1
1
mirror of https://github.com/henrydcase/pqc.git synced 2024-11-25 17:01:22 +00:00

Avoid ==, !=, etc in arithmetic expressions. Some compilers will produce non-constant time code.

This commit is contained in:
John M. Schanck 2020-09-09 16:07:20 -04:00 committed by Kris Kwiatkowski
parent b16ce91595
commit ae30e1f432
9 changed files with 30 additions and 24 deletions

View File

@ -228,9 +228,9 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
// Compute the beta_{j_i} page 31 of the documentation // Compute the beta_{j_i} page 31 of the documentation
for (size_t i = 0 ; i < PARAM_N1 ; i++) { for (size_t i = 0 ; i < PARAM_N1 ; i++) {
uint16_t found = 0; uint16_t found = 0;
int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15; uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
for (size_t j = 0 ; j < PARAM_DELTA ; j++) { for (uint16_t j = 0 ; j < PARAM_DELTA ; j++) {
int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15; uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
beta_j[j] += indexmask & valuemask & exp[i]; beta_j[j] += indexmask & valuemask & exp[i];
found += indexmask & valuemask & 1; found += indexmask & valuemask & 1;
} }
@ -252,7 +252,7 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
for (size_t k = 1 ; k < PARAM_DELTA ; ++k) { for (size_t k = 1 ; k < PARAM_DELTA ; ++k) {
tmp2 = PQCLEAN_HQCRMRS128_CLEAN_gf_mul(tmp2, (1 ^ PQCLEAN_HQCRMRS128_CLEAN_gf_mul(inverse, beta_j[(i + k) % PARAM_DELTA]))); tmp2 = PQCLEAN_HQCRMRS128_CLEAN_gf_mul(tmp2, (1 ^ PQCLEAN_HQCRMRS128_CLEAN_gf_mul(inverse, beta_j[(i + k) % PARAM_DELTA])));
} }
int16_t mask = ((int16_t) - (i < delta_real_value)) >> 15; uint16_t mask = (uint16_t) (((int16_t) i - delta_real_value) >> 15); // i < delta_real_value
e_j[i] = mask & PQCLEAN_HQCRMRS128_CLEAN_gf_mul(tmp1, PQCLEAN_HQCRMRS128_CLEAN_gf_inverse(tmp2)); e_j[i] = mask & PQCLEAN_HQCRMRS128_CLEAN_gf_mul(tmp1, PQCLEAN_HQCRMRS128_CLEAN_gf_inverse(tmp2));
} }
@ -260,9 +260,9 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
delta_counter = 0; delta_counter = 0;
for (size_t i = 0 ; i < PARAM_N1 ; ++i) { for (size_t i = 0 ; i < PARAM_N1 ; ++i) {
uint16_t found = 0; uint16_t found = 0;
int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15; uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
for (size_t j = 0 ; j < PARAM_DELTA ; j++) { for (size_t j = 0 ; j < PARAM_DELTA ; j++) {
int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15; uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
error_values[i] += indexmask & valuemask & e_j[j]; error_values[i] += indexmask & valuemask & e_j[j];
found += indexmask & valuemask & 1; found += indexmask & valuemask & 1;
} }

