diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2019-08-02 17:04:09 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2019-08-02 17:04:09 +0700 |
| commit | 829db37c0e44bc59defa7166fb346f935f33e69b (patch) | |
| tree | baae11279dc78a73fb1e267d3b6e0201bfc07294 | |
| parent | Updates to raw math classes from bc-java (diff) | |
| download | BouncyCastle.NET-ed25519-829db37c0e44bc59defa7166fb346f935f33e69b.tar.xz | |
Provide a constant-time zero test
| -rw-r--r-- | crypto/src/math/ec/rfc7748/X25519Field.cs | 11 | ||||
| -rw-r--r-- | crypto/src/math/ec/rfc7748/X448Field.cs | 11 |
2 files changed, 18 insertions, 4 deletions
diff --git a/crypto/src/math/ec/rfc7748/X25519Field.cs b/crypto/src/math/ec/rfc7748/X25519Field.cs index fd5599657..b5938e2e7 100644 --- a/crypto/src/math/ec/rfc7748/X25519Field.cs +++ b/crypto/src/math/ec/rfc7748/X25519Field.cs @@ -179,14 +179,21 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 Mul(t, x2, z); } - public static bool IsZeroVar(int[] x) + public static int IsZero(int[] x) { int d = 0; for (int i = 0; i < Size; ++i) { d |= x[i]; } - return d == 0; + d |= d >> 16; + d &= 0xFFFF; + return (d - 1) >> 31; + } + + public static bool IsZeroVar(int[] x) + { + return 0 != IsZero(x); } public static void Mul(int[] x, int y, int[] z) diff --git a/crypto/src/math/ec/rfc7748/X448Field.cs b/crypto/src/math/ec/rfc7748/X448Field.cs index 5a682714d..7cda6ebcc 100644 --- a/crypto/src/math/ec/rfc7748/X448Field.cs +++ b/crypto/src/math/ec/rfc7748/X448Field.cs @@ -195,14 +195,21 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 Mul(t, x, z); } - public static bool IsZeroVar(uint[] x) + public static int IsZero(uint[] x) { uint d = 0; for (int i = 0; i < Size; ++i) { d |= x[i]; } - return d == 0U; + d |= d >> 16; + d &= 0xFFFF; + return ((int)d - 1) >> 31; + } + + public static bool IsZeroVar(uint[] x) + { + return 0U != IsZero(x); } public static void Mul(uint[] x, uint y, uint[] z) |