Provide constant time conditional selection between EC_FIELD_ELEMENTs.

Provide a ec_field_element_select() function that allows for constant time conditional selection between two EC_FIELD_ELEMENTs. This will become a building block for constant time point multiplication. ok tb@
author: jsing <> 2025-08-02 15:44:09 +0000
committer: jsing <> 2025-08-02 15:44:09 +0000
commit: 1c7727d98f4279760cde2908bbfe7e06b323c209 (patch)
tree: c8109e9d88fa52c6af035cfe6ce1868562a9cae3 /src/lib/libcrypto/ec/ec_field.c
parent: a79e90e7342954ae2287db505811ca3c1cd336d7 (diff)
download: openbsd-1c7727d98f4279760cde2908bbfe7e06b323c209.tar.gz
openbsd-1c7727d98f4279760cde2908bbfe7e06b323c209.tar.bz2
openbsd-1c7727d98f4279760cde2908bbfe7e06b323c209.zip
1 files changed, 14 insertions, 1 deletions
diff --git a/src/lib/libcrypto/ec/ec_field.c b/src/lib/libcrypto/ec/ec_field.c
index ec1c7d11e0..0513b9f410 100644
--- a/src/lib/libcrypto/ec/ec_field.c
+++ b/src/lib/libcrypto/ec/ec_field.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ec_field.c,v 1.1 2025/05/25 05:12:05 jsing Exp $      */
+/*      $OpenBSD: ec_field.c,v 1.2 2025/08/02 15:44:09 jsing Exp $      */
 /*
 * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
 *
@@ -131,6 +131,19 @@ ec_field_element_copy(EC_FIELD_ELEMENT *dst, const EC_FIELD_ELEMENT *src)
        memcpy(dst, src, sizeof(EC_FIELD_ELEMENT));
 }
+void
+ec_field_element_select(const EC_FIELD_MODULUS *fm, EC_FIELD_ELEMENT *r,
+    const EC_FIELD_ELEMENT *a, const EC_FIELD_ELEMENT *b, int conditional)
+{
+        BN_ULONG mask;
+        int i;
+        mask = bn_ct_eq_zero_mask(conditional);
+        for (i = 0; i < fm->n; i++)
+                r->w[i] = (a->w[i] & mask) | (b->w[i] & ~mask);
+}
 int
 ec_field_element_equal(const EC_FIELD_MODULUS *fm, const EC_FIELD_ELEMENT *a,
    const EC_FIELD_ELEMENT *b)
author	jsing <>	2025-08-02 15:44:09 +0000
committer	jsing <>	2025-08-02 15:44:09 +0000
commit	1c7727d98f4279760cde2908bbfe7e06b323c209 (patch)
tree	c8109e9d88fa52c6af035cfe6ce1868562a9cae3 /src/lib/libcrypto/ec/ec_field.c
parent	a79e90e7342954ae2287db505811ca3c1cd336d7 (diff)
download	openbsd-1c7727d98f4279760cde2908bbfe7e06b323c209.tar.gz openbsd-1c7727d98f4279760cde2908bbfe7e06b323c209.tar.bz2 openbsd-1c7727d98f4279760cde2908bbfe7e06b323c209.zip

diff --git a/src/lib/libcrypto/ec/ec_field.c b/src/lib/libcrypto/ec/ec_field.c index ec1c7d11e0..0513b9f410 100644 --- a/src/lib/libcrypto/ec/ec_field.c +++ b/src/lib/libcrypto/ec/ec_field.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_field.c,v 1.1 2025/05/25 05:12:05 jsing Exp $ */	1	/* $OpenBSD: ec_field.c,v 1.2 2025/08/02 15:44:09 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2024 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -131,6 +131,19 @@ ec_field_element_copy(EC_FIELD_ELEMENT dst, const EC_FIELD_ELEMENT src)
131	memcpy(dst, src, sizeof(EC_FIELD_ELEMENT));	131	memcpy(dst, src, sizeof(EC_FIELD_ELEMENT));
132	}	132	}
133		133
		134	void
		135	ec_field_element_select(const EC_FIELD_MODULUS fm, EC_FIELD_ELEMENT r,
		136	const EC_FIELD_ELEMENT a, const EC_FIELD_ELEMENT b, int conditional)
		137	{
		138	BN_ULONG mask;
		139	int i;
		140
		141	mask = bn_ct_eq_zero_mask(conditional);
		142
		143	for (i = 0; i < fm->n; i++)
		144	r->w[i] = (a->w[i] & mask) \| (b->w[i] & ~mask);
		145	}
		146
134	int	147	int
135	ec_field_element_equal(const EC_FIELD_MODULUS fm, const EC_FIELD_ELEMENT a,	148	ec_field_element_equal(const EC_FIELD_MODULUS fm, const EC_FIELD_ELEMENT a,
136	const EC_FIELD_ELEMENT *b)	149	const EC_FIELD_ELEMENT *b)