Move some bignum functions out of constant_time module

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-09 14:01:05 +01:00 · 2023-05-09 14:01:05 +01:00 · 7d4f019810
commit 7d4f019810
parent 19e8cd06fe
5 changed files with 194 additions and 203 deletions
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@ -168,6 +168,46 @@ unsigned mbedtls_mpi_core_uint_le_mpi(mbedtls_mpi_uint min,
    return min_le_lsl | msll_nonzero;
 }

+unsigned mbedtls_mpi_core_lt_ct(const mbedtls_mpi_uint *A,
+                                const mbedtls_mpi_uint *B,
+                                size_t limbs)
+{
+    unsigned ret, cond, done;
+
+    /* The value of any of these variables is either 0 or 1 for the rest of
+     * their scope. */
+    ret = cond = done = 0;
+
+    for (size_t i = limbs; i > 0; i--) {
+        /*
+         * If B[i - 1] < A[i - 1] then A < B is false and the result must
+         * remain 0.
+         *
+         * Again even if we can make a decision, we just mark the result and
+         * the fact that we are done and continue looping.
+         */
+        cond = mbedtls_ct_mpi_uint_lt(B[i - 1], A[i - 1]);
+        done |= cond;
+
+        /*
+         * If A[i - 1] < B[i - 1] then A < B is true.
+         *
+         * Again even if we can make a decision, we just mark the result and
+         * the fact that we are done and continue looping.
+         */
+        cond = mbedtls_ct_mpi_uint_lt(A[i - 1], B[i - 1]);
+        ret |= cond & (1 - done);
+        done |= cond;
+    }
+
+    /*
+     * If all the limbs were equal, then the numbers are equal, A < B is false
+     * and leaving the result 0 is correct.
+     */
+
+    return ret;
+}
+
 void mbedtls_mpi_core_cond_assign(mbedtls_mpi_uint *X,
                                  const mbedtls_mpi_uint *A,
                                  size_t limbs,