commit dee0fd33f10804f6af3b6f818545f2d26e3da731
author gabor-mezei-arm <gabor.mezei@arm.com> Mon Sep 27 13:34:25 2021 +0200
committer gabor-mezei-arm <gabor.mezei@arm.com> Tue Sep 28 16:28:43 2021 +0200
tree 4f09bd70e6874c101a06878bb80835cbed04c1e7
parent 394aeaaefbb678f3ede5d5c24a5afacb0ed97cf9

Move mbedtls_cf_memcpy_if_eq function to the constant-time module

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>

library/constant_time.c

diff --git a/library/constant_time.c b/library/constant_time.c
index 281df64..cbfc8e5 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -395,3 +395,26 @@
         buf[total-1] = mbedtls_cf_uint_if( no_op, buf[total-1], 0 );
     }
 }
+
+/*
+ * Constant-flow conditional memcpy:
+ *  - if c1 == c2, equivalent to memcpy(dst, src, len),
+ *  - otherwise, a no-op,
+ * but with execution flow independent of the values of c1 and c2.
+ *
+ * This function is implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
+ */
+void mbedtls_cf_memcpy_if_eq( unsigned char *dst,
+                                     const unsigned char *src,
+                                     size_t len,
+                                     size_t c1, size_t c2 )
+{
+    /* mask = c1 == c2 ? 0xff : 0x00 */
+    const size_t equal = mbedtls_cf_size_bool_eq( c1, c2 );
+    const unsigned char mask = (unsigned char) mbedtls_cf_size_mask( equal );
+
+    /* dst[i] = c1 == c2 ? src[i] : dst[i] */
+    for( size_t i = 0; i < len; i++ )
+        dst[i] = ( src[i] & mask ) | ( dst[i] & ~mask );
+}