Lines Matching +defs:a +defs:b

5  * this file except in compliance with the License.  You can obtain a copy
19 * The boolean methods return a bitmask of all ones (0xff...f) for true
20 * and 0 for false. This is useful for choosing a value based on the result
21 * of a conditional in constant time. For example,
22 * if (a < b) {
23 * c = a;
25 * c = b;
28 * unsigned int lt = constant_time_lt(a, b);
29 * c = constant_time_select(lt, a, b);
33 static ossl_inline unsigned int constant_time_msb(unsigned int a);
35 static ossl_inline uint32_t constant_time_msb_32(uint32_t a);
37 static ossl_inline uint64_t constant_time_msb_64(uint64_t a);
39 /* Returns 0xff..f if a < b and 0 otherwise. */
40 static ossl_inline unsigned int constant_time_lt(unsigned int a,
41 unsigned int b);
43 static ossl_inline unsigned char constant_time_lt_8(unsigned int a,
44 unsigned int b);
46 static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b);
48 /* Returns 0xff..f if a >= b and 0 otherwise. */
49 static ossl_inline unsigned int constant_time_ge(unsigned int a,
50 unsigned int b);
52 static ossl_inline unsigned char constant_time_ge_8(unsigned int a,
53 unsigned int b);
55 /* Returns 0xff..f if a == 0 and 0 otherwise. */
56 static ossl_inline unsigned int constant_time_is_zero(unsigned int a);
58 static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a);
59 /* Convenience method for getting a 32-bit mask. */
60 static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a);
62 /* Returns 0xff..f if a == b and 0 otherwise. */
63 static ossl_inline unsigned int constant_time_eq(unsigned int a,
64 unsigned int b);
66 static ossl_inline unsigned char constant_time_eq_8(unsigned int a,
67 unsigned int b);
69 static ossl_inline unsigned int constant_time_eq_int(int a, int b);
71 static ossl_inline unsigned char constant_time_eq_int_8(int a, int b);
74 * Returns (mask & a) | (~mask & b).
77 * the select methods return either |a| (if |mask| is nonzero) or |b|
81 unsigned int a,
82 unsigned int b);
85 unsigned char a,
86 unsigned char b);
89 static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
90 uint32_t b);
93 static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
94 uint64_t b);
96 static ossl_inline int constant_time_select_int(unsigned int mask, int a,
97 int b);
100 static ossl_inline unsigned int constant_time_msb(unsigned int a)
102 return 0 - (a >> (sizeof(a) * 8 - 1));
106 static ossl_inline uint32_t constant_time_msb_32(uint32_t a)
108 return 0 - (a >> 31);
111 static ossl_inline uint64_t constant_time_msb_64(uint64_t a)
113 return 0 - (a >> 63);
116 static ossl_inline size_t constant_time_msb_s(size_t a)
118 return 0 - (a >> (sizeof(a) * 8 - 1));
121 static ossl_inline unsigned int constant_time_lt(unsigned int a,
122 unsigned int b)
124 return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b)));
127 static ossl_inline size_t constant_time_lt_s(size_t a, size_t b)
129 return constant_time_msb_s(a ^ ((a ^ b) | ((a - b) ^ b)));
132 static ossl_inline unsigned char constant_time_lt_8(unsigned int a,
133 unsigned int b)
135 return (unsigned char)constant_time_lt(a, b);
138 static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b)
140 return constant_time_msb_64(a ^ ((a ^ b) | ((a - b) ^ b)));
144 static ossl_inline BN_ULONG constant_time_msb_bn(BN_ULONG a)
146 return 0 - (a >> (sizeof(a) * 8 - 1));
149 static ossl_inline BN_ULONG constant_time_lt_bn(BN_ULONG a, BN_ULONG b)
151 return constant_time_msb_bn(a ^ ((a ^ b) | ((a - b) ^ b)));
154 static ossl_inline BN_ULONG constant_time_is_zero_bn(BN_ULONG a)
156 return constant_time_msb_bn(~a & (a - 1));
159 static ossl_inline BN_ULONG constant_time_eq_bn(BN_ULONG a,
160 BN_ULONG b)
162 return constant_time_is_zero_bn(a ^ b);
166 static ossl_inline unsigned int constant_time_ge(unsigned int a,
167 unsigned int b)
169 return ~constant_time_lt(a, b);
