This is an automated email from the ASF dual-hosted git repository.

sandreoli pushed a commit to branch issue74-review-ct
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-crypto-c.git

commit 5e809128a6186f80992bd6625d1afa625e0573a6
Author: Samuele Andreoli <samuele.andre...@yahoo.it>
AuthorDate: Wed Mar 25 00:50:22 2020 +0000

    make comparison and others ct
---
 include/big.h.in |  6 +++---
 src/big.c.in     | 56 ++++++++++++++++++++++++++++++++------------------------
 src/ff.c.in      | 56 ++++++++++++++++++++++++++++++++++++++------------------
 src/wcc.c.in     |  2 ++
 src/wcc192.c.in  |  2 ++
 src/wcc256.c.in  |  2 ++
 6 files changed, 79 insertions(+), 45 deletions(-)

diff --git a/include/big.h.in b/include/big.h.in
index 7e89b36..f4c7582 100644
--- a/include/big.h.in
+++ b/include/big.h.in
@@ -61,19 +61,19 @@ typedef chunk DBIG_XXX[DNLEN_XXX];   /**< Define type DBIG 
as array of chunks */
 
 /* BIG number prototypes */
 
-/**    @brief Tests for BIG equal to zero
+/**    @brief Tests for BIG equal to zero - input must be normalised
  *
        @param x a BIG number
        @return 1 if zero, else returns 0
  */
 extern int BIG_XXX_iszilch(BIG_XXX x);
-/**    @brief Tests for BIG equal to one
+/**    @brief Tests for BIG equal to one - input must be normalised
  *
        @param x a BIG number
        @return 1 if one, else returns 0
  */
 extern int BIG_XXX_isunity(BIG_XXX x);
-/**    @brief Tests for DBIG equal to zero
+/**    @brief Tests for DBIG equal to zero - input must be normalised
  *
        @param x a DBIG number
        @return 1 if zero, else returns 0
diff --git a/src/big.c.in b/src/big.c.in
index 3a7980b..c8c4929 100644
--- a/src/big.c.in
+++ b/src/big.c.in
@@ -26,28 +26,36 @@
 int BIG_XXX_iszilch(BIG_XXX a)
 {
     int i;
+    chunk d = 0;
+
     for (i=0; i<NLEN_XXX; i++)
-        if (a[i]!=0) return 0;
-    return 1;
+        d |= a[i];
+
+    return (1 & ((d-1)>>BASEBITS_XXX));
 }
 
 /* test a=1? */
 int BIG_XXX_isunity(BIG_XXX a)
 {
     int i;
+    chunk d = 0;
+
     for(i=1; i<NLEN_XXX; i++)
-        if (a[i]!=0) return 0;
-    if (a[0]!=1) return 0;
-    return 1;
+        d |= a[i];
+
+    return (1 & ((d-1)>>BASEBITS_XXX) & ((a[0]^1)-1)>>BASEBITS_XXX);
 }
 
 /* test a=0? */
 int BIG_XXX_diszilch(DBIG_XXX a)
 {
     int i;
+    chunk d = 0;
+
     for (i=0; i<DNLEN_XXX; i++)
-        if (a[i]!=0) return 0;
-    return 1;
+        d |= a[i];
+
+    return (1 & ((d-1)>>BASEBITS_XXX));
 }
 
 /* SU= 56 */
@@ -785,12 +793,7 @@ void BIG_XXX_monty(BIG_XXX a,BIG_XXX md,chunk MC,DBIG_XXX 
d)
     chunk m,carry;
     for (i=0; i<NLEN_XXX; i++)
     {
-        if (MC==-1) m=(-d[i])&BMASK_XXX;
-        else
-        {
-            if (MC==1) m=d[i];
-            else m=(MC*d[i])&BMASK_XXX;
-        }
+        m = (MC*d[i])&BMASK_XXX;
         carry=0;
         for (j=0; j<NLEN_XXX; j++)
             carry=muladd_XXX(m,md[j],carry,&d[i+j]);
@@ -1014,25 +1017,31 @@ void BIG_XXX_dnorm(DBIG_XXX a)
 int BIG_XXX_comp(BIG_XXX a,BIG_XXX b)
 {
     int i;
-    for (i=NLEN_XXX-1; i>=0; i--)
+    chunk gt = 0;
+    chunk eq = 1;
+
+    for (i = NLEN_XXX-1; i>=0; i--)
     {
-        if (a[i]==b[i]) continue;
-        if (a[i]>b[i]) return 1;
-        else  return -1;
+        gt |= ((b[i]-a[i]) >> BASEBITS_XXX) & eq;
+        eq &= ((b[i]^a[i])-1) >> BASEBITS_XXX;
     }
-    return 0;
+
+    return (int)(gt+gt+eq-1);
 }
 
