* Re: [PATCH 4/5] util: add l_secure_select_byte
@ 2022-02-04 18:16 Denis Kenzior
0 siblings, 0 replies; 4+ messages in thread
From: Denis Kenzior @ 2022-02-04 18:16 UTC (permalink / raw)
To: ell
[-- Attachment #1: Type: text/plain, Size: 391 bytes --]
Hi James,
>>
>> Why not use secure_select from ell/useful.h ?
>
> Ugh, we should keep these things in one place, unless there was a
> reason for doing it this way?
>
It was needed for l_ecc_point_from_sswu() (SAE-H2E). I don't remember why I
didn't switch iwd over. We should try to do so.
In general, ell/useful.h would be the place for such utilities.
Regards,
-Denis
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 4/5] util: add l_secure_select_byte
@ 2022-02-04 17:51 James Prestwood
0 siblings, 0 replies; 4+ messages in thread
From: James Prestwood @ 2022-02-04 17:51 UTC (permalink / raw)
To: ell
[-- Attachment #1: Type: text/plain, Size: 1594 bytes --]
On Fri, 2022-02-04 at 11:35 -0600, Denis Kenzior wrote:
> Hi James,
>
> On 2/4/22 11:06, James Prestwood wrote:
> > This was taken from IWD and modified slightly to act off a boolean
> > rather than a 0xff/0x00 byte to stay consistent with
> > l_secure_select
> > ---
> > ell/util.h | 15 +++++++++++++++
> > 1 file changed, 15 insertions(+)
> >
> > diff --git a/ell/util.h b/ell/util.h
> > index 9d4e36c..d390d27 100644
> > --- a/ell/util.h
> > +++ b/ell/util.h
> > @@ -425,6 +425,21 @@ static inline void l_secure_select(bool
> > select_left,
> > o[i] = r[i] ^ ((l[i] ^ r[i]) & mask);
> > }
> >
> > +/*
> > + * Returns either true_value or false_value (depending if mask is
> > 0xFF or 0x00
> > + * respectively).
> > + * This constant time selection method allows to keep an identical
> > memory
> > + * access pattern.
> > + */
> > +static inline uint8_t l_secure_select_byte(bool select_true,
> > + const uint8_t true_value,
> > + const uint8_t false_value)
> > +{
> > + uint8_t mask = -(!!select_true);
> > +
> > + return (mask & true_value) | (~mask & false_value);
> > +}
> > +
>
> Why not use secure_select from ell/useful.h ?
Ugh, we should keep these things in one place, unless there was a
reason for doing it this way?
>
> > #ifdef __cplusplus
> > }
> > #endif
> >
>
> Regards,
> -Denis
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 4/5] util: add l_secure_select_byte
@ 2022-02-04 17:35 Denis Kenzior
0 siblings, 0 replies; 4+ messages in thread
From: Denis Kenzior @ 2022-02-04 17:35 UTC (permalink / raw)
To: ell
[-- Attachment #1: Type: text/plain, Size: 1120 bytes --]
Hi James,
On 2/4/22 11:06, James Prestwood wrote:
> This was taken from IWD and modified slightly to act off a boolean
> rather than a 0xff/0x00 byte to stay consistent with l_secure_select
> ---
> ell/util.h | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/ell/util.h b/ell/util.h
> index 9d4e36c..d390d27 100644
> --- a/ell/util.h
> +++ b/ell/util.h
> @@ -425,6 +425,21 @@ static inline void l_secure_select(bool select_left,
> o[i] = r[i] ^ ((l[i] ^ r[i]) & mask);
> }
>
> +/*
> + * Returns either true_value or false_value (depending if mask is 0xFF or 0x00
> + * respectively).
> + * This constant time selection method allows to keep an identical memory
> + * access pattern.
> + */
> +static inline uint8_t l_secure_select_byte(bool select_true,
> + const uint8_t true_value,
> + const uint8_t false_value)
> +{
> + uint8_t mask = -(!!select_true);
> +
> + return (mask & true_value) | (~mask & false_value);
> +}
> +
Why not use secure_select from ell/useful.h ?
> #ifdef __cplusplus
> }
> #endif
>
Regards,
-Denis
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 4/5] util: add l_secure_select_byte
@ 2022-02-04 17:06 James Prestwood
0 siblings, 0 replies; 4+ messages in thread
From: James Prestwood @ 2022-02-04 17:06 UTC (permalink / raw)
To: ell
[-- Attachment #1: Type: text/plain, Size: 934 bytes --]
This was taken from IWD and modified slightly to act off a boolean
rather than a 0xff/0x00 byte to stay consistent with l_secure_select
---
ell/util.h | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/ell/util.h b/ell/util.h
index 9d4e36c..d390d27 100644
--- a/ell/util.h
+++ b/ell/util.h
@@ -425,6 +425,21 @@ static inline void l_secure_select(bool select_left,
o[i] = r[i] ^ ((l[i] ^ r[i]) & mask);
}
+/*
+ * Returns either true_value or false_value (depending if mask is 0xFF or 0x00
+ * respectively).
+ * This constant time selection method allows to keep an identical memory
+ * access pattern.
+ */
+static inline uint8_t l_secure_select_byte(bool select_true,
+ const uint8_t true_value,
+ const uint8_t false_value)
+{
+ uint8_t mask = -(!!select_true);
+
+ return (mask & true_value) | (~mask & false_value);
+}
+
#ifdef __cplusplus
}
#endif
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-02-04 18:16 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-04 18:16 [PATCH 4/5] util: add l_secure_select_byte Denis Kenzior
-- strict thread matches above, loose matches on Subject: below --
2022-02-04 17:51 James Prestwood
2022-02-04 17:35 Denis Kenzior
2022-02-04 17:06 James Prestwood
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).