yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-03 15:56:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move mbedtls_cf_cond_select_sign function to the constant-time module

Browse source 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm 2021-09-27 13:03:57 +02:00 committed by Gabor Mezei
parent 7533253125
commit 5cec8b44a8
No known key found for this signature in database
GPG key ID: 106F5A41ECC305BD
3 changed files with 31 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
library/bignum.c
View file

@ -269,36 +269,6 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
memcpy( Y, &T, sizeof( mbedtls_mpi ) ); memcpy( Y, &T, sizeof( mbedtls_mpi ) );
} }
/**
* Select between two sign values in constant-time.
*
* This is functionally equivalent to second ? a : b but uses only bit
* operations in order to avoid branches.
*
* \param[in] a The first sign; must be either +1 or -1.
* \param[in] b The second sign; must be either +1 or -1.
* \param[in] second Must be either 1 (return b) or 0 (return a).
*
* \return The selected sign value.
*/
static int mbedtls_cf_cond_select_sign( int a, int b, unsigned char second )
{
/* In order to avoid questions about what we can reasonnably assume about
* the representations of signed integers, move everything to unsigned
* by taking advantage of the fact that a and b are either +1 or -1. */
unsigned ua = a + 1;
unsigned ub = b + 1;
/* second was 0 or 1, mask is 0 or 2 as are ua and ub */
const unsigned mask = second << 1;
/* select ua or ub */
unsigned ur = ( ua & ~mask ) | ( ub & mask );
/* ur is now 0 or 2, convert back to -1 or +1 */
return( (int) ur - 1 );
}
/* /*
* Conditionally assign dest = src, without leaking information * Conditionally assign dest = src, without leaking information
* about whether the assignment was made or not. * about whether the assignment was made or not.

30
library/constant_time.c
View file

@ -289,3 +289,33 @@ unsigned mbedtls_cf_uint_if( unsigned cond, unsigned if1, unsigned if0 )
unsigned mask = mbedtls_cf_uint_mask( cond ); unsigned mask = mbedtls_cf_uint_mask( cond );
return( ( mask & if1 ) | (~mask & if0 ) ); return( ( mask & if1 ) | (~mask & if0 ) );
} }
/**
* Select between two sign values in constant-time.
*
* This is functionally equivalent to second ? a : b but uses only bit
* operations in order to avoid branches.
*
* \param[in] a The first sign; must be either +1 or -1.
* \param[in] b The second sign; must be either +1 or -1.
* \param[in] second Must be either 1 (return b) or 0 (return a).
*
* \return The selected sign value.
*/
int mbedtls_cf_cond_select_sign( int a, int b, unsigned char second )
{
/* In order to avoid questions about what we can reasonnably assume about
* the representations of signed integers, move everything to unsigned
* by taking advantage of the fact that a and b are either +1 or -1. */
unsigned ua = a + 1;
unsigned ub = b + 1;
/* second was 0 or 1, mask is 0 or 2 as are ua and ub */
const unsigned mask = second << 1;
/* select ua or ub */
unsigned ur = ( ua & ~mask ) | ( ub & mask );
/* ur is now 0 or 2, convert back to -1 or +1 */
return( (int) ur - 1 );
}

1
library/constant_time.h
View file

@ -55,3 +55,4 @@ unsigned mbedtls_cf_mpi_uint_lt( const mbedtls_mpi_uint x,
unsigned mbedtls_cf_uint_if( unsigned cond, unsigned if1, unsigned if0 ); unsigned mbedtls_cf_uint_if( unsigned cond, unsigned if1, unsigned if0 );
int mbedtls_cf_cond_select_sign( int a, int b, unsigned char second );