Merge GH #1789 Improvements to const time lookups

author: Jack Lloyd <[email protected]> 2018-12-14 11:15:06 -0500
committer: Jack Lloyd <[email protected]> 2018-12-14 11:15:06 -0500
commit: 5b5f44f1d50153c39aa1e9495f5954c120b44b0d (patch)
tree: c5c93f6c12e065e1817ab8314e1c8b674478f8f3
parent: a2e1e5cbf4ff2c00894b8b816c4b20634f13b023 (diff)
parent: fd88c08eec57d0d73071d9c3f61171b04d965df6 (diff)
3 files changed, 26 insertions, 22 deletions
diff --git a/src/lib/math/numbertheory/monty_exp.cpp b/src/lib/math/numbertheory/monty_exp.cpp
index 62ba8fcc5..f067f33f8 100644
--- a/src/lib/math/numbertheory/monty_exp.cpp
+++ b/src/lib/math/numbertheory/monty_exp.cpp
@@ -76,22 +76,26 @@ void const_time_lookup(secure_vector<word>& output,
                        const std::vector<Montgomery_Int>& g,
                        size_t nibble)
    {
+   BOTAN_ASSERT_NOMSG(g.size() % 2 == 0); // actually a power of 2
+
    const size_t words = output.size();
 
    clear_mem(output.data(), output.size());
 
-   for(size_t i = 0; i != g.size(); ++i)
+   for(size_t i = 0; i != g.size(); i += 2)
       {
-      const secure_vector<word>& vec = g[i].repr().get_word_vector();
+      const secure_vector<word>& vec_0 = g[i  ].repr().get_word_vector();
+      const secure_vector<word>& vec_1 = g[i+1].repr().get_word_vector();
 
-      BOTAN_ASSERT(vec.size() >= words,
-                   "Word size as expected in const_time_lookup");
+      BOTAN_ASSERT_NOMSG(vec_0.size() >= words && vec_1.size() >= words);
 
-      const auto mask = CT::Mask<word>::is_equal(i, nibble);
+      const auto mask_0 = CT::Mask<word>::is_equal(nibble, i);
+      const auto mask_1 = CT::Mask<word>::is_equal(nibble, i+1);
 
       for(size_t w = 0; w != words; ++w)
          {
-         output[w] |= mask.if_set_return(vec[w]);
+         output[w] |= mask_0.if_set_return(vec_0[w]);
+         output[w] |= mask_1.if_set_return(vec_1[w]);
          }
       }
    }
diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp
index df9afa18d..5574a360c 100644
--- a/src/lib/pubkey/ec_group/point_gfp.cpp
+++ b/src/lib/pubkey/ec_group/point_gfp.cpp
@@ -11,6 +11,7 @@
 #include <botan/numthry.h>
 #include <botan/rng.h>
 #include <botan/internal/rounding.h>
+#include <botan/internal/ct_utils.h>
 
 namespace Botan {
 
@@ -76,12 +77,12 @@ inline void resize_ws(std::vector<BigInt>& ws_bn, size_t cap_size)
          ws_bn[i].get_word_vector().resize(cap_size);
    }
 
-inline bool all_zeros(const word x[], size_t len)
+inline word all_zeros(const word x[], size_t len)
    {
    word z = 0;
    for(size_t i = 0; i != len; ++i)
       z |= x[i];
-   return (z == 0);
+   return CT::Mask<word>::is_zero(z).value();
    }
 
 }
@@ -90,8 +91,10 @@ void PointGFp::add_affine(const word x_words[], size_t x_size,
                           const word y_words[], size_t y_size,
                           std::vector<BigInt>& ws_bn)
    {
-   if(all_zeros(x_words, x_size) && all_zeros(y_words, y_size))
+   if(all_zeros(x_words, x_size) & all_zeros(y_words, y_size))
+      {
       return;
+      }
 
    if(is_zero())
       {
@@ -172,7 +175,7 @@ void PointGFp::add(const word x_words[], size_t x_size,
                    const word z_words[], size_t z_size,
                    std::vector<BigInt>& ws_bn)
    {
-   if(all_zeros(x_words, x_size) && all_zeros(z_words, z_size))
+   if(all_zeros(x_words, x_size) & all_zeros(z_words, z_size))
       return;
 
    if(is_zero())
diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp
index 49d2f7be6..f5b621dda 100644
--- a/src/lib/pubkey/ec_group/point_mul.cpp
+++ b/src/lib/pubkey/ec_group/point_mul.cpp
@@ -141,18 +141,15 @@ PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k,
 
       for(size_t j = 0; j != elem_size; ++j)
          {
-         const word w1 = m_W[base_addr + 0*elem_size + j];
-         const word w2 = m_W[base_addr + 1*elem_size + j];
-         const word w3 = m_W[base_addr + 2*elem_size + j];
-         const word w4 = m_W[base_addr + 3*elem_size + j];
-         const word w5 = m_W[base_addr + 4*elem_size + j];
-         const word w6 = m_W[base_addr + 5*elem_size + j];
-         const word w7 = m_W[base_addr + 6*elem_size + j];
-
-         const word wl = w_is_1.select(w1, w_is_2.select(w2, w_is_3.select(w3, 0)));
-         const word wr = w_is_4.select(w4, w_is_5.select(w5, w_is_6.select(w6, w_is_7.select(w7, 0))));
-
-         Wt[j] = wl | wr;
+         const word w1 = w_is_1.if_set_return(m_W[base_addr + 0*elem_size + j]);
+         const word w2 = w_is_2.if_set_return(m_W[base_addr + 1*elem_size + j]);
+         const word w3 = w_is_3.if_set_return(m_W[base_addr + 2*elem_size + j]);
+         const word w4 = w_is_4.if_set_return(m_W[base_addr + 3*elem_size + j]);
+         const word w5 = w_is_5.if_set_return(m_W[base_addr + 4*elem_size + j]);
+         const word w6 = w_is_6.if_set_return(m_W[base_addr + 5*elem_size + j]);
+         const word w7 = w_is_7.if_set_return(m_W[base_addr + 6*elem_size + j]);
+
+         Wt[j] = w1 | w2 | w3 | w4 | w5 | w6 | w7;
          }
 
       R.add_affine(&Wt[0], m_p_words, &Wt[m_p_words], m_p_words, ws);
author	Jack Lloyd <[email protected]>	2018-12-14 11:15:06 -0500
committer	Jack Lloyd <[email protected]>	2018-12-14 11:15:06 -0500
commit	5b5f44f1d50153c39aa1e9495f5954c120b44b0d (patch)
tree	c5c93f6c12e065e1817ab8314e1c8b674478f8f3
parent	a2e1e5cbf4ff2c00894b8b816c4b20634f13b023 (diff)
parent	fd88c08eec57d0d73071d9c3f61171b04d965df6 (diff)