summary refs log tree commit diff
path: root/crypto/src
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2019-08-02 17:04:09 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2019-08-02 17:04:09 +0700
commit829db37c0e44bc59defa7166fb346f935f33e69b (patch)
treebaae11279dc78a73fb1e267d3b6e0201bfc07294 /crypto/src
parentUpdates to raw math classes from bc-java (diff)
downloadBouncyCastle.NET-ed25519-829db37c0e44bc59defa7166fb346f935f33e69b.tar.xz
Provide a constant-time zero test
Diffstat (limited to 'crypto/src')
-rw-r--r--crypto/src/math/ec/rfc7748/X25519Field.cs11


-rw-r--r--crypto/src/math/ec/rfc7748/X448Field.cs11


2 files changed, 18 insertions, 4 deletions
diff --git a/crypto/src/math/ec/rfc7748/X25519Field.cs b/crypto/src/math/ec/rfc7748/X25519Field.cs

index fd5599657..b5938e2e7 100644
--- a/crypto/src/math/ec/rfc7748/X25519Field.cs
+++ b/crypto/src/math/ec/rfc7748/X25519Field.cs
@@ -179,14 +179,21 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
             Mul(t, x2, z);
         }
 
-        public static bool IsZeroVar(int[] x)
+        public static int IsZero(int[] x)
         {
             int d = 0;
             for (int i = 0; i < Size; ++i)
             {
                 d |= x[i];
             }
-            return d == 0;
+            d |= d >> 16;
+            d &= 0xFFFF;
+            return (d - 1) >> 31;
+        }
+
+        public static bool IsZeroVar(int[] x)
+        {
+            return 0 != IsZero(x);
         }
 
         public static void Mul(int[] x, int y, int[] z)
diff --git a/crypto/src/math/ec/rfc7748/X448Field.cs b/crypto/src/math/ec/rfc7748/X448Field.cs

index 5a682714d..7cda6ebcc 100644
--- a/crypto/src/math/ec/rfc7748/X448Field.cs
+++ b/crypto/src/math/ec/rfc7748/X448Field.cs
@@ -195,14 +195,21 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
             Mul(t, x, z);
         }
 
-        public static bool IsZeroVar(uint[] x)
+        public static int IsZero(uint[] x)
         {
             uint d = 0;
             for (int i = 0; i < Size; ++i)
             {
                 d |= x[i];
             }
-            return d == 0U;
+            d |= d >> 16;
+            d &= 0xFFFF;
+            return ((int)d - 1) >> 31;
+        }
+
+        public static bool IsZeroVar(uint[] x)
+        {
+            return 0U != IsZero(x);
         }
 
         public static void Mul(uint[] x, uint y, uint[] z)

 

generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-04-04 13:58:23 +0000