From 38f8b913359c38a442ac9be0a7ffd696785d0ac4 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Wed, 15 Jan 2014 22:05:18 +0900 Subject: [PATCH] bn.c: constant time --- ChangeLog | 5 +++++ src/bn.c | 34 ++++++++++++++-------------------- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index de62933..720b84e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2014-01-15 Niibe Yutaka + + * src/bn.c (bn256_is_zero, bn256_is_ge, bn256_cmp): Computation + should be constant time. + 2013-12-25 Niibe Yutaka * VERSION: 1.1.1. diff --git a/src/bn.c b/src/bn.c index eadee7f..7bc1628 100644 --- a/src/bn.c +++ b/src/bn.c @@ -1,7 +1,7 @@ /* * bn.c -- 256-bit (and 512-bit) bignum calculation * - * Copyright (C) 2011, 2013 Free Software Initiative of Japan + * Copyright (C) 2011, 2013, 2014 Free Software Initiative of Japan * Author: NIIBE Yutaka * * This file is a part of Gnuk, a GnuPG USB Token implementation. @@ -278,12 +278,12 @@ int bn256_is_zero (const bn256 *X) { int i; + int r = 1; for (i = 0; i < BN256_WORDS; i++) - if (X->words[i] != 0) - return 0; + r &= (X->words[i] == 0); - return 1; + return r; } int @@ -295,30 +295,24 @@ bn256_is_even (const bn256 *X) int bn256_is_ge (const bn256 *A, const bn256 *B) { - int i; + uint32_t borrow; + bn256 tmp[1]; - for (i = BN256_WORDS - 1; i >= 0; i--) - if (A->words[i] > B->words[i]) - return 1; - else if (A->words[i] < B->words[i]) - return 0; - - return 1; + borrow = bn256_sub (tmp, A, B); + return borrow == 0; } int bn256_cmp (const bn256 *A, const bn256 *B) { - int i; + uint32_t borrow; + int is_zero; + bn256 tmp[1]; - for (i = BN256_WORDS - 1; i >= 0; i--) - if (A->words[i] > B->words[i]) - return 1; - else if (A->words[i] < B->words[i]) - return -1; - - return 0; + borrow = bn256_sub (tmp, A, B); + is_zero = bn256_is_zero (tmp); + return is_zero ? 0 : (borrow ? -1 : 1); }