From c76227d8084f5da857670e8294e054d60a5ba01f Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Mon, 27 Sep 2021 11:53:54 +0200 Subject: [PATCH] Move mbedtls_cf_size_mask_lt function to the constant-time module Signed-off-by: gabor-mezei-arm --- library/constant_time.c | 25 +++++++++++++++++++++++++ library/constant_time.h | 2 ++ library/ssl_msg.c | 25 ------------------------- 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 604859f0fe..928b9b7fe1 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -136,3 +136,28 @@ size_t mbedtls_cf_size_mask( size_t bit ) #pragma warning( pop ) #endif } + +/* + * Constant-flow mask generation for "less than" comparison: + * - if x < y, return all bits 1, that is (size_t) -1 + * - otherwise, return all bits 0, that is 0 + * + * This function can be used to write constant-time code by replacing branches + * with bit operations using masks. + * + * This function is implemented without using comparison operators, as those + * might be translated to branches by some compilers on some platforms. + */ +size_t mbedtls_cf_size_mask_lt( size_t x, size_t y ) +{ + /* This has the most significant bit set if and only if x < y */ + const size_t sub = x - y; + + /* sub1 = (x < y) ? 1 : 0 */ + const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 ); + + /* mask = (x < y) ? 0xff... : 0x00... */ + const size_t mask = mbedtls_cf_size_mask( sub1 ); + + return( mask ); +} diff --git a/library/constant_time.h b/library/constant_time.h index 3cbabe1d3b..0b759000a7 100644 --- a/library/constant_time.h +++ b/library/constant_time.h @@ -33,3 +33,5 @@ int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ); unsigned mbedtls_cf_uint_mask( unsigned value ); size_t mbedtls_cf_size_mask( size_t bit ); + +size_t mbedtls_cf_size_mask_lt( size_t x, size_t y ); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index df57cb0ca0..94f263d004 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -939,31 +939,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) -/* - * Constant-flow mask generation for "less than" comparison: - * - if x < y, return all bits 1, that is (size_t) -1 - * - otherwise, return all bits 0, that is 0 - * - * This function can be used to write constant-time code by replacing branches - * with bit operations using masks. - * - * This function is implemented without using comparison operators, as those - * might be translated to branches by some compilers on some platforms. - */ -static size_t mbedtls_cf_size_mask_lt( size_t x, size_t y ) -{ - /* This has the most significant bit set if and only if x < y */ - const size_t sub = x - y; - - /* sub1 = (x < y) ? 1 : 0 */ - const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 ); - - /* mask = (x < y) ? 0xff... : 0x00... */ - const size_t mask = mbedtls_cf_size_mask( sub1 ); - - return( mask ); -} - /* * Constant-flow mask generation for "greater or equal" comparison: * - if x >= y, return all bits 1, that is (size_t) -1