* cipher/sntrup761.c (Ciphertexts_diff_mask): Use '_gcry_ct_not_memequal' for checking if arrays are different. (sntrup761_dec): Use '_gcry_ct_memmov_cond' for conditionally setting 'r_enc'. --
Signed-off-by: Jussi Kivilinna <[email protected]> --- cipher/sntrup761.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/cipher/sntrup761.c b/cipher/sntrup761.c index 19e4796c..e9c7d707 100644 --- a/cipher/sntrup761.c +++ b/cipher/sntrup761.c @@ -1031,12 +1031,8 @@ sntrup761_enc (unsigned char *c, unsigned char *k, const unsigned char *pk, static int Ciphertexts_diff_mask (const unsigned char *c, const unsigned char *c2) { - uint16_t differentbits = 0; int len = Ciphertexts_bytes + Confirm_bytes; - - while (len-- > 0) - differentbits |= (*c++) ^ (*c2++); - return ct_ulong_gen_mask(ct_is_not_zero(differentbits)); + return ct_ulong_gen_mask(_gcry_ct_not_memequal(c, c2, len)); } /* k = Decap(c,sk) */ @@ -1048,6 +1044,7 @@ sntrup761_dec (unsigned char *k, const unsigned char *c, const unsigned char *sk const unsigned char *cache = rho + Inputs_bytes; Inputs r; unsigned char r_enc[Inputs_bytes]; + unsigned char tmp[Inputs_bytes]; unsigned char cnew[Ciphertexts_bytes + Confirm_bytes]; int mask; int i; @@ -1056,6 +1053,7 @@ sntrup761_dec (unsigned char *k, const unsigned char *c, const unsigned char *sk Hide (cnew, r_enc, r, pk, cache); mask = Ciphertexts_diff_mask (c, cnew); for (i = 0; i < Inputs_bytes; ++i) - r_enc[i] ^= mask & (r_enc[i] ^ rho[i]); + tmp[i] = r_enc[i] ^ rho[i]; + _gcry_ct_memmov_cond (r_enc, tmp, Inputs_bytes, mask & 1); HashSession (k, 1 + mask, r_enc, c); } -- 2.48.1 _______________________________________________ Gcrypt-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
