This is an automated email from the ASF dual-hosted git repository. sandreoli pushed a commit to branch issue74-review-ct in repository https://gitbox.apache.org/repos/asf/incubator-milagro-crypto-c.git
commit 5e809128a6186f80992bd6625d1afa625e0573a6 Author: Samuele Andreoli <[email protected]> AuthorDate: Wed Mar 25 00:50:22 2020 +0000 make comparison and others ct --- include/big.h.in | 6 +++--- src/big.c.in | 56 ++++++++++++++++++++++++++++++++------------------------ src/ff.c.in | 56 ++++++++++++++++++++++++++++++++++++++------------------ src/wcc.c.in | 2 ++ src/wcc192.c.in | 2 ++ src/wcc256.c.in | 2 ++ 6 files changed, 79 insertions(+), 45 deletions(-) diff --git a/include/big.h.in b/include/big.h.in index 7e89b36..f4c7582 100644 --- a/include/big.h.in +++ b/include/big.h.in @@ -61,19 +61,19 @@ typedef chunk DBIG_XXX[DNLEN_XXX]; /**< Define type DBIG as array of chunks */ /* BIG number prototypes */ -/** @brief Tests for BIG equal to zero +/** @brief Tests for BIG equal to zero - input must be normalised * @param x a BIG number @return 1 if zero, else returns 0 */ extern int BIG_XXX_iszilch(BIG_XXX x); -/** @brief Tests for BIG equal to one +/** @brief Tests for BIG equal to one - input must be normalised * @param x a BIG number @return 1 if one, else returns 0 */ extern int BIG_XXX_isunity(BIG_XXX x); -/** @brief Tests for DBIG equal to zero +/** @brief Tests for DBIG equal to zero - input must be normalised * @param x a DBIG number @return 1 if zero, else returns 0 diff --git a/src/big.c.in b/src/big.c.in index 3a7980b..c8c4929 100644 --- a/src/big.c.in +++ b/src/big.c.in @@ -26,28 +26,36 @@ int BIG_XXX_iszilch(BIG_XXX a) { int i; + chunk d = 0; + for (i=0; i<NLEN_XXX; i++) - if (a[i]!=0) return 0; - return 1; + d |= a[i]; + + return (1 & ((d-1)>>BASEBITS_XXX)); } /* test a=1? */ int BIG_XXX_isunity(BIG_XXX a) { int i; + chunk d = 0; + for(i=1; i<NLEN_XXX; i++) - if (a[i]!=0) return 0; - if (a[0]!=1) return 0; - return 1; + d |= a[i]; + + return (1 & ((d-1)>>BASEBITS_XXX) & ((a[0]^1)-1)>>BASEBITS_XXX); } /* test a=0? */ int BIG_XXX_diszilch(DBIG_XXX a) { int i; + chunk d = 0; + for (i=0; i<DNLEN_XXX; i++) - if (a[i]!=0) return 0; - return 1; + d |= a[i]; + + return (1 & ((d-1)>>BASEBITS_XXX)); } /* SU= 56 */ @@ -785,12 +793,7 @@ void BIG_XXX_monty(BIG_XXX a,BIG_XXX md,chunk MC,DBIG_XXX d) chunk m,carry; for (i=0; i<NLEN_XXX; i++) { - if (MC==-1) m=(-d[i])&BMASK_XXX; - else - { - if (MC==1) m=d[i]; - else m=(MC*d[i])&BMASK_XXX; - } + m = (MC*d[i])&BMASK_XXX; carry=0; for (j=0; j<NLEN_XXX; j++) carry=muladd_XXX(m,md[j],carry,&d[i+j]); @@ -1014,25 +1017,31 @@ void BIG_XXX_dnorm(DBIG_XXX a) int BIG_XXX_comp(BIG_XXX a,BIG_XXX b) { int i; - for (i=NLEN_XXX-1; i>=0; i--) + chunk gt = 0; + chunk eq = 1; + + for (i = NLEN_XXX-1; i>=0; i--) { - if (a[i]==b[i]) continue; - if (a[i]>b[i]) return 1; - else return -1; + gt |= ((b[i]-a[i]) >> BASEBITS_XXX) & eq; + eq &= ((b[i]^a[i])-1) >> BASEBITS_XXX; } - return 0; + + return (int)(gt+gt+eq-1); } int BIG_XXX_dcomp(DBIG_XXX a,DBIG_XXX b) { int i; + chunk gt = 0; + chunk eq = 1; + for (i=DNLEN_XXX-1; i>=0; i--) { - if (a[i]==b[i]) continue; - if (a[i]>b[i]) return 1; - else return -1; + gt |= ((b[i]-a[i]) >> BASEBITS_XXX) & eq; + eq &= ((b[i]^a[i])-1) >> BASEBITS_XXX; } - return 0; + + return (int)(gt+gt+eq-1); } /* return number of bits in a */ @@ -1231,8 +1240,7 @@ int BIG_XXX_parity(BIG_XXX a) /* SU= 16 */ int BIG_XXX_bit(BIG_XXX a,int n) { - if (a[n/BASEBITS_XXX]&((chunk)1<<(n%BASEBITS_XXX))) return 1; - else return 0; + return ((int)(a[n/BASEBITS_XXX]>>(n%BASEBITS_XXX))) & 1; } /* return last n bits of a, where n is small < BASEBITS */ diff --git a/src/ff.c.in b/src/ff.c.in index 3f83bc2..50a2e81 100644 --- a/src/ff.c.in +++ b/src/ff.c.in @@ -71,9 +71,12 @@ void FF_WWW_zero(BIG_XXX x[],int n) int FF_WWW_iszilch(BIG_XXX x[],int n) { int i; + int rc = 1; + for (i=0; i<n; i++) - if (!BIG_XXX_iszilch(x[i])) return 0; - return 1; + rc &= BIG_XXX_iszilch(x[i]); + + return rc; } /* shift right by BIGBITS-bit words */ @@ -137,13 +140,19 @@ void FF_WWW_init(BIG_XXX x[],sign32 m,int n) /* compare x and y - must be normalised */ int FF_WWW_comp(BIG_XXX x[],BIG_XXX y[],int n) { - int i,j; + int i; + int c; + int eq = 1; + int gt = 0; + for (i=n-1; i>=0; i--) { - j=BIG_XXX_comp(x[i],y[i]); - if (j!=0) return j; + c = BIG_XXX_comp(x[i],y[i]); + gt += eq * (c * c + c); + eq *= 1 - c * c; } - return 0; + + return gt + eq - 1; } /* recursive add */ @@ -305,6 +314,15 @@ static void FF_WWW_cswap(BIG_XXX a[],BIG_XXX b[],int d,int n) return; } +/* copy b to a - side channel resistant */ +static void FF_WWW_cmove(BIG_XXX a[],BIG_XXX b[],int d,int n) +{ + int i; + for (i=0; i<n; i++) + BIG_XXX_cmove(a[i],b[i],d); + return; +} + /* z=x*y, t is workspace */ static void FF_WWW_karmul(BIG_XXX z[],int zp,BIG_XXX x[],int xp,BIG_XXX y[],int yp,BIG_XXX t[],int tp,int n) { @@ -425,6 +443,12 @@ void FF_WWW_mod(BIG_XXX b[],BIG_XXX c[],int n) { int k=0; +#ifndef C99 + BIG_XXX r[FFLEN_WWW]; +#else + BIG_XXX r[n]; +#endif + FF_WWW_norm(b,n); if (FF_WWW_comp(b,c,n)<0) return; @@ -438,11 +462,9 @@ void FF_WWW_mod(BIG_XXX b[],BIG_XXX c[],int n) while (k>0) { FF_WWW_shr(c,n); - if (FF_WWW_comp(b,c,n)>=0) - { - FF_WWW_sub(b,b,c,n); - FF_WWW_norm(b,n); - } + FF_WWW_sub(r,b,c,n); + FF_WWW_norm(r,n); + FF_WWW_cmove(b,r,FF_WWW_comp(b,c,n)>=0,n); k--; } } @@ -488,9 +510,11 @@ void FF_WWW_dmod(BIG_XXX r[],BIG_XXX a[],BIG_XXX b[],int n) { int k; #ifndef C99 + BIG_XXX s[2*FFLEN_WWW]; BIG_XXX m[2*FFLEN_WWW]; BIG_XXX x[2*FFLEN_WWW]; #else + BIG_XXX s[2*n]; BIG_XXX m[2*n]; BIG_XXX x[2*n]; #endif @@ -508,13 +532,9 @@ void FF_WWW_dmod(BIG_XXX r[],BIG_XXX a[],BIG_XXX b[],int n) while (k>0) { FF_WWW_shr(m,2*n); - - if (FF_WWW_comp(x,m,2*n)>=0) - { - FF_WWW_sub(x,x,m,2*n); - FF_WWW_norm(x,2*n); - } - + FF_WWW_sub(s,x,m,2*n); + FF_WWW_norm(s,2*n); + FF_WWW_cmove(x,s,FF_WWW_comp(x,m,2*n)>=0,2*n); k--; } FF_WWW_copy(r,x,n); diff --git a/src/wcc.c.in b/src/wcc.c.in index 4b42a43..1b5ef03 100644 --- a/src/wcc.c.in +++ b/src/wcc.c.in @@ -155,6 +155,7 @@ int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, octet *pibOct, octet // z = x + pia BIG_XXX_add(z,x,pia); + BIG_XXX_norm(z); // (x+pia).AKeyG1 PAIR_ZZZ_G1mul(&sAG1,z); @@ -244,6 +245,7 @@ int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, octet *piaOct, octe // y = y + pib BIG_XXX_add(y,y,pib); + BIG_XXX_norm(y); // (y+pib).BKeyG2 PAIR_ZZZ_G2mul(&sBG2,y); diff --git a/src/wcc192.c.in b/src/wcc192.c.in index f08eae7..e11ecd4 100644 --- a/src/wcc192.c.in +++ b/src/wcc192.c.in @@ -155,6 +155,7 @@ int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, octet *pibOct, octet // z = x + pia BIG_XXX_add(z,x,pia); + BIG_XXX_norm(z); // (x+pia).AKeyG1 PAIR_ZZZ_G1mul(&sAG1,z); @@ -256,6 +257,7 @@ int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, octet *piaOct, octe // y = y + pib BIG_XXX_add(y,y,pib); + BIG_XXX_norm(y); // (y+pib).BKeyG2 PAIR_ZZZ_G2mul(&sBG2,y); diff --git a/src/wcc256.c.in b/src/wcc256.c.in index 0e1d345..374adcb 100644 --- a/src/wcc256.c.in +++ b/src/wcc256.c.in @@ -155,6 +155,7 @@ int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, octet *pibOct, octet // z = x + pia BIG_XXX_add(z,x,pia); + BIG_XXX_norm(z); // (x+pia).AKeyG1 PAIR_ZZZ_G1mul(&sAG1,z); @@ -279,6 +280,7 @@ int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, octet *piaOct, octe // y = y + pib BIG_XXX_add(y,y,pib); + BIG_XXX_norm(y); // (y+pib).BKeyG2 PAIR_ZZZ_G2mul(&sBG2,y);
