diff options
author | Jack Lloyd <[email protected]> | 2015-10-17 23:21:14 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2015-10-17 23:21:14 -0400 |
commit | ada3ce066d1edfe95ee8bffa82f0c2846908a4e1 (patch) | |
tree | d3818b138d9bcb11de1ce69660201c215140a1ab /src/lib/utils | |
parent | ea07110c86c7ae2601e71dd3c1134873ccfd721f (diff) |
Cleanups in ct and oaep
In OAEP expand the const time block to cover MGF1 also
Diffstat (limited to 'src/lib/utils')
-rw-r--r-- | src/lib/utils/ct_utils.h | 99 |
1 files changed, 12 insertions, 87 deletions
diff --git a/src/lib/utils/ct_utils.h b/src/lib/utils/ct_utils.h index 02148001e..4ae735330 100644 --- a/src/lib/utils/ct_utils.h +++ b/src/lib/utils/ct_utils.h @@ -40,25 +40,21 @@ namespace Botan { #endif /* -* Constant time operations for 32 bit values: -* mask, select, zero, equals, min, max -*/ - -/* * Expand to a mask used for other operations * @param in an integer * @return 0 if in == 0 else 0xFFFFFFFF */ - inline uint32_t ct_expand_mask_32(uint32_t x) { + // First fold x down to a single bit: uint32_t r = x; - r |= r >> 1; - r |= r >> 2; - r |= r >> 4; - r |= r >> 8; r |= r >> 16; + r |= r >> 8; + r |= r >> 4; + r |= r >> 2; + r |= r >> 1; r &= 1; + // assumes 2s complement signed representation r = ~(r - 1); return r; } @@ -68,23 +64,9 @@ inline uint32_t ct_select_mask_32(uint32_t mask, uint32_t a, uint32_t b) return (a & mask) | (b & ~mask); } -inline uint32_t ct_select_cond_32(bool cond, uint32_t a, uint32_t b) - { - return ct_select_mask_32(ct_expand_mask_32(static_cast<uint32_t>(cond)), a, b); - } - -inline uint32_t ct_get_high_bit_32(uint32_t x) - { - return (x >> (8 * sizeof(x) - 1)); - } - -/* -* If x is zero, return 0xFFFF... -* Otherwise returns zero -*/ inline uint32_t ct_is_zero_32(uint32_t x) { - return ct_expand_mask_32(ct_get_high_bit_32(~x & (x-1))); + return ~ct_expand_mask_32(x); } inline uint32_t ct_is_equal_32(uint32_t x, uint32_t y) @@ -92,43 +74,13 @@ inline uint32_t ct_is_equal_32(uint32_t x, uint32_t y) return ct_is_zero_32(x ^ y); } -/** -* Branch-free maximum -* Note: assumes twos-complement signed representation -* @param a an integer -* @param b an integer -* @return max(a,b) -*/ -inline uint32_t ct_max_32(uint32_t a, uint32_t b) - { - const uint32_t s = b - a; - return ct_select_cond_32(ct_get_high_bit_32(s), a, b); - } - -/** -* Branch-free minimum -* Note: assumes twos-complement signed representation -* @param a an integer -* @param b an integer -* @return min(a,b) -*/ -inline uint32_t ct_min_32(uint32_t a, uint32_t b) - { - const uint32_t s = b - a; - return ct_select_cond_32(ct_get_high_bit_32(s), b, a); - } - -/* -* Constant time operations for 16 bit values: -* mask, select, zero, equals -*/ inline uint16_t ct_expand_mask_16(uint16_t x) { uint16_t r = x; - r |= r >> 1; - r |= r >> 2; - r |= r >> 4; r |= r >> 8; + r |= r >> 4; + r |= r >> 2; + r |= r >> 1; r &= 1; r = ~(r - 1); return r; @@ -139,21 +91,9 @@ inline uint16_t ct_select_mask_16(uint16_t mask, uint16_t a, uint16_t b) return (a & mask) | (b & ~mask); } -inline uint16_t ct_select_cond_16(bool cond, uint16_t a, uint16_t b) - { - return ct_select_mask_16(ct_expand_mask_16(static_cast<uint16_t>(cond)), a, b); - } - -inline uint16_t ct_get_high_bit_16(uint16_t x) - { - return (x >> (8 * sizeof(x) - 1)); - } - inline uint16_t ct_is_zero_16(uint16_t x) { - //uint16_t z = x & (x - 1) - //return ct_expand_mask_16((~x & (x-1)) - return ct_expand_mask_16(ct_get_high_bit_16(~x & (x-1))); + return ~ct_expand_mask_16(x); } inline uint16_t ct_is_equal_16(uint16_t x, uint16_t y) @@ -161,11 +101,6 @@ inline uint16_t ct_is_equal_16(uint16_t x, uint16_t y) return ct_is_zero_16(x ^ y); } -/* -* Constant time operations for 8 bit values: -* mask, select, zero, equals -*/ - inline uint8_t ct_expand_mask_8(uint8_t x) { uint8_t r = x; @@ -182,19 +117,9 @@ inline uint8_t ct_select_mask_8(uint8_t mask, uint8_t a, uint8_t b) return (a & mask) | (b & ~mask); } -inline uint8_t ct_select_cond_8(bool cond, uint8_t a, uint8_t b) - { - return ct_select_mask_8(ct_expand_mask_8(static_cast<uint8_t>(cond)), a, b); - } - -inline uint8_t ct_get_high_bit_8(uint8_t x) - { - return (x >> (8 * sizeof(x) - 1)); - } - inline uint8_t ct_is_zero_8(uint8_t x) { - return ct_expand_mask_8(ct_get_high_bit_8(~x & (x-1))); + return ~ct_expand_mask_8(x); } inline uint8_t ct_is_equal_8(uint8_t x, uint8_t y) |