 int BIG_XXX_dcomp(DBIG_XXX a,DBIG_XXX b)
 {
     int i;
+    chunk gt = 0;
+    chunk eq = 1;
+
     for (i=DNLEN_XXX-1; i>=0; i--)
     {
-        if (a[i]==b[i]) continue;
-        if (a[i]>b[i]) return 1;
-        else  return -1;
+        gt |= ((b[i]-a[i]) >> BASEBITS_XXX) & eq;
+        eq &= ((b[i]^a[i])-1) >> BASEBITS_XXX;
     }
-    return 0;
+
+    return (int)(gt+gt+eq-1);
 }
 
 /* return number of bits in a */
@@ -1231,8 +1240,7 @@ int BIG_XXX_parity(BIG_XXX a)
 /* SU= 16 */
 int BIG_XXX_bit(BIG_XXX a,int n)
 {
-    if (a[n/BASEBITS_XXX]&((chunk)1<<(n%BASEBITS_XXX))) return 1;
-    else return 0;
+    return ((int)(a[n/BASEBITS_XXX]>>(n%BASEBITS_XXX))) & 1;
 }
 
 /* return last n bits of a, where n is small < BASEBITS */
diff --git a/src/ff.c.in b/src/ff.c.in
index 3f83bc2..50a2e81 100644
--- a/src/ff.c.in
+++ b/src/ff.c.in
@@ -71,9 +71,12 @@ void FF_WWW_zero(BIG_XXX x[],int n)
 int FF_WWW_iszilch(BIG_XXX x[],int n)
 {
     int i;
+    int rc = 1;
+
     for (i=0; i<n; i++)
-        if (!BIG_XXX_iszilch(x[i])) return 0;
-    return 1;
+        rc &= BIG_XXX_iszilch(x[i]);
+
+    return rc;
 }
 
 /* shift right by BIGBITS-bit words */
@@ -137,13 +140,19 @@ void FF_WWW_init(BIG_XXX x[],sign32 m,int n)
 /* compare x and y - must be normalised */
 int FF_WWW_comp(BIG_XXX x[],BIG_XXX y[],int n)
 {
-    int i,j;
+    int i;
+    int c;
+    int eq = 1;
+    int gt = 0;
+
     for (i=n-1; i>=0; i--)
     {
-        j=BIG_XXX_comp(x[i],y[i]);
-        if (j!=0) return j;
+        c = BIG_XXX_comp(x[i],y[i]);
+        gt += eq * (c * c + c);
+        eq *= 1 - c * c;
     }
-    return 0;
+
+    return gt + eq - 1;
 }
 
 /* recursive add */
@@ -305,6 +314,15 @@ static void FF_WWW_cswap(BIG_XXX a[],BIG_XXX b[],int d,int 
n)
     return;
 }
 
+/* copy b to a - side channel resistant */
+static void FF_WWW_cmove(BIG_XXX a[],BIG_XXX b[],int d,int n)
+{
+    int i;
+    for (i=0; i<n; i++)
+        BIG_XXX_cmove(a[i],b[i],d);
+    return;
+}
+
 /* z=x*y, t is workspace */
 static void FF_WWW_karmul(BIG_XXX z[],int zp,BIG_XXX x[],int xp,BIG_XXX 
y[],int yp,BIG_XXX t[],int tp,int n)
 {
@@ -425,6 +443,12 @@ void FF_WWW_mod(BIG_XXX b[],BIG_XXX c[],int n)
 {
     int k=0;
 