View File

@ -228,9 +228,9 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
// Compute the beta_{j_i} page 31 of the documentation // Compute the beta_{j_i} page 31 of the documentation
for (size_t i = 0 ; i < PARAM_N1 ; i++) { for (size_t i = 0 ; i < PARAM_N1 ; i++) {
uint16_t found = 0; uint16_t found = 0;
int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15; uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
for (size_t j = 0 ; j < PARAM_DELTA ; j++) { for (uint16_t j = 0 ; j < PARAM_DELTA ; j++) {
int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15; uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
beta_j[j] += indexmask & valuemask & exp[i]; beta_j[j] += indexmask & valuemask & exp[i];
found += indexmask & valuemask & 1; found += indexmask & valuemask & 1;
} }
@ -252,7 +252,7 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
for (size_t k = 1 ; k < PARAM_DELTA ; ++k) { for (size_t k = 1 ; k < PARAM_DELTA ; ++k) {
tmp2 = PQCLEAN_HQCRMRS192_CLEAN_gf_mul(tmp2, (1 ^ PQCLEAN_HQCRMRS192_CLEAN_gf_mul(inverse, beta_j[(i + k) % PARAM_DELTA]))); tmp2 = PQCLEAN_HQCRMRS192_CLEAN_gf_mul(tmp2, (1 ^ PQCLEAN_HQCRMRS192_CLEAN_gf_mul(inverse, beta_j[(i + k) % PARAM_DELTA])));
} }
int16_t mask = ((int16_t) - (i < delta_real_value)) >> 15; uint16_t mask = (uint16_t) (((int16_t) i - delta_real_value) >> 15); // i < delta_real_value
e_j[i] = mask & PQCLEAN_HQCRMRS192_CLEAN_gf_mul(tmp1, PQCLEAN_HQCRMRS192_CLEAN_gf_inverse(tmp2)); e_j[i] = mask & PQCLEAN_HQCRMRS192_CLEAN_gf_mul(tmp1, PQCLEAN_HQCRMRS192_CLEAN_gf_inverse(tmp2));
} }
@ -260,9 +260,9 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
delta_counter = 0; delta_counter = 0;
for (size_t i = 0 ; i < PARAM_N1 ; ++i) { for (size_t i = 0 ; i < PARAM_N1 ; ++i) {
uint16_t found = 0; uint16_t found = 0;
int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15; uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
for (size_t j = 0 ; j < PARAM_DELTA ; j++) { for (size_t j = 0 ; j < PARAM_DELTA ; j++) {
int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15; uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
error_values[i] += indexmask & valuemask & e_j[j]; error_values[i] += indexmask & valuemask & e_j[j];
found += indexmask & valuemask & 1; found += indexmask & valuemask & 1;
} }

View File

@ -228,9 +228,9 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
// Compute the beta_{j_i} page 31 of the documentation // Compute the beta_{j_i} page 31 of the documentation
for (size_t i = 0 ; i < PARAM_N1 ; i++) { for (size_t i = 0 ; i < PARAM_N1 ; i++) {
uint16_t found = 0; uint16_t found = 0;
int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15; uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
for (size_t j = 0 ; j < PARAM_DELTA ; j++) { for (uint16_t j = 0 ; j < PARAM_DELTA ; j++) {
int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15; uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
beta_j[j] += indexmask & valuemask & exp[i]; beta_j[j] += indexmask & valuemask & exp[i];
found += indexmask & valuemask & 1; found += indexmask & valuemask & 1;
} }
@ -252,7 +252,7 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
for (size_t k = 1 ; k < PARAM_DELTA ; ++k) { for (size_t k = 1 ; k < PARAM_DELTA ; ++k) {
tmp2 = PQCLEAN_HQCRMRS256_CLEAN_gf_mul(tmp2, (1 ^ PQCLEAN_HQCRMRS256_CLEAN_gf_mul(inverse, beta_j[(i + k) % PARAM_DELTA]))); tmp2 = PQCLEAN_HQCRMRS256_CLEAN_gf_mul(tmp2, (1 ^ PQCLEAN_HQCRMRS256_CLEAN_gf_mul(inverse, beta_j[(i + k) % PARAM_DELTA])));
} }
int16_t mask = ((int16_t) - (i < delta_real_value)) >> 15; uint16_t mask = (uint16_t) (((int16_t) i - delta_real_value) >> 15); // i < delta_real_value
e_j[i] = mask & PQCLEAN_HQCRMRS256_CLEAN_gf_mul(tmp1, PQCLEAN_HQCRMRS256_CLEAN_gf_inverse(tmp2)); e_j[i] = mask & PQCLEAN_HQCRMRS256_CLEAN_gf_mul(tmp1, PQCLEAN_HQCRMRS256_CLEAN_gf_inverse(tmp2));
} }
@ -260,9 +260,9 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
delta_counter = 0; delta_counter = 0;
for (size_t i = 0 ; i < PARAM_N1 ; ++i) { for (size_t i = 0 ; i < PARAM_N1 ; ++i) {
uint16_t found = 0; uint16_t found = 0;
int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15; uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
for (size_t j = 0 ; j < PARAM_DELTA ; j++) { for (size_t j = 0 ; j < PARAM_DELTA ; j++) {
int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15; uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
error_values[i] += indexmask & valuemask & e_j[j]; error_values[i] += indexmask & valuemask & e_j[j];
found += indexmask & valuemask & 1; found += indexmask & valuemask & 1;
} }

