TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fbe74a9e51d82f8d81e715cd4a681ef7f7376ce6^! / . / library
commitfbe74a9e51d82f8d81e715cd4a681ef7f7376ce6[log] [tgz]
authorDave Rodgman <dave.rodgman@arm.com>Fri Sep 22 09:43:49 2023 +0100
committerDave Rodgman <dave.rodgman@arm.com>Fri Sep 22 09:58:25 2023 +0100
treecd6a0db444439745b9e8840211e4a6c06312933c
parent9d0869140ba9c725c35b6181b58df2307d3c55fb [diff]
Add mbedtls_ct_error_if, with tests

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h
index 513f146..d275085 100644
--- a/library/constant_time_impl.h
+++ b/library/constant_time_impl.h

@@ -331,7 +331,6 @@
     return (unsigned char) (~(low_mask | high_mask)) & to;
 }
 
-
 /* ============================================================================
  * Everything below here is trivial wrapper functions
  */
@@ -397,6 +396,17 @@
 
 #endif /* MBEDTLS_BIGNUM_C */
 
+static inline int mbedtls_ct_error_if(mbedtls_ct_condition_t condition, int if1, int if0)
+{
+    return -((int) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) (-if1),
+                                 (mbedtls_ct_uint_t) (-if0)));
+}
+
+static inline int mbedtls_ct_error_if_else_0(mbedtls_ct_condition_t condition, int if1)
+{
+    return -((int) (condition & (-if1)));
+}
+
 static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x,
                                                         mbedtls_ct_uint_t y)
 {

diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index d3d8945..3731107 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h

@@ -411,6 +411,35 @@
                                                          unsigned char c,
                                                          unsigned char t);
 
+/** Choose between two error values. The values must be in the range [-32767..0].
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : if0.
+ *
+ * \param condition     Condition to test.
+ * \param if1           Value to use if \p condition == MBEDTLS_CT_TRUE.
+ * \param if0           Value to use if \p condition == MBEDTLS_CT_FALSE.
+ *
+ * \return  \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise \c if0.
+ */
+static inline int mbedtls_ct_error_if(mbedtls_ct_condition_t condition, int if1, int if0);
+
+/** Choose between an error value and 0. The error value must be in the range [-32767..0].
+ *
+ * Functionally equivalent to:
+ *
+ * condition ? if1 : 0.
+ *
+ * Functionally equivalent to mbedtls_ct_error_if(condition, if1, 0) but
+ * results in smaller code size.
+ *
+ * \param condition     Condition to test.
+ * \param if1           Value to use if \p condition == MBEDTLS_CT_TRUE.
+ *
+ * \return  \c if1 if \p condition == MBEDTLS_CT_TRUE, otherwise 0.
+ */
+static inline int mbedtls_ct_error_if_else_0(mbedtls_ct_condition_t condition, int if1);
 
 /* ============================================================================
  * Block memory operations