You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by sa...@apache.org on 2020/03/25 09:51:22 UTC
[incubator-milagro-crypto-c] 01/02: make comparison and others ct
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch issue74-review-ct
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-crypto-c.git
commit 5e809128a6186f80992bd6625d1afa625e0573a6
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Wed Mar 25 00:50:22 2020 +0000
make comparison and others ct
---
include/big.h.in | 6 +++---
src/big.c.in | 56 ++++++++++++++++++++++++++++++++------------------------
src/ff.c.in | 56 ++++++++++++++++++++++++++++++++++++++------------------
src/wcc.c.in | 2 ++
src/wcc192.c.in | 2 ++
src/wcc256.c.in | 2 ++
6 files changed, 79 insertions(+), 45 deletions(-)
diff --git a/include/big.h.in b/include/big.h.in
index 7e89b36..f4c7582 100644
--- a/include/big.h.in
+++ b/include/big.h.in
@@ -61,19 +61,19 @@ typedef chunk DBIG_XXX[DNLEN_XXX]; /**< Define type DBIG as array of chunks */
/* BIG number prototypes */
-/** @brief Tests for BIG equal to zero
+/** @brief Tests for BIG equal to zero - input must be normalised
*
@param x a BIG number
@return 1 if zero, else returns 0
*/
extern int BIG_XXX_iszilch(BIG_XXX x);
-/** @brief Tests for BIG equal to one
+/** @brief Tests for BIG equal to one - input must be normalised
*
@param x a BIG number
@return 1 if one, else returns 0
*/
extern int BIG_XXX_isunity(BIG_XXX x);
-/** @brief Tests for DBIG equal to zero
+/** @brief Tests for DBIG equal to zero - input must be normalised
*
@param x a DBIG number
@return 1 if zero, else returns 0
diff --git a/src/big.c.in b/src/big.c.in
index 3a7980b..c8c4929 100644
--- a/src/big.c.in
+++ b/src/big.c.in
@@ -26,28 +26,36 @@
int BIG_XXX_iszilch(BIG_XXX a)
{
int i;
+ chunk d = 0;
+
for (i=0; i<NLEN_XXX; i++)
- if (a[i]!=0) return 0;
- return 1;
+ d |= a[i];
+
+ return (1 & ((d-1)>>BASEBITS_XXX));
}
/* test a=1? */
int BIG_XXX_isunity(BIG_XXX a)
{
int i;
+ chunk d = 0;
+
for(i=1; i<NLEN_XXX; i++)
- if (a[i]!=0) return 0;
- if (a[0]!=1) return 0;
- return 1;
+ d |= a[i];
+
+ return (1 & ((d-1)>>BASEBITS_XXX) & ((a[0]^1)-1)>>BASEBITS_XXX);
}
/* test a=0? */
int BIG_XXX_diszilch(DBIG_XXX a)
{
int i;
+ chunk d = 0;
+
for (i=0; i<DNLEN_XXX; i++)
- if (a[i]!=0) return 0;
- return 1;
+ d |= a[i];
+
+ return (1 & ((d-1)>>BASEBITS_XXX));
}
/* SU= 56 */
@@ -785,12 +793,7 @@ void BIG_XXX_monty(BIG_XXX a,BIG_XXX md,chunk MC,DBIG_XXX d)
chunk m,carry;
for (i=0; i<NLEN_XXX; i++)
{
- if (MC==-1) m=(-d[i])&BMASK_XXX;
- else
