aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pk_pad/eme_oaep/oaep.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/pk_pad/eme_oaep/oaep.cpp')
-rw-r--r--src/lib/pk_pad/eme_oaep/oaep.cpp22
1 files changed, 11 insertions, 11 deletions
diff --git a/src/lib/pk_pad/eme_oaep/oaep.cpp b/src/lib/pk_pad/eme_oaep/oaep.cpp
index 398202bd1..9a8676ab9 100644
--- a/src/lib/pk_pad/eme_oaep/oaep.cpp
+++ b/src/lib/pk_pad/eme_oaep/oaep.cpp
@@ -72,7 +72,7 @@ secure_vector<uint8_t> OAEP::unpad(uint8_t& valid_mask,
Therefore, the first byte can always be skipped safely.
*/
- uint8_t skip_first = CT::is_zero<uint8_t>(in[0]) & 0x01;
+ const uint8_t skip_first = CT::Mask<uint8_t>::is_zero(in[0]).if_set_return(1);
secure_vector<uint8_t> input(in + skip_first, in + in_length);
@@ -105,37 +105,37 @@ oaep_find_delim(uint8_t& valid_mask,
CT::poison(input, input_len);
size_t delim_idx = 2 * hlen;
- uint8_t waiting_for_delim = 0xFF;
- uint8_t bad_input = 0;
+ CT::Mask<uint8_t> waiting_for_delim = CT::Mask<uint8_t>::set();
+ CT::Mask<uint8_t> bad_input = CT::Mask<uint8_t>::cleared();
for(size_t i = delim_idx; i < input_len; ++i)
{
- const uint8_t zero_m = CT::is_zero<uint8_t>(input[i]);
- const uint8_t one_m = CT::is_equal<uint8_t>(input[i], 1);
+ const auto zero_m = CT::Mask<uint8_t>::is_zero(input[i]);
+ const auto one_m = CT::Mask<uint8_t>::is_equal(input[i], 1);
- const uint8_t add_m = waiting_for_delim & zero_m;
+ const auto add_m = waiting_for_delim & zero_m;
bad_input |= waiting_for_delim & ~(zero_m | one_m);
- delim_idx += CT::select<uint8_t>(add_m, 1, 0);
+ delim_idx += add_m.if_set_return(1);
waiting_for_delim &= zero_m;
}
// If we never saw any non-zero byte, then it's not valid input
bad_input |= waiting_for_delim;
- bad_input |= CT::is_equal<uint8_t>(constant_time_compare(&input[hlen], Phash.data(), hlen), false);
+ bad_input |= CT::Mask<uint8_t>::is_zero(ct_compare_u8(&input[hlen], Phash.data(), hlen));
- delim_idx &= ~CT::expand_mask<size_t>(bad_input);
+ delim_idx = CT::Mask<size_t>::expand(bad_input.value()).if_not_set_return(delim_idx);
CT::unpoison(input, input_len);
CT::unpoison(&bad_input, 1);
CT::unpoison(&delim_idx, 1);
- valid_mask = ~bad_input;
+ valid_mask = (~bad_input).value();
secure_vector<uint8_t> output(input + delim_idx + 1, input + input_len);
- CT::cond_zero_mem(bad_input, output.data(), output.size());
+ bad_input.if_set_zero_out(output.data(), output.size());
return output;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 06:30:25 +0000