Blame - library/constant_time.h - mirror/mbed-tls

blob: 9a6db2807e4c005266a39049fa754e1a6de8b2c3 [file] [log] [blame]

gabor-mezei-arm	db9a38c	2021-09-27 11:28:54 +0200	[diff] [blame]	1	/**
				2	* Constant-time functions
				3	*
				4	* Copyright The Mbed TLS Contributors
				5	* SPDX-License-Identifier: Apache-2.0
				6	*
				7	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				8	* not use this file except in compliance with the License.
				9	* You may obtain a copy of the License at
				10	*
				11	* http://www.apache.org/licenses/LICENSE-2.0
				12	*
				13	* Unless required by applicable law or agreed to in writing, software
				14	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				15	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				16	* See the License for the specific language governing permissions and
				17	* limitations under the License.
				18	*/
				19
				20	#include "common.h"
				21
gabor-mezei-arm	3f90fd5	2021-09-27 12:55:33 +0200	[diff] [blame]	22	#if defined(MBEDTLS_BIGNUM_C)
				23	#include "mbedtls/bignum.h"
				24	#endif
				25
gabor-mezei-arm	1349ffd	2021-09-27 14:28:31 +0200	[diff] [blame]	26	#if defined(MBEDTLS_SSL_TLS_C)
				27	#include "ssl_misc.h"
				28	#endif
				29
gabor-mezei-arm	db9a38c	2021-09-27 11:28:54 +0200	[diff] [blame]	30	#include <stddef.h>
				31
				32	int mbedtls_ssl_safer_memcmp( const void a, const void b, size_t n );
				33
				34	int mbedtls_constant_time_memcmp( const void v1, const void v2, size_t len );
				35
				36	unsigned char mbedtls_nist_kw_safer_memcmp( const void a, const void b, size_t n );
				37
				38	int mbedtls_safer_memcmp( const void a, const void b, size_t n );
gabor-mezei-arm	340948e	2021-09-27 11:40:03 +0200	[diff] [blame]	39
				40
				41	unsigned mbedtls_cf_uint_mask( unsigned value );
gabor-mezei-arm	3733bf8	2021-09-27 11:49:42 +0200	[diff] [blame]	42
				43	size_t mbedtls_cf_size_mask( size_t bit );
gabor-mezei-arm	c76227d	2021-09-27 11:53:54 +0200	[diff] [blame]	44
				45	size_t mbedtls_cf_size_mask_lt( size_t x, size_t y );
gabor-mezei-arm	16fc57b	2021-09-27 11:58:31 +0200	[diff] [blame]	46
				47	size_t mbedtls_cf_size_mask_ge( size_t x, size_t y );
gabor-mezei-arm	8d1d5fd	2021-09-27 12:15:19 +0200	[diff] [blame]	48
				49	size_t mbedtls_cf_size_bool_eq( size_t x, size_t y );
gabor-mezei-arm	5a85442	2021-09-27 12:25:07 +0200	[diff] [blame]	50
				51	unsigned mbedtls_cf_size_gt( size_t size, size_t max );
gabor-mezei-arm	3f90fd5	2021-09-27 12:55:33 +0200	[diff] [blame]	52
				53	#if defined(MBEDTLS_BIGNUM_C)
				54
				55	unsigned mbedtls_cf_mpi_uint_lt( const mbedtls_mpi_uint x,
				56	const mbedtls_mpi_uint y );
				57
				58	#endif /* MBEDTLS_BIGNUM_C */
gabor-mezei-arm	b2dbf2c	2021-09-27 12:59:30 +0200	[diff] [blame]	59
				60	unsigned mbedtls_cf_uint_if( unsigned cond, unsigned if1, unsigned if0 );
				61
gabor-mezei-arm	65cefdb	2021-09-27 15:47:00 +0200	[diff] [blame]	62	size_t mbedtls_cf_size_if( unsigned cond, size_t if1, size_t if0 );
				63
gabor-mezei-arm	d3230d5	2021-09-27 13:03:57 +0200	[diff] [blame]	64	int mbedtls_cf_cond_select_sign( int a, int b, unsigned char second );
gabor-mezei-arm	be8d98b	2021-09-27 13:17:15 +0200	[diff] [blame]	65
				66	#if defined(MBEDTLS_BIGNUM_C)
				67
				68	void mbedtls_cf_mpi_uint_cond_assign( size_t n,
				69	mbedtls_mpi_uint *dest,
				70	const mbedtls_mpi_uint *src,
				71	unsigned char assign );
				72
				73	#endif /* MBEDTLS_BIGNUM_C */
gabor-mezei-arm	394aeaa	2021-09-27 13:31:06 +0200	[diff] [blame]	74
				75	void mbedtls_cf_mem_move_to_left( void *start,
				76	size_t total,
				77	size_t offset );
gabor-mezei-arm	dee0fd3	2021-09-27 13:34:25 +0200	[diff] [blame]	78
				79	void mbedtls_cf_memcpy_if_eq( unsigned char *dst,
				80	const unsigned char *src,
				81	size_t len,
				82	size_t c1, size_t c2 );
gabor-mezei-arm	0e7f71e	2021-09-27 13:57:45 +0200	[diff] [blame]	83
				84	/** Copy data from a secret position with constant flow.
