+2021-10-23 Niels Möller <nisse@lysator.liu.se>
+
+ * gmp-glue.c (sec_zero_p): New function.
+ * ecc-curve25519.c (ecc_curve25519_zero_p): Use it.
+ * ecc-curve448.c (ecc_curve448_zero_p): Use it.
+ * ecc-random.c (ecdsa_in_range): Use it.
+ (zero_p): Delete static function.
+
2021-10-06 Niels Möller <nisse@lysator.liu.se>
* testsuite/ecc-mod-test.c: Extend tests to give better coverage
ecc_curve25519_zero_p (const struct ecc_modulo *p, mp_limb_t *xp)
{
mp_limb_t cy;
- mp_limb_t w;
- mp_size_t i;
#if PHIGH_BITS > 0
mp_limb_t hi = xp[ECC_LIMB_SIZE-1];
xp[ECC_LIMB_SIZE-1] = (hi & (GMP_NUMB_MASK >> PHIGH_BITS))
cy = mpn_sub_n (xp, xp, p->m, ECC_LIMB_SIZE);
mpn_cnd_add_n (cy, xp, xp, p->m, ECC_LIMB_SIZE);
- for (i = 0, w = 0; i < ECC_LIMB_SIZE; i++)
- w |= xp[i];
- return w == 0;
+ return sec_zero_p (xp, ECC_LIMB_SIZE);
}
/* Compute x such that x^2 = u/v (mod p). Returns one on success, zero
static int
ecc_curve448_zero_p (const struct ecc_modulo *p, mp_limb_t *xp)
{
- mp_limb_t cy;
- mp_limb_t w;
- mp_size_t i;
- cy = mpn_sub_n (xp, xp, p->m, ECC_LIMB_SIZE);
+ mp_limb_t cy = mpn_sub_n (xp, xp, p->m, ECC_LIMB_SIZE);
mpn_cnd_add_n (cy, xp, xp, p->m, ECC_LIMB_SIZE);
- for (i = 0, w = 0; i < ECC_LIMB_SIZE; i++)
- w |= xp[i];
- return w == 0;
+ return sec_zero_p (xp, ECC_LIMB_SIZE);
}
/* Compute x such that x^2 = u/v (mod p). Returns one on success, zero
#include "ecc-internal.h"
#include "nettle-internal.h"
-static int
-zero_p (const struct ecc_modulo *m,
- const mp_limb_t *xp)
-{
- mp_limb_t t;
- mp_size_t i;
-
- for (i = t = 0; i < m->size; i++)
- t |= xp[i];
-
- return t == 0;
-}
-
static int
ecdsa_in_range (const struct ecc_modulo *m,
const mp_limb_t *xp, mp_limb_t *scratch)
{
/* Check if 0 < x < q, with data independent timing. */
- return !zero_p (m, xp)
+ return !sec_zero_p (xp, m->size)
& (mpn_sub_n (scratch, xp, m->m, m->size) != 0);
}
#endif /* NETTLE_USE_MINI_GMP */
+int
+sec_zero_p (const mp_limb_t *ap, mp_size_t n)
+{
+ volatile mp_limb_t w;
+ mp_size_t i;
+
+ for (i = 0, w = 0; i < n; i++)
+ w |= ap[i];
+
+ return w == 0;
+}
+
/* Additional convenience functions. */
int
#define mpz_limbs_read_n _nettle_mpz_limbs_read_n
#define mpz_limbs_copy _nettle_mpz_limbs_copy
#define mpz_set_n _nettle_mpz_set_n
+#define sec_zero_p _nettle_sec_zero_p
#define mpn_set_base256 _nettle_mpn_set_base256
#define mpn_set_base256_le _nettle_mpn_set_base256_le
#define mpn_get_base256 _nettle_mpn_get_base256
mpn_cnd_swap (mp_limb_t cnd, volatile mp_limb_t *ap, volatile mp_limb_t *bp, mp_size_t n);
#endif
+/* Side-channel silent variant of mpn_zero_p. */
+int
+sec_zero_p (const mp_limb_t *ap, mp_size_t n);
+
#define NETTLE_OCTET_SIZE_TO_LIMB_SIZE(n) \
(((n) * 8 + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
projects / thirdparty / nettle.git / commitdiff