172 static ossl_inline size_t constant_time_ge_s(size_t a, size_t b)
174 return ~constant_time_lt_s(a, b);
177 static ossl_inline unsigned char constant_time_ge_8(unsigned int a,
178 unsigned int b)
180 return (unsigned char)constant_time_ge(a, b);
183 static ossl_inline unsigned char constant_time_ge_8_s(size_t a, size_t b)
185 return (unsigned char)constant_time_ge_s(a, b);
188 static ossl_inline unsigned int constant_time_is_zero(unsigned int a)
190 return constant_time_msb(~a & (a - 1));
193 static ossl_inline size_t constant_time_is_zero_s(size_t a)
195 return constant_time_msb_s(~a & (a - 1));
198 static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a)
200 return (unsigned char)constant_time_is_zero(a);
203 static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a)
205 return constant_time_msb_32(~a & (a - 1));
208 static ossl_inline uint64_t constant_time_is_zero_64(uint64_t a)
210 return constant_time_msb_64(~a & (a - 1));
213 static ossl_inline unsigned int constant_time_eq(unsigned int a,
214 unsigned int b)
216 return constant_time_is_zero(a ^ b);
219 static ossl_inline size_t constant_time_eq_s(size_t a, size_t b)
221 return constant_time_is_zero_s(a ^ b);
224 static ossl_inline unsigned char constant_time_eq_8(unsigned int a,
225 unsigned int b)
227 return (unsigned char)constant_time_eq(a, b);
230 static ossl_inline unsigned char constant_time_eq_8_s(size_t a, size_t b)
232 return (unsigned char)constant_time_eq_s(a, b);
235 static ossl_inline unsigned int constant_time_eq_int(int a, int b)
237 return constant_time_eq((unsigned)(a), (unsigned)(b));
240 static ossl_inline unsigned char constant_time_eq_int_8(int a, int b)
242 return constant_time_eq_8((unsigned)(a), (unsigned)(b));
250 * and turning it into a conditional load or branch.
252 static ossl_inline unsigned int value_barrier(unsigned int a)
256 __asm__("" : "=r"(r) : "0"(a));
258 volatile unsigned int r = a;
264 static ossl_inline uint32_t value_barrier_32(uint32_t a)
268 __asm__("" : "=r"(r) : "0"(a));
270 volatile uint32_t r = a;
276 static ossl_inline uint64_t value_barrier_64(uint64_t a)
280 __asm__("" : "=r"(r) : "0"(a));
282 volatile uint64_t r = a;
288 static ossl_inline size_t value_barrier_s(size_t a)
292 __asm__("" : "=r"(r) : "0"(a));
294 volatile size_t r = a;
300 unsigned int a,
301 unsigned int b)
303 return (value_barrier(mask) & a) | (value_barrier(~mask) & b);
307 size_t a,
308 size_t b)
310 return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b);
314 unsigned char a,
315 unsigned char b)
317 return (unsigned char)constant_time_select(mask, a, b);
320 static ossl_inline int constant_time_select_int(unsigned int mask, int a,
321 int b)
323 return (int)constant_time_select(mask, (unsigned)(a), (unsigned)(b));
326 static ossl_inline int constant_time_select_int_s(size_t mask, int a, int b)
328 return (int)constant_time_select((unsigned)mask, (unsigned)(a),
329 (unsigned)(b));
332 static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
333 uint32_t b)
335 return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b);
338 static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
339 uint64_t b)
341 return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b);
348 * uint32_t tmp = *a;
350 * *a = *b;
351 * *b = tmp;
354 static ossl_inline void constant_time_cond_swap_32(uint32_t mask, uint32_t *a,
355 uint32_t *b)
357 uint32_t xor = *a ^ *b;
360 *a ^= xor;
361 *b ^= xor;
368 * uint64_t tmp = *a;
370 * *a = *b;
371 * *b = tmp;
374 static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a,
375 uint64_t *b)
377 uint64_t xor = *a ^ *b;
380 *a ^= xor;
381 *b ^= xor;
391 * memcpy(tmp, a, len);
392 * memcpy(a, b);
393 * memcpy(b, tmp);
397 unsigned char *a,
398 unsigned char *b,
405 tmp = a[i] ^ b[i];
407 a[i] ^= tmp;
408 b[i] ^= tmp;
413 * table is a two dimensional array of bytes. Each row has rowsize elements.