A' + 0 + 1 ); - val |= mbedtls_ct_uchar_mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 ); - val |= mbedtls_ct_uchar_mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 ); - val |= mbedtls_ct_uchar_mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 ); - val |= mbedtls_ct_uchar_mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 ); - /* At this point, val is 0 if c is an invalid digit and v+1 if c is - * a digit with the value v. */ - return( val - 1 ); -} - /* * Decode a base64-formatted buffer */ diff --git a/library/constant_time.c b/library/constant_time.c index cdaa7fad9..5bf594fdd 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -344,6 +344,34 @@ unsigned char mbedtls_ct_base64_enc_char( unsigned char val ) return( digit ); } +/* Given a Base64 digit, return its value. + * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'), + * return -1. + * + * The implementation assumes that letters are consecutive (e.g. ASCII + * but not EBCDIC). + * + * The implementation is constant-flow (no branch or memory access depending + * on the value of c) unless the compiler inlines and optimizes a specific + * access. + */ +signed char mbedtls_ct_base64_dec_value( unsigned char c ) +{ + unsigned char val = 0; + /* For each range of digits, if c is in that range, mask val with + * the corresponding value. Since c can only be in a single range, + * only at most one masking will change val. Set val to one plus + * the desired value so that it stays 0 if c is in none of the ranges. */ + val |= mbedtls_ct_uchar_mask_of_range( 'A', 'Z', c ) & ( c - 'A' + 0 + 1 ); + val |= mbedtls_ct_uchar_mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 ); + val |= mbedtls_ct_uchar_mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 ); + val |= mbedtls_ct_uchar_mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 ); + val |= mbedtls_ct_uchar_mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 ); + /* At this point, val is 0 if c is an invalid digit and v+1 if c is + * a digit with the value v. */ + return( val - 1 ); +} + #endif /* MBEDTLS_BASE64_C */ #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index f0286221a..90d1ac673 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -171,6 +171,8 @@ void mbedtls_ct_mpi_uint_cond_assign( size_t n, unsigned char mbedtls_ct_base64_enc_char( unsigned char val ); +signed char mbedtls_ct_base64_dec_value( unsigned char c ); + #endif /* MBEDTLS_BASE64_C */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)