commit 64172bc2ec53e317b72889876544c9ef0466849f
author Dave Rodgman <dave.rodgman@arm.com> Mon Jan 29 12:29:14 2024 +0000
committer Dave Rodgman <dave.rodgman@arm.com> Mon Jan 29 12:41:02 2024 +0000
tree d48e142c867972281eaa5a6ae836076645e7b5ce
parent 9c5c9c351ddf7ede41e891d5d493d0810e24d7b9

Use constant_time module from cmac

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

library/cmac.c

diff --git a/library/cmac.c b/library/cmac.c
index f40cae2..56a9c71 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -34,6 +34,7 @@
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform.h"
+#include "constant_time_internal.h"
 
 #include <string.h>
 
@@ -57,7 +58,7 @@
 {
     const unsigned char R_128 = 0x87;
     const unsigned char R_64 = 0x1B;
-    unsigned char R_n, mask;
+    unsigned char R_n;
     unsigned char overflow = 0x00;
     int i;
 
@@ -74,21 +75,8 @@
         overflow = input[i] >> 7;
     }
 
-    /* mask = ( input[0] >> 7 ) ? 0xff : 0x00
-     * using bit operations to avoid branches */
-
-    /* MSVC has a warning about unary minus on unsigned, but this is
-     * well-defined and precisely what we want to do here */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-    mask = -(input[0] >> 7);
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
-    output[blocksize - 1] ^= R_n & mask;
+    R_n = (unsigned char) mbedtls_ct_uint_if_else_0(mbedtls_ct_bool(input[0] >> 7), R_n);
+    output[blocksize - 1] ^= R_n;
 
     return 0;
 }