				85	*
				86	* This function copies \p len bytes from \p src_base + \p offset_secret to \p
				87	* dst, with a code flow and memory access pattern that does not depend on \p
				88	* offset_secret, but only on \p offset_min, \p offset_max and \p len.
				89	*
				90	* \param dst The destination buffer. This must point to a writable
				91	* buffer of at least \p len bytes.
				92	* \param src_base The base of the source buffer. This must point to a
				93	* readable buffer of at least \p offset_max + \p len
				94	* bytes.
				95	* \param offset_secret The offset in the source buffer from which to copy.
				96	* This must be no less than \p offset_min and no greater
				97	* than \p offset_max.
				98	* \param offset_min The minimal value of \p offset_secret.
				99	* \param offset_max The maximal value of \p offset_secret.
				100	* \param len The number of bytes to copy.
				101	*/
				102	void mbedtls_cf_memcpy_offset( unsigned char *dst,
				103	const unsigned char *src_base,
				104	size_t offset_secret,
				105	size_t offset_min, size_t offset_max,
				106	size_t len );
gabor-mezei-arm	1349ffd	2021-09-27 14:28:31 +0200	[diff] [blame]	107
				108	#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
				109
				110	/** Compute the HMAC of variable-length data with constant flow.
				111	*
				112	* This function computes the HMAC of the concatenation of \p add_data and \p
				113	* data, and does with a code flow and memory access pattern that does not
				114	* depend on \p data_len_secret, but only on \p min_data_len and \p
				115	* max_data_len. In particular, this function always reads exactly \p
				116	* max_data_len bytes from \p data.
				117	*
				118	* \param ctx The HMAC context. It must have keys configured
				119	* with mbedtls_md_hmac_starts() and use one of the
				120	* following hashes: SHA-384, SHA-256, SHA-1 or MD-5.
				121	* It is reset using mbedtls_md_hmac_reset() after
				122	* the computation is complete to prepare for the
				123	* next computation.
				124	* \param add_data The additional data prepended to \p data. This
				125	* must point to a readable buffer of \p add_data_len
				126	* bytes.
				127	* \param add_data_len The length of \p add_data in bytes.
				128	* \param data The data appended to \p add_data. This must point
				129	* to a readable buffer of \p max_data_len bytes.
				130	* \param data_len_secret The length of the data to process in \p data.
				131	* This must be no less than \p min_data_len and no
				132	* greater than \p max_data_len.
				133	* \param min_data_len The minimal length of \p data in bytes.
				134	* \param max_data_len The maximal length of \p data in bytes.
				135	* \param output The HMAC will be written here. This must point to
				136	* a writable buffer of sufficient size to hold the
				137	* HMAC value.
				138	*
				139	* \retval 0 on success.
				140	* \retval MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
				141	* The hardware accelerator failed.
				142	*/
				143	int mbedtls_ssl_cf_hmac(
				144	mbedtls_md_context_t *ctx,
				145	const unsigned char *add_data, size_t add_data_len,
				146	const unsigned char *data, size_t data_len_secret,
				147	size_t min_data_len, size_t max_data_len,
				148	unsigned char *output );
				149
				150	#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
gabor-mezei-arm	fdb7118	2021-09-27 16:11:12 +0200	[diff] [blame^]	151
				152	#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
				153
				154	int mbedtls_cf_rsaes_pkcs1_v15_unpadding( size_t ilen,
				155	size_t *olen,
				156	unsigned char *output,
				157	size_t output_max_len,
				158	unsigned char *buf );
				159
				160	#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */