TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 87ac5bef9773130459111976f8e80a5787025c13 / . / library / constant_time.h
blob: ed6ec6afa56b4640637e4125a606edd02381b2de [file] [log] [blame]
gabor-mezei-armdb9a38c2021-09-27 11:28:54 +0200[diff] [blame]1/**
2 * Constant-time functions
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20#include "common.h"
21
gabor-mezei-arm3f90fd52021-09-27 12:55:33 +0200[diff] [blame]22#if defined(MBEDTLS_BIGNUM_C)
23#include "mbedtls/bignum.h"
24#endif
25
gabor-mezei-arm1349ffd2021-09-27 14:28:31 +0200[diff] [blame]26#if defined(MBEDTLS_SSL_TLS_C)
27#include "ssl_misc.h"
28#endif
29
gabor-mezei-armdb9a38c2021-09-27 11:28:54 +0200[diff] [blame]30#include <stddef.h>
31
gabor-mezei-armdb9a38c2021-09-27 11:28:54 +0200[diff] [blame]32
gabor-mezei-arm46025642021-07-19 15:19:19 +0200[diff] [blame]33int mbedtls_cf_memcmp( const void *a,
34 const void *b,
35 size_t n );
gabor-mezei-arm340948e2021-09-27 11:40:03 +0200[diff] [blame]36
37unsigned mbedtls_cf_uint_mask( unsigned value );
gabor-mezei-arm3733bf82021-09-27 11:49:42 +0200[diff] [blame]38
39size_t mbedtls_cf_size_mask( size_t bit );
gabor-mezei-armc76227d2021-09-27 11:53:54 +0200[diff] [blame]40
gabor-mezei-arm2dcd7682021-09-27 16:29:52 +0200[diff] [blame]41size_t mbedtls_cf_size_mask_lt( size_t x,
42 size_t y );
gabor-mezei-arm16fc57b2021-09-27 11:58:31 +0200[diff] [blame]43
gabor-mezei-arm2dcd7682021-09-27 16:29:52 +0200[diff] [blame]44size_t mbedtls_cf_size_mask_ge( size_t x,
45 size_t y );
gabor-mezei-arm8d1d5fd2021-09-27 12:15:19 +0200[diff] [blame]46
gabor-mezei-arm2dcd7682021-09-27 16:29:52 +0200[diff] [blame]47size_t mbedtls_cf_size_bool_eq( size_t x,
48 size_t y );
gabor-mezei-arm5a854422021-09-27 12:25:07 +0200[diff] [blame]49
gabor-mezei-arm87ac5be2021-08-10 20:36:09 +0200[diff] [blame^]50unsigned mbedtls_cf_size_gt( size_t x,
51 size_t y );
gabor-mezei-arm3f90fd52021-09-27 12:55:33 +0200[diff] [blame]52
53#if defined(MBEDTLS_BIGNUM_C)
54
55unsigned mbedtls_cf_mpi_uint_lt( const mbedtls_mpi_uint x,
56 const mbedtls_mpi_uint y );
57
58#endif /* MBEDTLS_BIGNUM_C */
gabor-mezei-armb2dbf2c2021-09-27 12:59:30 +0200[diff] [blame]59
gabor-mezei-arm87ac5be2021-08-10 20:36:09 +0200[diff] [blame^]60unsigned mbedtls_cf_uint_if( unsigned condition,
gabor-mezei-arm2dcd7682021-09-27 16:29:52 +0200[diff] [blame]61 unsigned if1,
62 unsigned if0 );
gabor-mezei-armb2dbf2c2021-09-27 12:59:30 +0200[diff] [blame]63
gabor-mezei-arm87ac5be2021-08-10 20:36:09 +0200[diff] [blame^]64size_t mbedtls_cf_size_if( unsigned condition,
gabor-mezei-arm2dcd7682021-09-27 16:29:52 +0200[diff] [blame]65 size_t if1,
66 size_t if0 );
gabor-mezei-arm65cefdb2021-09-27 15:47:00 +0200[diff] [blame]67
gabor-mezei-arm87ac5be2021-08-10 20:36:09 +0200[diff] [blame^]68int mbedtls_cf_cond_select_sign( unsigned char condition,
69 int if1,
70 int if0 );
gabor-mezei-armbe8d98b2021-09-27 13:17:15 +0200[diff] [blame]71
72#if defined(MBEDTLS_BIGNUM_C)
73
74void mbedtls_cf_mpi_uint_cond_assign( size_t n,
75 mbedtls_mpi_uint *dest,
76 const mbedtls_mpi_uint *src,
gabor-mezei-arm87ac5be2021-08-10 20:36:09 +0200[diff] [blame^]77 unsigned char condition );
gabor-mezei-armbe8d98b2021-09-27 13:17:15 +0200[diff] [blame]78
79#endif /* MBEDTLS_BIGNUM_C */
gabor-mezei-arm394aeaa2021-09-27 13:31:06 +0200[diff] [blame]80
81void mbedtls_cf_mem_move_to_left( void *start,
82 size_t total,
83 size_t offset );
gabor-mezei-armdee0fd32021-09-27 13:34:25 +0200[diff] [blame]84
gabor-mezei-arm87ac5be2021-08-10 20:36:09 +0200[diff] [blame^]85void mbedtls_cf_memcpy_if_eq( unsigned char *dest,
gabor-mezei-armdee0fd32021-09-27 13:34:25 +0200[diff] [blame]86 const unsigned char *src,
87 size_t len,
88 size_t c1, size_t c2 );
gabor-mezei-arm0e7f71e2021-09-27 13:57:45 +0200[diff] [blame]89
90/** Copy data from a secret position with constant flow.
91 *
92 * This function copies \p len bytes from \p src_base + \p offset_secret to \p
93 * dst, with a code flow and memory access pattern that does not depend on \p
94 * offset_secret, but only on \p offset_min, \p offset_max and \p len.
95 *
96 * \param dst The destination buffer. This must point to a writable
97 * buffer of at least \p len bytes.
98 * \param src_base The base of the source buffer. This must point to a
99 * readable buffer of at least \p offset_max + \p len
100 * bytes.
101 * \param offset_secret The offset in the source buffer from which to copy.
102 * This must be no less than \p offset_min and no greater
103 * than \p offset_max.
104 * \param offset_min The minimal value of \p offset_secret.
105 * \param offset_max The maximal value of \p offset_secret.
106 * \param len The number of bytes to copy.
107 */
108void mbedtls_cf_memcpy_offset( unsigned char *dst,
109 const unsigned char *src_base,
110 size_t offset_secret,
gabor-mezei-arm2dcd7682021-09-27 16:29:52 +0200[diff] [blame]111 size_t offset_min,
112 size_t offset_max,
gabor-mezei-arm0e7f71e2021-09-27 13:57:45 +0200[diff] [blame]113 size_t len );
gabor-mezei-arm1349ffd2021-09-27 14:28:31 +0200[diff] [blame]114
115#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
116
117/** Compute the HMAC of variable-length data with constant flow.
118 *
119 * This function computes the HMAC of the concatenation of \p add_data and \p
120 * data, and does with a code flow and memory access pattern that does not
121 * depend on \p data_len_secret, but only on \p min_data_len and \p
122 * max_data_len. In particular, this function always reads exactly \p
123 * max_data_len bytes from \p data.
124 *
125 * \param ctx The HMAC context. It must have keys configured
126 * with mbedtls_md_hmac_starts() and use one of the
127 * following hashes: SHA-384, SHA-256, SHA-1 or MD-5.
128 * It is reset using mbedtls_md_hmac_reset() after
129 * the computation is complete to prepare for the
130 * next computation.
131 * \param add_data The additional data prepended to \p data. This
132 * must point to a readable buffer of \p add_data_len
133 * bytes.
134 * \param add_data_len The length of \p add_data in bytes.
135 * \param data The data appended to \p add_data. This must point
136 * to a readable buffer of \p max_data_len bytes.
137 * \param data_len_secret The length of the data to process in \p data.
138 * This must be no less than \p min_data_len and no
139 * greater than \p max_data_len.
140 * \param min_data_len The minimal length of \p data in bytes.
141 * \param max_data_len The maximal length of \p data in bytes.
142 * \param output The HMAC will be written here. This must point to
143 * a writable buffer of sufficient size to hold the
144 * HMAC value.
145 *
146 * \retval 0 on success.
147 * \retval MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
148 * The hardware accelerator failed.
149 */
gabor-mezei-arm2dcd7682021-09-27 16:29:52 +0200[diff] [blame]150int mbedtls_cf_hmac( mbedtls_md_context_t *ctx,
151 const unsigned char *add_data,
152 size_t add_data_len,
153 const unsigned char *data,
154 size_t data_len_secret,
155 size_t min_data_len,
156 size_t max_data_len,
157 unsigned char *output );
gabor-mezei-arm1349ffd2021-09-27 14:28:31 +0200[diff] [blame]158
159#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
gabor-mezei-armfdb71182021-09-27 16:11:12 +0200[diff] [blame]160
161#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
162
163int mbedtls_cf_rsaes_pkcs1_v15_unpadding( size_t ilen,
164 size_t *olen,
165 unsigned char *output,
166 size_t output_max_len,
167 unsigned char *buf );
168
169#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */