diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2021-04-26 16:53:53 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2021-04-26 16:53:53 +0200 |
| commit | b3b1713a58dab938524e263426004ab0aca112a8 (patch) | |
| tree | 5a1bd60169546051eca0d1dc91c041a979505a57 | |
| parent | 4d3a5c135cfeab5b462c03b8269a99682d71b4af (diff) | |
| download | busybox-w32-b3b1713a58dab938524e263426004ab0aca112a8.tar.gz busybox-w32-b3b1713a58dab938524e263426004ab0aca112a8.tar.bz2 busybox-w32-b3b1713a58dab938524e263426004ab0aca112a8.zip | |
tls: in P256 replace constant-time compares with usual ones
function old new delta
sp_256_cmp_10 - 24 +24
sp_256_ecc_mulmod_10 1332 1329 -3
sp_256_cmp_equal_10 30 - -30
static.sp_256_cmp_10 43 - -43
------------------------------------------------------------------------------
(add/remove: 1/2 grow/shrink: 0/1 up/down: 24/-76) Total: -52 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | networking/tls_sp_c32.c | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c index ffcb83dcc..c151eea27 100644 --- a/networking/tls_sp_c32.c +++ b/networking/tls_sp_c32.c | |||
| @@ -159,17 +159,20 @@ static void sp_256_point_from_bin2x32(sp_point* p, const uint8_t *bin2x32) | |||
| 159 | p->z[0] = 1; | 159 | p->z[0] = 1; |
| 160 | } | 160 | } |
| 161 | 161 | ||
| 162 | /* Compare a with b in constant time. | 162 | /* Compare a with b. |
| 163 | * | 163 | * |
| 164 | * return -ve, 0 or +ve if a is less than, equal to or greater than b | 164 | * return -ve, 0 or +ve if a is less than, equal to or greater than b |
| 165 | * respectively. | 165 | * respectively. |
| 166 | */ | 166 | */ |
| 167 | static sp_digit sp_256_cmp_10(const sp_digit* a, const sp_digit* b) | 167 | static sp_digit sp_256_cmp_10(const sp_digit* a, const sp_digit* b) |
| 168 | { | 168 | { |
| 169 | sp_digit r = 0; | 169 | sp_digit r; |
| 170 | int i; | 170 | int i; |
| 171 | for (i = 9; i >= 0; i--) | 171 | for (i = 9; i >= 0; i--) { |
| 172 | r |= (a[i] - b[i]) & (0 - !r); | 172 | r = a[i] - b[i]; |
| 173 | if (r != 0) | ||
| 174 | break; | ||
| 175 | } | ||
| 173 | return r; | 176 | return r; |
| 174 | } | 177 | } |
| 175 | 178 | ||
| @@ -179,15 +182,7 @@ static sp_digit sp_256_cmp_10(const sp_digit* a, const sp_digit* b) | |||
| 179 | */ | 182 | */ |
| 180 | static int sp_256_cmp_equal_10(const sp_digit* a, const sp_digit* b) | 183 | static int sp_256_cmp_equal_10(const sp_digit* a, const sp_digit* b) |
| 181 | { | 184 | { |
| 182 | #if 1 | ||
| 183 | sp_digit r = 0; | ||
| 184 | int i; | ||
| 185 | for (i = 0; i < 10; i++) | ||
| 186 | r |= (a[i] ^ b[i]); | ||
| 187 | return r == 0; | ||
| 188 | #else | ||
| 189 | return sp_256_cmp_10(a, b) == 0; | 185 | return sp_256_cmp_10(a, b) == 0; |
| 190 | #endif | ||
| 191 | } | 186 | } |
| 192 | 187 | ||
| 193 | /* Normalize the values in each word to 26 bits. */ | 188 | /* Normalize the values in each word to 26 bits. */ |
| @@ -710,8 +705,8 @@ static void sp_256_proj_point_add_10(sp_point* r, sp_point* p, sp_point* q, | |||
| 710 | sp_256_sub_10(t1, p256_mod, q->y); | 705 | sp_256_sub_10(t1, p256_mod, q->y); |
| 711 | sp_256_norm_10(t1); | 706 | sp_256_norm_10(t1); |
| 712 | if (sp_256_cmp_equal_10(p->x, q->x) | 707 | if (sp_256_cmp_equal_10(p->x, q->x) |
| 713 | & sp_256_cmp_equal_10(p->z, q->z) | 708 | && sp_256_cmp_equal_10(p->z, q->z) |
| 714 | & (sp_256_cmp_equal_10(p->y, q->y) | sp_256_cmp_equal_10(p->y, t1)) | 709 | && (sp_256_cmp_equal_10(p->y, q->y) || sp_256_cmp_equal_10(p->y, t1)) |
| 715 | ) { | 710 | ) { |
| 716 | sp_256_proj_point_dbl_10(r, p, t); | 711 | sp_256_proj_point_dbl_10(r, p, t); |
| 717 | } | 712 | } |