View File

@ -6,18 +6,19 @@ consistency_checks:
- api.h - api.h
- code.h - code.h
- fft.h - fft.h
- gf.h
- hqc.h - hqc.h
- reed_muller.h - reed_muller.h
- reed_solomon.h - reed_solomon.h
- code.c - code.c
- fft.c - fft.c
- reed_solomon.c
- source: - source:
scheme: hqc-rmrs-192 scheme: hqc-rmrs-192
implementation: clean implementation: clean
files: files:
- code.h - code.h
- fft.h - fft.h
- gf.h
- hqc.h - hqc.h
- reed_muller.h - reed_muller.h
- reed_solomon.h - reed_solomon.h
@ -50,6 +51,7 @@ consistency_checks:
files: files:
- code.h - code.h
- fft.h - fft.h
- gf.h
- hqc.h - hqc.h
- reed_muller.h - reed_muller.h
- reed_solomon.h - reed_solomon.h

View File

@ -6,12 +6,12 @@ consistency_checks:
- api.h - api.h
- code.h - code.h
- fft.h - fft.h
- gf.h
- hqc.h - hqc.h
- reed_muller.h - reed_muller.h
- reed_solomon.h - reed_solomon.h
- code.c - code.c
- fft.c - fft.c
- reed_solomon.c
- source: - source:
scheme: hqc-rmrs-192 scheme: hqc-rmrs-192
implementation: clean implementation: clean
@ -40,6 +40,7 @@ consistency_checks:
files: files:
- code.h - code.h
- fft.h - fft.h
- gf.h
- hqc.h - hqc.h
- reed_muller.h - reed_muller.h
- reed_solomon.h - reed_solomon.h
@ -73,6 +74,7 @@ consistency_checks:
files: files:
- code.h - code.h
- fft.h - fft.h
- gf.h
- hqc.h - hqc.h
- reed_muller.h - reed_muller.h
- reed_solomon.h - reed_solomon.h

View File

@ -6,18 +6,19 @@ consistency_checks:
- api.h - api.h
- code.h - code.h
- fft.h - fft.h
- gf.h
- hqc.h - hqc.h
- reed_muller.h - reed_muller.h
- reed_solomon.h - reed_solomon.h
- code.c - code.c
- fft.c - fft.c
- reed_solomon.c
- source: - source:
scheme: hqc-rmrs-256 scheme: hqc-rmrs-256
implementation: clean implementation: clean
files: files:
- code.h - code.h
- fft.h - fft.h
- gf.h
- hqc.h - hqc.h
- reed_muller.h - reed_muller.h
- reed_solomon.h - reed_solomon.h

View File

@ -6,12 +6,12 @@ consistency_checks:
- api.h - api.h
- code.h - code.h
- fft.h - fft.h
- gf.h
- hqc.h - hqc.h
- reed_muller.h - reed_muller.h
- reed_solomon.h - reed_solomon.h
- code.c - code.c
- fft.c - fft.c
- reed_solomon.c
- source: - source:
scheme: hqc-rmrs-256 scheme: hqc-rmrs-256
implementation: clean implementation: clean
@ -40,6 +40,7 @@ consistency_checks:
files: files:
- code.h - code.h
- fft.h - fft.h
- gf.h
- hqc.h - hqc.h
- reed_muller.h - reed_muller.h
- reed_solomon.h - reed_solomon.h

View File

@ -6,9 +6,9 @@ consistency_checks:
- api.h - api.h
- code.h - code.h
- fft.h - fft.h
- gf.h
- hqc.h - hqc.h
- reed_muller.h - reed_muller.h
- reed_solomon.h - reed_solomon.h
- code.c - code.c
- fft.c - fft.c
- reed_solomon.c

View File

@ -6,9 +6,9 @@ consistency_checks:
- api.h - api.h
- code.h - code.h
- fft.h - fft.h
- gf.h
- hqc.h - hqc.h
- reed_muller.h - reed_muller.h
- reed_solomon.h - reed_solomon.h
- code.c - code.c
- fft.c - fft.c
- reed_solomon.c