Add mbedtls_mpi_core_ct_uint_table_lookup

This will be needed for extracting modular exponentiation from the prototype. The function signature is kept aligned to the prototype, but the implementation is new. (The implementation of this function in the prototype has further optimisations which are out of scope for now.) The function is not reused in the bignum counterpart as it will become redundant soon. This function is meant to be static, but doesn't have the qualifier as it is not used yet and would cause compiler warnings. The MBEDTLS_STATIC_TESTABLE macro will be added in a later commit. Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-26 15:14:33 +01:00 · 2022-10-26 15:14:33 +01:00 · e50f2f1a8e
commit e50f2f1a8e
parent 2dc2757cca
2 changed files with 33 additions and 0 deletions
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@ -540,4 +540,18 @@ cleanup:
    return( ret );
 }

+void mbedtls_mpi_core_ct_uint_table_lookup( mbedtls_mpi_uint *dest,
+                                        const mbedtls_mpi_uint *table,
+                                        size_t limbs,
+                                        size_t count,
+                                        size_t index )
+{
+    for( size_t i = 0; i < count; i++ )
+    {
+        unsigned char assign = mbedtls_ct_size_bool_eq( i, index );
+        const mbedtls_mpi_uint *current = table + i * limbs;
+        mbedtls_mpi_core_cond_assign( dest, current, limbs, assign );
+    }
+}
+
 #endif /* MBEDTLS_BIGNUM_C */
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@ -452,4 +452,23 @@ void mbedtls_mpi_core_montmul( mbedtls_mpi_uint *X,
 int mbedtls_mpi_core_get_mont_r2_unsafe( mbedtls_mpi *X,
                                         const mbedtls_mpi *N );

+/**
+ * Select an MPI from a table without leaking the index.
+ *
+ * \param dest              The destination buffer. This must point to a writable
+ *                          buffer of at least \p limbs limbs.
+ * \param table             The address of the table. This must point to a readable
+ *                          array of \p count elements of
+ *                          \p limbs limbs each each.
+ * \param limbs             The length of a table entry in limbs.
+ * \param count             The number of elements in \p table.
+ * \param index             The secret table index to look up. This must be in the
+ *                          range `0,..,count-1`.
+ */
+void mbedtls_mpi_core_ct_uint_table_lookup( mbedtls_mpi_uint *dest,
+                                            const mbedtls_mpi_uint *table,
+                                            size_t limbs,
+                                            size_t count,
+                                            size_t index );
+
 #endif /* MBEDTLS_BIGNUM_CORE_H */