commit e1d31c4aadac5f354a88117fd7d08412de60765f
author Gabor Mezei <gabor.mezei@arm.com> Mon Sep 12 16:25:24 2022 +0200
committer Gabor Mezei <gabor.mezei@arm.com> Fri Sep 30 13:33:30 2022 +0200
tree 8badb2443f07cec0b4e66f2040393994dbd1a817
parent 845de0898e505df4b9b2bf3eb95e2592a9910e98

Add conditional swap and assign function for MPI core

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

library/bignum_core.h

diff --git a/library/bignum_core.h b/library/bignum_core.h
index 8e227f8..24650fe 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -74,6 +74,70 @@
 void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A,
                                          size_t A_limbs );
 
+/**
+ * \brief   Perform a safe conditional copy of MPI which doesn't reveal whether
+ *          the condition was true or not.
+ *
+ * \param[OUT] X        The address of the first MPI. This must be initialized.
+ * \param      X_limbs  The number of limbs of \p X.
+ * \param[IN]  Y        The address of the second MPI. This must be initialized.
+ * \param      Y_limbs  The number of limbs of \p Y.
+ * \param      assign   The condition deciding whether to perform the
+ *                      assignment or not. Must be either 0 or 1:
+ *                      * \c 1: Perform the assignment `X = Y`.
+ *                      * \c 0: Keep the original value of \p X.
+ *
+ * \note           This function avoids leaking any information about whether
+ *                 the assignment was done or not.
+ *
+ * \warning        If \p assign is neither 0 nor 1, the result of this function
+ *                 is indeterminate, and the resulting value in \p X might be
+ *                 neither its original value nor the value in \p Y.
+ *
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't
+ *                 large enough to hold the value in \p Y.
+ * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p X or \p Y is invalid.
+ */
+int mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X,
+                                  size_t X_limbs,
+                                  const mbedtls_mpi_uint *Y,
+                                  size_t Y_limbs,
+                                  unsigned char assign );
+
+/**
+ * \brief   Perform a safe conditional copy of MPI which doesn't reveal whether
+ *          the condition was true or not.
+ *
+ * \param[IN,OUT] X         The address of the first MPI.
+ *                          This must be initialized.
+ * \param         X_limbs   The number of limbs of \p X.
+ * \param[IN,OUT] Y         The address of the second MPI.
+ *                          This must be initialized.
+ * \param         Y_limbs   The number of limbs of \p Y.
+ * \param         swap      The condition deciding whether to perform
+ *                          the swap or not. Must be either 0 or 1:
+ *                          * \c 1: Swap the values of \p X and \p Y.
+ *                          * \c 0: Keep the original values of \p X and \p Y.
+ *
+ * \note           This function avoids leaking any information about whether
+ *                 the swap was done or not.
+ *
+ * \warning        If \p swap is neither 0 nor 1, the result of this function
+ *                 is indeterminate, and both \p X and \p Y might end up with
+ *                 values different to either of the original ones.
+ *
+ * \return         \c 0 if successful.
+ * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the size of
+ *                 \p X and \p Y is differ.
+ * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p X or \p Y is invalid.
+ */
+int mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X,
+                                size_t X_limbs,
+                                mbedtls_mpi_uint *Y,
+                                size_t Y_limbs,
+                                unsigned char swap );
+
 /** Import X from unsigned binary data, little-endian.
  *
  * The MPI needs to have enough limbs to store the full value (including any