Move mbedtls_cf_size_mask_ge function to the constant-time module

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm 2021-09-27 11:58:31 +02:00
parent c76227d808
commit 16fc57bcc4
No known key found for this signature in database
GPG key ID: 106F5A41ECC305BD
3 changed files with 18 additions and 16 deletions

View file

@ -161,3 +161,19 @@ size_t mbedtls_cf_size_mask_lt( size_t x, size_t y )
return( mask );
}
/*
* Constant-flow mask generation for "greater or equal" comparison:
* - if x >= y, return all bits 1, that is (size_t) -1
* - otherwise, return all bits 0, that is 0
*
* This function can be used to write constant-time code by replacing branches
* with bit operations using masks.
*
* This function is implemented without using comparison operators, as those
* might be translated to branches by some compilers on some platforms.
*/
size_t mbedtls_cf_size_mask_ge( size_t x, size_t y )
{
return( ~mbedtls_cf_size_mask_lt( x, y ) );
}

View file

@ -35,3 +35,5 @@ unsigned mbedtls_cf_uint_mask( unsigned value );
size_t mbedtls_cf_size_mask( size_t bit );
size_t mbedtls_cf_size_mask_lt( size_t x, size_t y );
size_t mbedtls_cf_size_mask_ge( size_t x, size_t y );

View file

@ -939,22 +939,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
}
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
/*
* Constant-flow mask generation for "greater or equal" comparison:
* - if x >= y, return all bits 1, that is (size_t) -1
* - otherwise, return all bits 0, that is 0
*
* This function can be used to write constant-time code by replacing branches
* with bit operations using masks.
*
* This function is implemented without using comparison operators, as those
* might be translated to branches by some compilers on some platforms.
*/
static size_t mbedtls_cf_size_mask_ge( size_t x, size_t y )
{
return( ~mbedtls_cf_size_mask_lt( x, y ) );
}
/*
* Constant-flow boolean "equal" comparison:
* return x == y