1
1
kopie van https://github.com/henrydcase/pqc.git synced 2024-11-22 07:35:38 +00:00

Avoid ==, !=, etc in arithmetic expressions. Some compilers will produce non-constant time code.

This commit is contained in:
John M. Schanck 2020-09-09 16:07:20 -04:00 gecommit door Kris Kwiatkowski
bovenliggende b16ce91595
commit ae30e1f432
9 gewijzigde bestanden met toevoegingen van 30 en 24 verwijderingen

Bestand weergeven

@ -228,9 +228,9 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
// Compute the beta_{j_i} page 31 of the documentation
for (size_t i = 0 ; i < PARAM_N1 ; i++) {
uint16_t found = 0;
int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15;
for (size_t j = 0 ; j < PARAM_DELTA ; j++) {
int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15;
uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
for (uint16_t j = 0 ; j < PARAM_DELTA ; j++) {
uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
beta_j[j] += indexmask & valuemask & exp[i];
found += indexmask & valuemask & 1;
}
@ -252,7 +252,7 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
for (size_t k = 1 ; k < PARAM_DELTA ; ++k) {
tmp2 = PQCLEAN_HQCRMRS128_CLEAN_gf_mul(tmp2, (1 ^ PQCLEAN_HQCRMRS128_CLEAN_gf_mul(inverse, beta_j[(i + k) % PARAM_DELTA])));
}
int16_t mask = ((int16_t) - (i < delta_real_value)) >> 15;
uint16_t mask = (uint16_t) (((int16_t) i - delta_real_value) >> 15); // i < delta_real_value
e_j[i] = mask & PQCLEAN_HQCRMRS128_CLEAN_gf_mul(tmp1, PQCLEAN_HQCRMRS128_CLEAN_gf_inverse(tmp2));
}
@ -260,9 +260,9 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
delta_counter = 0;
for (size_t i = 0 ; i < PARAM_N1 ; ++i) {
uint16_t found = 0;
int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15;
uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
for (size_t j = 0 ; j < PARAM_DELTA ; j++) {
int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15;
uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
error_values[i] += indexmask & valuemask & e_j[j];
found += indexmask & valuemask & 1;
}

Bestand weergeven

@ -228,9 +228,9 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
// Compute the beta_{j_i} page 31 of the documentation
for (size_t i = 0 ; i < PARAM_N1 ; i++) {
uint16_t found = 0;
int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15;
for (size_t j = 0 ; j < PARAM_DELTA ; j++) {
int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15;
uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
for (uint16_t j = 0 ; j < PARAM_DELTA ; j++) {
uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
beta_j[j] += indexmask & valuemask & exp[i];
found += indexmask & valuemask & 1;
}
@ -252,7 +252,7 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
for (size_t k = 1 ; k < PARAM_DELTA ; ++k) {
tmp2 = PQCLEAN_HQCRMRS192_CLEAN_gf_mul(tmp2, (1 ^ PQCLEAN_HQCRMRS192_CLEAN_gf_mul(inverse, beta_j[(i + k) % PARAM_DELTA])));
}
int16_t mask = ((int16_t) - (i < delta_real_value)) >> 15;
uint16_t mask = (uint16_t) (((int16_t) i - delta_real_value) >> 15); // i < delta_real_value
e_j[i] = mask & PQCLEAN_HQCRMRS192_CLEAN_gf_mul(tmp1, PQCLEAN_HQCRMRS192_CLEAN_gf_inverse(tmp2));
}
@ -260,9 +260,9 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
delta_counter = 0;
for (size_t i = 0 ; i < PARAM_N1 ; ++i) {
uint16_t found = 0;
int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15;
uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
for (size_t j = 0 ; j < PARAM_DELTA ; j++) {
int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15;
uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
error_values[i] += indexmask & valuemask & e_j[j];
found += indexmask & valuemask & 1;
}

Bestand weergeven

@ -228,9 +228,9 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
// Compute the beta_{j_i} page 31 of the documentation
for (size_t i = 0 ; i < PARAM_N1 ; i++) {
uint16_t found = 0;
int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15;
for (size_t j = 0 ; j < PARAM_DELTA ; j++) {
int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15;
uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
for (uint16_t j = 0 ; j < PARAM_DELTA ; j++) {
uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
beta_j[j] += indexmask & valuemask & exp[i];
found += indexmask & valuemask & 1;
}
@ -252,7 +252,7 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
for (size_t k = 1 ; k < PARAM_DELTA ; ++k) {
tmp2 = PQCLEAN_HQCRMRS256_CLEAN_gf_mul(tmp2, (1 ^ PQCLEAN_HQCRMRS256_CLEAN_gf_mul(inverse, beta_j[(i + k) % PARAM_DELTA])));
}
int16_t mask = ((int16_t) - (i < delta_real_value)) >> 15;
uint16_t mask = (uint16_t) (((int16_t) i - delta_real_value) >> 15); // i < delta_real_value
e_j[i] = mask & PQCLEAN_HQCRMRS256_CLEAN_gf_mul(tmp1, PQCLEAN_HQCRMRS256_CLEAN_gf_inverse(tmp2));
}
@ -260,9 +260,9 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
delta_counter = 0;
for (size_t i = 0 ; i < PARAM_N1 ; ++i) {
uint16_t found = 0;
int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15;
uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
for (size_t j = 0 ; j < PARAM_DELTA ; j++) {
int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15;
uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
error_values[i] += indexmask & valuemask & e_j[j];
found += indexmask & valuemask & 1;
}

Bestand weergeven

@ -6,18 +6,19 @@ consistency_checks:
- api.h
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
- code.c
- fft.c
- reed_solomon.c
- source:
scheme: hqc-rmrs-192
implementation: clean
files:
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
@ -50,6 +51,7 @@ consistency_checks:
files:
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h

Bestand weergeven

@ -6,12 +6,12 @@ consistency_checks:
- api.h
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
- code.c
- fft.c
- reed_solomon.c
- source:
scheme: hqc-rmrs-192
implementation: clean
@ -40,6 +40,7 @@ consistency_checks:
files:
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
@ -73,6 +74,7 @@ consistency_checks:
files:
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h

Bestand weergeven

@ -6,18 +6,19 @@ consistency_checks:
- api.h
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
- code.c
- fft.c
- reed_solomon.c
- source:
scheme: hqc-rmrs-256
implementation: clean
files:
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h

Bestand weergeven

@ -6,12 +6,12 @@ consistency_checks:
- api.h
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
- code.c
- fft.c
- reed_solomon.c
- source:
scheme: hqc-rmrs-256
implementation: clean
@ -40,6 +40,7 @@ consistency_checks:
files:
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h

Bestand weergeven

@ -6,9 +6,9 @@ consistency_checks:
- api.h
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
- code.c
- fft.c
- reed_solomon.c

Bestand weergeven

@ -6,9 +6,9 @@ consistency_checks:
- api.h
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
- code.c
- fft.c
- reed_solomon.c