From 3eff425b1ae1a3f65fefbf47afcb1e868ced007a Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 26 Sep 2022 17:26:42 +0200 Subject: [PATCH] Use only one limb parameter for assign Signed-off-by: Gabor Mezei --- library/bignum_core.c | 11 ++--------- library/bignum_core.h | 7 +++---- library/bignum_mod_raw.c | 3 +-- library/constant_time.c | 8 +++++++- tests/suites/test_suite_mpi.function | 2 +- 5 files changed, 14 insertions(+), 17 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 7074a0962..83c115e11 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -163,18 +163,11 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, } void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, - size_t X_limbs, const mbedtls_mpi_uint *Y, - size_t Y_limbs, + size_t limbs, unsigned char assign ) { - /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ - mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( assign ); - - mbedtls_ct_mpi_uint_cond_assign( Y_limbs, X, Y, assign ); - - for( size_t i = Y_limbs; i < X_limbs; i++ ) - X[i] &= ~limb_mask; + mbedtls_ct_mpi_uint_cond_assign( limbs, X, Y, assign ); } void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X, diff --git a/library/bignum_core.h b/library/bignum_core.h index d8951486c..cf7688d17 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -79,9 +79,9 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, * the condition was true or not. * * \param[OUT] X The address of the first MPI. This must be initialized. - * \param X_limbs The number of limbs of \p X. + * It must have at least \p limbs limbs. * \param[IN] Y The address of the second MPI. This must be initialized. - * \param Y_limbs The number of limbs of \p Y. + * \param limbs The number of limbs of \p Y. * \param assign The condition deciding whether to perform the * assignment or not. Must be either 0 or 1: * * \c 1: Perform the assignment `X = Y`. @@ -95,9 +95,8 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A, * neither its original value nor the value in \p Y. */ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X, - size_t X_limbs, const mbedtls_mpi_uint *Y, - size_t Y_limbs, + size_t limbs, unsigned char assign ); /** diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 98994ab36..3c7f88966 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -46,8 +46,7 @@ void mbedtls_mpi_mod_raw_cond_assign( mbedtls_mpi_uint *X, const mbedtls_mpi_mod_modulus *m, unsigned char assign ) { - mbedtls_mpi_core_cond_assign( X, m->limbs, - Y, m->limbs, assign ); + mbedtls_mpi_core_cond_assign( X, Y, m->limbs, assign ); } void mbedtls_mpi_mod_raw_cond_swap( mbedtls_mpi_uint *X, diff --git a/library/constant_time.c b/library/constant_time.c index 7bf67f432..d01998bd7 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -682,11 +682,17 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( Y != NULL ); + /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ + mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask( assign ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); X->s = mbedtls_ct_cond_select_sign( assign, Y->s, X->s ); - mbedtls_mpi_core_cond_assign( X->p, X->n, Y->p, Y->n, assign ); + mbedtls_mpi_core_cond_assign( X->p, Y->p, Y->n, assign ); + + for( size_t i = Y->n; i < X->n; i++ ) + X->p[i] &= ~limb_mask; cleanup: return( ret ); diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 1bb54e10c..9cb2d9096 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -786,7 +786,7 @@ void mpi_core_cond_assign( data_t * input_X, TEST_CF_SECRET( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_SECRET( Y, len_Y * sizeof( mbedtls_mpi_uint ) ); - mbedtls_mpi_core_cond_assign( X, len_X, Y, len_Y, cond ); + mbedtls_mpi_core_cond_assign( X, Y, len_Y, cond ); TEST_CF_PUBLIC( X, len_X * sizeof( mbedtls_mpi_uint ) ); TEST_CF_PUBLIC( Y, len_Y * sizeof( mbedtls_mpi_uint ) );