aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-12-03 06:40:20 -0500
committerJack Lloyd <[email protected]>2018-12-03 06:40:20 -0500
commitd506b715c51cf3c609d5f61d47f025c050462c92 (patch)
tree45f3264a499004c44a8047cff7143e07c5b42b95 /src
parent6c3eef4013e7da971ae884fd4dcb8318fbfcc05b (diff)
Use const time reductions in Barrett and LCM computations
Diffstat (limited to 'src')
-rw-r--r--src/lib/math/bigint/divide.h17
-rw-r--r--src/lib/math/numbertheory/numthry.cpp3
-rw-r--r--src/lib/math/numbertheory/reducer.cpp7
3 files changed, 23 insertions, 4 deletions
diff --git a/src/lib/math/bigint/divide.h b/src/lib/math/bigint/divide.h
index ac9c43e81..e365dabb3 100644
--- a/src/lib/math/bigint/divide.h
+++ b/src/lib/math/bigint/divide.h
@@ -48,6 +48,23 @@ void BOTAN_PUBLIC_API(2,9) ct_divide(const BigInt& x,
*
* @param x an integer
* @param y a non-zero integer
+* @return x/y with remainder discarded
+*/
+inline BigInt ct_divide(const BigInt& x, const BigInt& y)
+ {
+ BigInt q, r;
+ ct_divide(x, y, q, r);
+ return q;
+ }
+
+/**
+* BigInt division, const time variant
+*
+* This runs with control flow independent of the values of x/y.
+* Warning: the loop bounds still leak the sizes of x and y.
+*
+* @param x an integer
+* @param y a non-zero integer
* @param q will be set to x / y
* @param r will be set to x % y
*/
diff --git a/src/lib/math/numbertheory/numthry.cpp b/src/lib/math/numbertheory/numthry.cpp
index 399a49cea..eba924b7c 100644
--- a/src/lib/math/numbertheory/numthry.cpp
+++ b/src/lib/math/numbertheory/numthry.cpp
@@ -9,6 +9,7 @@
#include <botan/pow_mod.h>
#include <botan/reducer.h>
#include <botan/monty.h>
+#include <botan/divide.h>
#include <botan/rng.h>
#include <botan/internal/bit_ops.h>
#include <botan/internal/mp_core.h>
@@ -83,7 +84,7 @@ BigInt gcd(const BigInt& a, const BigInt& b)
*/
BigInt lcm(const BigInt& a, const BigInt& b)
{
- return ((a * b) / gcd(a, b));
+ return ct_divide(a * b, gcd(a, b));
}
/*
diff --git a/src/lib/math/numbertheory/reducer.cpp b/src/lib/math/numbertheory/reducer.cpp
index a5321c47c..0468d004b 100644
--- a/src/lib/math/numbertheory/reducer.cpp
+++ b/src/lib/math/numbertheory/reducer.cpp
@@ -7,6 +7,7 @@
#include <botan/reducer.h>
#include <botan/internal/ct_utils.h>
+#include <botan/divide.h>
namespace Botan {
@@ -28,7 +29,7 @@ Modular_Reducer::Modular_Reducer(const BigInt& mod)
m_modulus_2 = Botan::square(m_modulus);
- m_mu = BigInt::power_of_2(2 * BOTAN_MP_WORD_BITS * m_mod_words) / m_modulus;
+ m_mu = ct_divide(BigInt::power_of_2(2 * BOTAN_MP_WORD_BITS * m_mod_words), m_modulus);
}
}
@@ -51,8 +52,8 @@ void Modular_Reducer::reduce(BigInt& t1, const BigInt& x, secure_vector<word>& w
if(x_sw >= (2*m_mod_words - 1) && x.cmp(m_modulus_2, false) >= 0)
{
- // too big, fall back to normal division
- t1 = x % m_modulus;
+ // too big, fall back to slow boat division
+ t1 = ct_modulo(x, m_modulus);
return;
}