/* crypto/constant_time_locl.h */
-/*
+/*-
* Utilities for constant-time cryptography.
*
* Author: Emilia Kasper (emilia@openssl.org)
*/
#ifndef HEADER_CONSTANT_TIME_LOCL_H
-#define HEADER_CONSTANT_TIME_LOCL_H
+# define HEADER_CONSTANT_TIME_LOCL_H
-#include "e_os.h" /* For 'inline' */
+# include "e_os.h" /* For 'inline' */
#ifdef __cplusplus
extern "C" {
#endif
-/*
+/*-
* The boolean methods return a bitmask of all ones (0xff...f) for true
* and 0 for false. This is useful for choosing a value based on the result
* of a conditional in constant time. For example,
*/
static inline unsigned int constant_time_lt(unsigned int a, unsigned int b);
/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b);
+static inline unsigned char constant_time_lt_8(unsigned int a,
+ unsigned int b);
/*
* Returns 0xff..f if a >= b and 0 otherwise.
*/
static inline unsigned int constant_time_ge(unsigned int a, unsigned int b);
/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b);
+static inline unsigned char constant_time_ge_8(unsigned int a,
+ unsigned int b);
/*
* Returns 0xff..f if a == 0 and 0 otherwise.
/* Convenience method for getting an 8-bit mask. */
static inline unsigned char constant_time_is_zero_8(unsigned int a);
-
/*
* Returns 0xff..f if a == b and 0 otherwise.
*/
static inline unsigned int constant_time_eq(unsigned int a, unsigned int b);
/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b);
+static inline unsigned char constant_time_eq_8(unsigned int a,
+ unsigned int b);
/* Signed integers. */
static inline unsigned int constant_time_eq_int(int a, int b);
/* Convenience method for getting an 8-bit mask. */
static inline unsigned char constant_time_eq_int_8(int a, int b);
-
-/*
+/*-
* Returns (mask & a) | (~mask & b).
*
* When |mask| is all 1s or all 0s (as returned by the methods above),
* (if |mask| is zero).
*/
static inline unsigned int constant_time_select(unsigned int mask,
- unsigned int a, unsigned int b);
+ unsigned int a,
+ unsigned int b);
/* Convenience method for unsigned chars. */
static inline unsigned char constant_time_select_8(unsigned char mask,
- unsigned char a, unsigned char b);
+ unsigned char a,
+ unsigned char b);
/* Convenience method for signed integers. */
static inline int constant_time_select_int(unsigned int mask, int a, int b);
static inline unsigned int constant_time_msb(unsigned int a)
- {
- return (unsigned int)((int)(a) >> (sizeof(int) * 8 - 1));
- }
+{
+ return 0 - (a >> (sizeof(a) * 8 - 1));
+}
static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
- {
- unsigned int lt;
- /* Case 1: msb(a) == msb(b). a < b iff the MSB of a - b is set.*/
- lt = ~(a ^ b) & (a - b);
- /* Case 2: msb(a) != msb(b). a < b iff the MSB of b is set. */
- lt |= ~a & b;
- return constant_time_msb(lt);
- }
+{
+ return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
- {
- return (unsigned char)(constant_time_lt(a, b));
- }
+{
+ return (unsigned char)(constant_time_lt(a, b));
+}
static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
- {
- unsigned int ge;
- /* Case 1: msb(a) == msb(b). a >= b iff the MSB of a - b is not set.*/
- ge = ~((a ^ b) | (a - b));
- /* Case 2: msb(a) != msb(b). a >= b iff the MSB of a is set. */
- ge |= a & ~b;
- return constant_time_msb(ge);
- }
+{
+ return ~constant_time_lt(a, b);
+}
static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
- {
- return (unsigned char)(constant_time_ge(a, b));
- }
+{
+ return (unsigned char)(constant_time_ge(a, b));
+}
static inline unsigned int constant_time_is_zero(unsigned int a)
- {
- return constant_time_msb(~a & (a - 1));
- }
+{
+ return constant_time_msb(~a & (a - 1));
+}
static inline unsigned char constant_time_is_zero_8(unsigned int a)
- {
- return (unsigned char)(constant_time_is_zero(a));
- }
+{
+ return (unsigned char)(constant_time_is_zero(a));
+}
static inline unsigned int constant_time_eq(unsigned int a, unsigned int b)
- {
- return constant_time_is_zero(a ^ b);
- }
+{
+ return constant_time_is_zero(a ^ b);
+}
static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b)
- {
- return (unsigned char)(constant_time_eq(a, b));
- }
+{
+ return (unsigned char)(constant_time_eq(a, b));
+}
static inline unsigned int constant_time_eq_int(int a, int b)
- {
- return constant_time_eq((unsigned)(a), (unsigned)(b));
- }
+{
+ return constant_time_eq((unsigned)(a), (unsigned)(b));
+}
static inline unsigned char constant_time_eq_int_8(int a, int b)
- {
- return constant_time_eq_8((unsigned)(a), (unsigned)(b));
- }
+{
+ return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+}
static inline unsigned int constant_time_select(unsigned int mask,
- unsigned int a, unsigned int b)
- {
- return (mask & a) | (~mask & b);
- }
+ unsigned int a,
+ unsigned int b)
+{
+ return (mask & a) | (~mask & b);
+}
static inline unsigned char constant_time_select_8(unsigned char mask,
- unsigned char a, unsigned char b)
- {
- return (unsigned char)(constant_time_select(mask, a, b));
- }
+ unsigned char a,
+ unsigned char b)
+{
+ return (unsigned char)(constant_time_select(mask, a, b));
+}
static inline int constant_time_select_int(unsigned int mask, int a, int b)
- {
- return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
- }
+{
+ return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
+}
#ifdef __cplusplus
}
#endif
-#endif /* HEADER_CONSTANT_TIME_LOCL_H */
+#endif /* HEADER_CONSTANT_TIME_LOCL_H */
projects / openssl.git / blobdiff