aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/utils
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2015-10-17 23:21:14 -0400
committerJack Lloyd <[email protected]>2015-10-17 23:21:14 -0400
commitada3ce066d1edfe95ee8bffa82f0c2846908a4e1 (patch)
treed3818b138d9bcb11de1ce69660201c215140a1ab /src/lib/utils
parentea07110c86c7ae2601e71dd3c1134873ccfd721f (diff)
Cleanups in ct and oaep
In OAEP expand the const time block to cover MGF1 also
Diffstat (limited to 'src/lib/utils')
-rw-r--r--src/lib/utils/ct_utils.h99
1 files changed, 12 insertions, 87 deletions
diff --git a/src/lib/utils/ct_utils.h b/src/lib/utils/ct_utils.h
index 02148001e..4ae735330 100644
--- a/src/lib/utils/ct_utils.h
+++ b/src/lib/utils/ct_utils.h
@@ -40,25 +40,21 @@ namespace Botan {
#endif
/*
-* Constant time operations for 32 bit values:
-* mask, select, zero, equals, min, max
-*/
-
-/*
* Expand to a mask used for other operations
* @param in an integer
* @return 0 if in == 0 else 0xFFFFFFFF
*/
-
inline uint32_t ct_expand_mask_32(uint32_t x)
{
+ // First fold x down to a single bit:
uint32_t r = x;
- r |= r >> 1;
- r |= r >> 2;
- r |= r >> 4;
- r |= r >> 8;
r |= r >> 16;
+ r |= r >> 8;
+ r |= r >> 4;
+ r |= r >> 2;
+ r |= r >> 1;
r &= 1;
+ // assumes 2s complement signed representation
r = ~(r - 1);
return r;
}
@@ -68,23 +64,9 @@ inline uint32_t ct_select_mask_32(uint32_t mask, uint32_t a, uint32_t b)
return (a & mask) | (b & ~mask);
}
-inline uint32_t ct_select_cond_32(bool cond, uint32_t a, uint32_t b)
- {
- return ct_select_mask_32(ct_expand_mask_32(static_cast<uint32_t>(cond)), a, b);
- }
-
-inline uint32_t ct_get_high_bit_32(uint32_t x)
- {
- return (x >> (8 * sizeof(x) - 1));
- }
-
-/*
-* If x is zero, return 0xFFFF...
-* Otherwise returns zero
-*/
inline uint32_t ct_is_zero_32(uint32_t x)
{
- return ct_expand_mask_32(ct_get_high_bit_32(~x & (x-1)));
+ return ~ct_expand_mask_32(x);
}
inline uint32_t ct_is_equal_32(uint32_t x, uint32_t y)
@@ -92,43 +74,13 @@ inline uint32_t ct_is_equal_32(uint32_t x, uint32_t y)
return ct_is_zero_32(x ^ y);
}
-/**
-* Branch-free maximum
-* Note: assumes twos-complement signed representation
-* @param a an integer
-* @param b an integer
-* @return max(a,b)
-*/
-inline uint32_t ct_max_32(uint32_t a, uint32_t b)
- {
- const uint32_t s = b - a;
- return ct_select_cond_32(ct_get_high_bit_32(s), a, b);
- }
-
-/**
-* Branch-free minimum
-* Note: assumes twos-complement signed representation
-* @param a an integer
-* @param b an integer
-* @return min(a,b)
-*/
-inline uint32_t ct_min_32(uint32_t a, uint32_t b)
- {
- const uint32_t s = b - a;
- return ct_select_cond_32(ct_get_high_bit_32(s), b, a);
- }
-
-/*
-* Constant time operations for 16 bit values:
-* mask, select, zero, equals
-*/
inline uint16_t ct_expand_mask_16(uint16_t x)
{
uint16_t r = x;
- r |= r >> 1;
- r |= r >> 2;
- r |= r >> 4;
r |= r >> 8;
+ r |= r >> 4;
+ r |= r >> 2;
+ r |= r >> 1;
r &= 1;
r = ~(r - 1);
return r;
@@ -139,21 +91,9 @@ inline uint16_t ct_select_mask_16(uint16_t mask, uint16_t a, uint16_t b)
return (a & mask) | (b & ~mask);
}
-inline uint16_t ct_select_cond_16(bool cond, uint16_t a, uint16_t b)
- {
- return ct_select_mask_16(ct_expand_mask_16(static_cast<uint16_t>(cond)), a, b);
- }
-
-inline uint16_t ct_get_high_bit_16(uint16_t x)
- {
- return (x >> (8 * sizeof(x) - 1));
- }
-
inline uint16_t ct_is_zero_16(uint16_t x)
{
- //uint16_t z = x & (x - 1)
- //return ct_expand_mask_16((~x & (x-1))
- return ct_expand_mask_16(ct_get_high_bit_16(~x & (x-1)));
+ return ~ct_expand_mask_16(x);
}
inline uint16_t ct_is_equal_16(uint16_t x, uint16_t y)
@@ -161,11 +101,6 @@ inline uint16_t ct_is_equal_16(uint16_t x, uint16_t y)
return ct_is_zero_16(x ^ y);
}
-/*
-* Constant time operations for 8 bit values:
-* mask, select, zero, equals
-*/
-
inline uint8_t ct_expand_mask_8(uint8_t x)
{
uint8_t r = x;
@@ -182,19 +117,9 @@ inline uint8_t ct_select_mask_8(uint8_t mask, uint8_t a, uint8_t b)
return (a & mask) | (b & ~mask);
}
-inline uint8_t ct_select_cond_8(bool cond, uint8_t a, uint8_t b)
- {
- return ct_select_mask_8(ct_expand_mask_8(static_cast<uint8_t>(cond)), a, b);
- }
-
-inline uint8_t ct_get_high_bit_8(uint8_t x)
- {
- return (x >> (8 * sizeof(x) - 1));
- }
-
inline uint8_t ct_is_zero_8(uint8_t x)
{
- return ct_expand_mask_8(ct_get_high_bit_8(~x & (x-1)));
+ return ~ct_expand_mask_8(x);
}
inline uint8_t ct_is_equal_8(uint8_t x, uint8_t y)