+#ifndef C99
+    BIG_XXX r[FFLEN_WWW];
+#else
+    BIG_XXX r[n];
+#endif
+
     FF_WWW_norm(b,n);
     if (FF_WWW_comp(b,c,n)<0)
         return;
@@ -438,11 +462,9 @@ void FF_WWW_mod(BIG_XXX b[],BIG_XXX c[],int n)
     while (k>0)
     {
         FF_WWW_shr(c,n);
-        if (FF_WWW_comp(b,c,n)>=0)
-        {
-            FF_WWW_sub(b,b,c,n);
-            FF_WWW_norm(b,n);
-        }
+        FF_WWW_sub(r,b,c,n);
+        FF_WWW_norm(r,n);
+        FF_WWW_cmove(b,r,FF_WWW_comp(b,c,n)>=0,n);
         k--;
     }
 }
@@ -488,9 +510,11 @@ void FF_WWW_dmod(BIG_XXX r[],BIG_XXX a[],BIG_XXX b[],int n)
 {
     int k;
 #ifndef C99
+    BIG_XXX s[2*FFLEN_WWW];
     BIG_XXX m[2*FFLEN_WWW];
     BIG_XXX x[2*FFLEN_WWW];
 #else
+    BIG_XXX s[2*n];
     BIG_XXX m[2*n];
     BIG_XXX x[2*n];
 #endif
@@ -508,13 +532,9 @@ void FF_WWW_dmod(BIG_XXX r[],BIG_XXX a[],BIG_XXX b[],int n)
     while (k>0)
     {
         FF_WWW_shr(m,2*n);
-
-        if (FF_WWW_comp(x,m,2*n)>=0)
-        {
-            FF_WWW_sub(x,x,m,2*n);
-            FF_WWW_norm(x,2*n);
-        }
-
+        FF_WWW_sub(s,x,m,2*n);
+        FF_WWW_norm(s,2*n);
+        FF_WWW_cmove(x,s,FF_WWW_comp(x,m,2*n)>=0,2*n);
         k--;
     }
     FF_WWW_copy(r,x,n);
diff --git a/src/wcc.c.in b/src/wcc.c.in
index 4b42a43..1b5ef03 100644
--- a/src/wcc.c.in
+++ b/src/wcc.c.in
@@ -155,6 +155,7 @@ int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, 
octet *pibOct, octet
 
     // z =  x + pia
     BIG_XXX_add(z,x,pia);
+    BIG_XXX_norm(z);
 
     // (x+pia).AKeyG1
     PAIR_ZZZ_G1mul(&sAG1,z);
@@ -244,6 +245,7 @@ int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, 
 octet *piaOct, octe
 
     // y =  y + pib
     BIG_XXX_add(y,y,pib);
+    BIG_XXX_norm(y);
 
     // (y+pib).BKeyG2
     PAIR_ZZZ_G2mul(&sBG2,y);
diff --git a/src/wcc192.c.in b/src/wcc192.c.in
index f08eae7..e11ecd4 100644
--- a/src/wcc192.c.in
+++ b/src/wcc192.c.in
@@ -155,6 +155,7 @@ int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, 
octet *pibOct, octet
 
     // z =  x + pia
     BIG_XXX_add(z,x,pia);
+    BIG_XXX_norm(z);
 
     // (x+pia).AKeyG1
     PAIR_ZZZ_G1mul(&sAG1,z);
@@ -256,6 +257,7 @@ int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, 
 octet *piaOct, octe
 
     // y =  y + pib
     BIG_XXX_add(y,y,pib);
+    BIG_XXX_norm(y);
 
     // (y+pib).BKeyG2
     PAIR_ZZZ_G2mul(&sBG2,y);
diff --git a/src/wcc256.c.in b/src/wcc256.c.in
index 0e1d345..374adcb 100644
--- a/src/wcc256.c.in
+++ b/src/wcc256.c.in
@@ -155,6 +155,7 @@ int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, 
octet *pibOct, octet
 
     // z =  x + pia
     BIG_XXX_add(z,x,pia);
+    BIG_XXX_norm(z);
 
     // (x+pia).AKeyG1
     PAIR_ZZZ_G1mul(&sAG1,z);
@@ -279,6 +280,7 @@ int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, 
 octet *piaOct, octe
 
     // y =  y + pib
     BIG_XXX_add(y,y,pib);
+    BIG_XXX_norm(y);
 
     // (y+pib).BKeyG2
     PAIR_ZZZ_G2mul(&sBG2,y);

Reply via email to