From 829db37c0e44bc59defa7166fb346f935f33e69b Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Fri, 2 Aug 2019 17:04:09 +0700 Subject: Provide a constant-time zero test --- crypto/src/math/ec/rfc7748/X25519Field.cs | 11 +++++++++-- crypto/src/math/ec/rfc7748/X448Field.cs | 11 +++++++++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/crypto/src/math/ec/rfc7748/X25519Field.cs b/crypto/src/math/ec/rfc7748/X25519Field.cs index fd5599657..b5938e2e7 100644 --- a/crypto/src/math/ec/rfc7748/X25519Field.cs +++ b/crypto/src/math/ec/rfc7748/X25519Field.cs @@ -179,14 +179,21 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 Mul(t, x2, z); } - public static bool IsZeroVar(int[] x) + public static int IsZero(int[] x) { int d = 0; for (int i = 0; i < Size; ++i) { d |= x[i]; } - return d == 0; + d |= d >> 16; + d &= 0xFFFF; + return (d - 1) >> 31; + } + + public static bool IsZeroVar(int[] x) + { + return 0 != IsZero(x); } public static void Mul(int[] x, int y, int[] z) diff --git a/crypto/src/math/ec/rfc7748/X448Field.cs b/crypto/src/math/ec/rfc7748/X448Field.cs index 5a682714d..7cda6ebcc 100644 --- a/crypto/src/math/ec/rfc7748/X448Field.cs +++ b/crypto/src/math/ec/rfc7748/X448Field.cs @@ -195,14 +195,21 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 Mul(t, x, z); } - public static bool IsZeroVar(uint[] x) + public static int IsZero(uint[] x) { uint d = 0; for (int i = 0; i < Size; ++i) { d |= x[i]; } - return d == 0U; + d |= d >> 16; + d &= 0xFFFF; + return ((int)d - 1) >> 31; + } + + public static bool IsZeroVar(uint[] x) + { + return 0U != IsZero(x); } public static void Mul(uint[] x, uint y, uint[] z) -- cgit 1.4.1