- {
- if (MC==1) m=d[i];
- else m=(MC*d[i])&BMASK_XXX;
- }
+ m = (MC*d[i])&BMASK_XXX;
carry=0;
for (j=0; j<NLEN_XXX; j++)
carry=muladd_XXX(m,md[j],carry,&d[i+j]);
@@ -1014,25 +1017,31 @@ void BIG_XXX_dnorm(DBIG_XXX a)
int BIG_XXX_comp(BIG_XXX a,BIG_XXX b)
{
int i;
- for (i=NLEN_XXX-1; i>=0; i--)
+ chunk gt = 0;
+ chunk eq = 1;
+
+ for (i = NLEN_XXX-1; i>=0; i--)
{
- if (a[i]==b[i]) continue;
- if (a[i]>b[i]) return 1;
- else return -1;
+ gt |= ((b[i]-a[i]) >> BASEBITS_XXX) & eq;
+ eq &= ((b[i]^a[i])-1) >> BASEBITS_XXX;
}
- return 0;
+
+ return (int)(gt+gt+eq-1);
}
int BIG_XXX_dcomp(DBIG_XXX a,DBIG_XXX b)
{
int i;
+ chunk gt = 0;
+ chunk eq = 1;
+
for (i=DNLEN_XXX-1; i>=0; i--)
{
- if (a[i]==b[i]) continue;
- if (a[i]>b[i]) return 1;
- else return -1;
+ gt |= ((b[i]-a[i]) >> BASEBITS_XXX) & eq;
+ eq &= ((b[i]^a[i])-1) >> BASEBITS_XXX;
}
- return 0;
+
+ return (int)(gt+gt+eq-1);
}
/* return number of bits in a */
@@ -1231,8 +1240,7 @@ int BIG_XXX_parity(BIG_XXX a)
/* SU= 16 */
int BIG_XXX_bit(BIG_XXX a,int n)
{
- if (a[n/BASEBITS_XXX]&((chunk)1<<(n%BASEBITS_XXX))) return 1;
- else return 0;
+ return ((int)(a[n/BASEBITS_XXX]>>(n%BASEBITS_XXX))) & 1;
}
/* return last n bits of a, where n is small < BASEBITS */
diff --git a/src/ff.c.in b/src/ff.c.in
index 3f83bc2..50a2e81 100644
--- a/src/ff.c.in
+++ b/src/ff.c.in
@@ -71,9 +71,12 @@ void FF_WWW_zero(BIG_XXX x[],int n)
int FF_WWW_iszilch(BIG_XXX x[],int n)
{
int i;
+ int rc = 1;
+
for (i=0; i<n; i++)
- if (!BIG_XXX_iszilch(x[i])) return 0;
- return 1;
+ rc &= BIG_XXX_iszilch(x[i]);
+
+ return rc;
}
/* shift right by BIGBITS-bit words */
@@ -137,13 +140,19 @@ void FF_WWW_init(BIG_XXX x[],sign32 m,int n)
/* compare x and y - must be normalised */
int FF_WWW_comp(BIG_XXX x[],BIG_XXX y[],int n)
{
- int i,j;
+ int i;
+ int c;
+ int eq = 1;
+ int gt = 0;
+
for (i=n-1; i>=0; i--)
{
- j=BIG_XXX_comp(x[i],y[i]);
- if (j!=0) return j;
+ c = BIG_XXX_comp(x[i],y[i]);
+ gt += eq * (c * c + c);
+ eq *= 1 - c * c;
}
- return 0;
+
+ return gt + eq - 1;
}
/* recursive add */
@@ -305,6 +314,15 @@ static void FF_WWW_cswap(BIG_XXX a[],BIG_XXX b[],int d,int n)
return;
}
+/* copy b to a - side channel resistant */
+static void FF_WWW_cmove(BIG_XXX a[],BIG_XXX b[],int d,int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ BIG_XXX_cmove(a[i],b[i],d);
+ return;
+}
+
/* z=x*y, t is workspace */
static void FF_WWW_karmul(BIG_XXX z[],int zp,BIG_XXX x[],int xp,BIG_XXX y[],int yp,BIG_XXX t[],int tp,int n)
{
@@ -425,6 +443,12 @@ void FF_WWW_mod(BIG_XXX b[],BIG_XXX c[],int n)
{
int k=0;
+#ifndef C99
+ BIG_XXX r[FFLEN_WWW];
+#else
+ BIG_XXX r[n];
+#endif
+
FF_WWW_norm(b,n);
if (FF_WWW_comp(b,c,n)<0)
return;
@@ -438,11 +462,9 @@ void FF_WWW_mod(BIG_XXX b[],BIG_XXX c[],int n)
while (k>0)
{
FF_WWW_shr(c,n);
- if (FF_WWW_comp(b,c,n)>=0)
- {
- FF_WWW_sub(b,b,c,n);
- FF_WWW_norm(b,n);
- }
+ FF_WWW_sub(r,b,c,n);
+ FF_WWW_norm(r,n);
+ FF_WWW_cmove(b,r,FF_WWW_comp(b,c,n)>=0,n);
k--;
}
}
@@ -488,9 +510,11 @@ void FF_WWW_dmod(BIG_XXX r[],BIG_XXX a[],BIG_XXX b[],int n)
{
int k;
#ifndef C99
+ BIG_XXX s[2*FFLEN_WWW];
BIG_XXX m[2*FFLEN_WWW];
BIG_XXX x[2*FFLEN_WWW];
#else
+ BIG_XXX s[2*n];
BIG_XXX m[2*n];
BIG_XXX x[2*n];
#endif
@@ -508,13 +532,9 @@ void FF_WWW_dmod(BIG_XXX r[],BIG_XXX a[],BIG_XXX b[],int n)
while (k>0)
{
FF_WWW_shr(m,2*n);
-
- if (FF_WWW_comp(x,m,2*n)>=0)
- {
- FF_WWW_sub(x,x,m,2*n);
- FF_WWW_norm(x,2*n);
- }
-
+ FF_WWW_sub(s,x,m,2*n);
+ FF_WWW_norm(s,2*n);
+ FF_WWW_cmove(x,s,FF_WWW_comp(x,m,2*n)>=0,2*n);
k--;
}
FF_WWW_copy(r,x,n);
diff --git a/src/wcc.c.in b/src/wcc.c.in
index 4b42a43..1b5ef03 100644
--- a/src/wcc.c.in
+++ b/src/wcc.c.in
@@ -155,6 +155,7 @@ int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, octet *pibOct, octet
// z = x + pia
BIG_XXX_add(z,x,pia);
+ BIG_XXX_norm(z);
// (x+pia).AKeyG1
PAIR_ZZZ_G1mul(&sAG1,z);
@@ -244,6 +245,7 @@ int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, octet *piaOct, octe
// y = y + pib
BIG_XXX_add(y,y,pib);
+ BIG_XXX_norm(y);
// (y+pib).BKeyG2
PAIR_ZZZ_G2mul(&sBG2,y);
diff --git a/src/wcc192.c.in b/src/wcc192.c.in
index f08eae7..e11ecd4 100644
--- a/src/wcc192.c.in
+++ b/src/wcc192.c.in
@@ -155,6 +155,7 @@ int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, octet *pibOct, octet
// z = x + pia
BIG_XXX_add(z,x,pia);
+ BIG_XXX_norm(z);
// (x+pia).AKeyG1
PAIR_ZZZ_G1mul(&sAG1,z);
@@ -256,6 +257,7 @@ int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, octet *piaOct, octe
// y = y + pib
BIG_XXX_add(y,y,pib);
+ BIG_XXX_norm(y);
// (y+pib).BKeyG2
PAIR_ZZZ_G2mul(&sBG2,y);
diff --git a/src/wcc256.c.in b/src/wcc256.c.in
index 0e1d345..374adcb 100644
--- a/src/wcc256.c.in
+++ b/src/wcc256.c.in
@@ -155,6 +155,7 @@ int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, octet *pibOct, octet
// z = x + pia
BIG_XXX_add(z,x,pia);
+ BIG_XXX_norm(z);
// (x+pia).AKeyG1
PAIR_ZZZ_G1mul(&sAG1,z);
@@ -279,6 +280,7 @@ int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, octet *piaOct, octe
// y = y + pib
BIG_XXX_add(y,y,pib);
+ BIG_XXX_norm(y);
// (y+pib).BKeyG2
PAIR_ZZZ_G2mul(&sBG2,y);