From 46f79c388d8025e1352eefa37642e827337aead3 Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Mon, 15 Nov 2021 16:13:01 +0100
Subject: [PATCH] Move mbedtls_ct_uchar_mask_of_range function to the
 constant-time module

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/base64.c                        | 16 ---------
 library/constant_time.c                 | 23 +++++++++++++
 library/constant_time_invasive.h        | 44 +++++++++++++++++++++++++
 tests/suites/test_suite_base64.function |  2 ++
 4 files changed, 69 insertions(+), 16 deletions(-)
 create mode 100644 library/constant_time_invasive.h

diff --git a/library/base64.c b/library/base64.c
index b7e2e39378..2c4df83381 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -38,22 +38,6 @@
 
 #define BASE64_SIZE_T_MAX   ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
 
-/* Return 0xff if low <= c <= high, 0 otherwise.
- *
- * Constant flow with respect to c.
- */
-MBEDTLS_STATIC_TESTABLE
-unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low,
-                                              unsigned char high,
-                                              unsigned char c )
-{
-    /* low_mask is: 0 if low <= c, 0x...ff if low > c */
-    unsigned low_mask = ( (unsigned) c - low ) >> 8;
-    /* high_mask is: 0 if c <= high, 0x...ff if c > high */
-    unsigned high_mask = ( (unsigned) high - c ) >> 8;
-    return( ~( low_mask | high_mask ) & 0xff );
-}
-
 /* Given a value in the range 0..63, return the corresponding Base64 digit.
  * The implementation assumes that letters are consecutive (e.g. ASCII
  * but not EBCDIC).
diff --git a/library/constant_time.c b/library/constant_time.c
index b0e5ddec71..8900415044 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -40,6 +40,10 @@
 #include "mbedtls/rsa.h"
 #endif
 
+#if defined(MBEDTLS_BASE64_C)
+#include "constant_time_invasive.h"
+#endif
+
 #include <string.h>
 
 int mbedtls_ct_memcmp( const void *a,
@@ -150,6 +154,25 @@ size_t mbedtls_ct_size_mask_ge( size_t x,
 
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
 
+#if defined(MBEDTLS_BASE64_C)
+
+/* Return 0xff if low <= c <= high, 0 otherwise.
+ *
+ * Constant flow with respect to c.
+ */
+unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low,
+                                              unsigned char high,
+                                              unsigned char c )
+{
+    /* low_mask is: 0 if low <= c, 0x...ff if low > c */
+    unsigned low_mask = ( (unsigned) c - low ) >> 8;
+    /* high_mask is: 0 if c <= high, 0x...ff if c > high */
+    unsigned high_mask = ( (unsigned) high - c ) >> 8;
+    return( ~( low_mask | high_mask ) & 0xff );
+}
+
+#endif /* MBEDTLS_BASE64_C */
+
 unsigned mbedtls_ct_size_bool_eq( size_t x,
                                   size_t y )
 {
diff --git a/library/constant_time_invasive.h b/library/constant_time_invasive.h
new file mode 100644
index 0000000000..9008f5d430
--- /dev/null
+++ b/library/constant_time_invasive.h
@@ -0,0 +1,44 @@
+/**
+ * \file constant_time_invasive.h
+ *
+ * \brief Constant-time module: interfaces for invasive testing only.
+ *
+ * The interfaces in this file are intended for testing purposes only.
+ * They SHOULD NOT be made available in library integrations except when
+ * building the library for testing.
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#ifndef MBEDTLS_CONSTANT_TIME_INVASIVE_H
+#define MBEDTLS_CONSTANT_TIME_INVASIVE_H
+
+#include "common.h"
+
+#if defined(MBEDTLS_TEST_HOOKS)
+
+/* Return 0xff if low <= c <= high, 0 otherwise.
+ *
+ * Constant flow with respect to c.
+ */
+unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low,
+                                              unsigned char high,
+                                              unsigned char c );
+
+#endif /* MBEDTLS_TEST_HOOKS */
+
+#endif /* MBEDTLS_CONSTANT_TIME_INVASIVE_H */
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index d332047a60..89982047fe 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -1,6 +1,8 @@
 /* BEGIN_HEADER */
 #include "mbedtls/base64.h"
 #include "base64_invasive.h"
+#include "constant_time_internal.h"
+#include "constant_time_invasive.h"
 #include <test/constant_flow.h>
 
 #if defined(MBEDTLS_TEST_HOOKS)