Add mbedtls_ct_memcmp_partial
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
parent
d26a3d6da7
commit
9c14007ac3
2 changed files with 59 additions and 0 deletions
|
@ -141,6 +141,34 @@ int mbedtls_ct_memcmp(const void *a,
|
|||
#endif
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_NIST_KW_C)
|
||||
|
||||
int mbedtls_ct_memcmp_partial(const void *a,
|
||||
const void *b,
|
||||
size_t n,
|
||||
size_t skip_head,
|
||||
size_t skip_tail)
|
||||
{
|
||||
unsigned int diff = 0;
|
||||
|
||||
volatile const unsigned char *A = (volatile const unsigned char *) a;
|
||||
volatile const unsigned char *B = (volatile const unsigned char *) b;
|
||||
|
||||
size_t valid_end = n - skip_tail;
|
||||
|
||||
for (size_t i = 0; i < n; i++) {
|
||||
unsigned char x = A[i], y = B[i];
|
||||
int d = x ^ y;
|
||||
mbedtls_ct_condition_t valid = mbedtls_ct_bool_and(mbedtls_ct_uint_ge(i, skip_head),
|
||||
mbedtls_ct_uint_lt(i, valid_end));
|
||||
diff |= mbedtls_ct_uint_if_else_0(valid, d);
|
||||
}
|
||||
|
||||
return (int) ((diff & 0xffff) | (diff >> 16));
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
|
||||
|
||||
void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset)
|
||||
|
|
|
@ -492,6 +492,37 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest,
|
|||
size_t n);
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_NIST_KW_C)
|
||||
|
||||
/** Constant-time buffer comparison without branches.
|
||||
*
|
||||
* Similar to mbedtls_ct_memcmp, except that the result only depends on part of
|
||||
* the input data - differences in the head or tail are ignored. Functionally equivalent to:
|
||||
*
|
||||
* memcmp(a + skip_head, b + skip_head, size - skip_head - skip_tail)
|
||||
*
|
||||
* Time taken depends on \p n, but not on \p skip_head or \p skip_tail .
|
||||
*
|
||||
* Behaviour is undefined if ( \p skip_head + \p skip_tail) > \p n.
|
||||
*
|
||||
* \param a Secret. Pointer to the first buffer, containing at least \p n bytes. May not be NULL.
|
||||
* \param b Secret. Pointer to the second buffer, containing at least \p n bytes. May not be NULL.
|
||||
* \param n The number of bytes to examine (total size of the buffers).
|
||||
* \param skip_head Secret. The number of bytes to treat as non-significant at the start of the buffer.
|
||||
* These bytes will still be read.
|
||||
* \param skip_tail Secret. The number of bytes to treat as non-significant at the end of the buffer.
|
||||
* These bytes will still be read.
|
||||
*
|
||||
* \return Zero if the contents of the two buffers are the same, otherwise non-zero.
|
||||
*/
|
||||
int mbedtls_ct_memcmp_partial(const void *a,
|
||||
const void *b,
|
||||
size_t n,
|
||||
size_t skip_head,
|
||||
size_t skip_tail);
|
||||
|
||||
#endif
|
||||
|
||||
/* Include the implementation of static inline functions above. */
|
||||
#include "constant_time_impl.h"
|
||||
|
||||
|
|
Loading…
Reference in a new issue