mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-10-24 11:43:21 +08:00
Move mbedtls_ct_base64_dec_value function to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
@@ -109,35 +109,6 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Given a Base64 digit, return its value.
|
|
||||||
* If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'),
|
|
||||||
* return -1.
|
|
||||||
*
|
|
||||||
* The implementation assumes that letters are consecutive (e.g. ASCII
|
|
||||||
* but not EBCDIC).
|
|
||||||
*
|
|
||||||
* The implementation is constant-flow (no branch or memory access depending
|
|
||||||
* on the value of c) unless the compiler inlines and optimizes a specific
|
|
||||||
* access.
|
|
||||||
*/
|
|
||||||
MBEDTLS_STATIC_TESTABLE
|
|
||||||
signed char mbedtls_ct_base64_dec_value( unsigned char c )
|
|
||||||
{
|
|
||||||
unsigned char val = 0;
|
|
||||||
/* For each range of digits, if c is in that range, mask val with
|
|
||||||
* the corresponding value. Since c can only be in a single range,
|
|
||||||
* only at most one masking will change val. Set val to one plus
|
|
||||||
* the desired value so that it stays 0 if c is in none of the ranges. */
|
|
||||||
val |= mbedtls_ct_uchar_mask_of_range( 'A', 'Z', c ) & ( c - 'A' + 0 + 1 );
|
|
||||||
val |= mbedtls_ct_uchar_mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 );
|
|
||||||
val |= mbedtls_ct_uchar_mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 );
|
|
||||||
val |= mbedtls_ct_uchar_mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 );
|
|
||||||
val |= mbedtls_ct_uchar_mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 );
|
|
||||||
/* At this point, val is 0 if c is an invalid digit and v+1 if c is
|
|
||||||
* a digit with the value v. */
|
|
||||||
return( val - 1 );
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Decode a base64-formatted buffer
|
* Decode a base64-formatted buffer
|
||||||
*/
|
*/
|
||||||
|
@@ -344,6 +344,34 @@ unsigned char mbedtls_ct_base64_enc_char( unsigned char val )
|
|||||||
return( digit );
|
return( digit );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Given a Base64 digit, return its value.
|
||||||
|
* If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'),
|
||||||
|
* return -1.
|
||||||
|
*
|
||||||
|
* The implementation assumes that letters are consecutive (e.g. ASCII
|
||||||
|
* but not EBCDIC).
|
||||||
|
*
|
||||||
|
* The implementation is constant-flow (no branch or memory access depending
|
||||||
|
* on the value of c) unless the compiler inlines and optimizes a specific
|
||||||
|
* access.
|
||||||
|
*/
|
||||||
|
signed char mbedtls_ct_base64_dec_value( unsigned char c )
|
||||||
|
{
|
||||||
|
unsigned char val = 0;
|
||||||
|
/* For each range of digits, if c is in that range, mask val with
|
||||||
|
* the corresponding value. Since c can only be in a single range,
|
||||||
|
* only at most one masking will change val. Set val to one plus
|
||||||
|
* the desired value so that it stays 0 if c is in none of the ranges. */
|
||||||
|
val |= mbedtls_ct_uchar_mask_of_range( 'A', 'Z', c ) & ( c - 'A' + 0 + 1 );
|
||||||
|
val |= mbedtls_ct_uchar_mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 );
|
||||||
|
val |= mbedtls_ct_uchar_mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 );
|
||||||
|
val |= mbedtls_ct_uchar_mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 );
|
||||||
|
val |= mbedtls_ct_uchar_mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 );
|
||||||
|
/* At this point, val is 0 if c is an invalid digit and v+1 if c is
|
||||||
|
* a digit with the value v. */
|
||||||
|
return( val - 1 );
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* MBEDTLS_BASE64_C */
|
#endif /* MBEDTLS_BASE64_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
|
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
|
||||||
|
@@ -171,6 +171,8 @@ void mbedtls_ct_mpi_uint_cond_assign( size_t n,
|
|||||||
|
|
||||||
unsigned char mbedtls_ct_base64_enc_char( unsigned char val );
|
unsigned char mbedtls_ct_base64_enc_char( unsigned char val );
|
||||||
|
|
||||||
|
signed char mbedtls_ct_base64_dec_value( unsigned char c );
|
||||||
|
|
||||||
#endif /* MBEDTLS_BASE64_C */
|
#endif /* MBEDTLS_BASE64_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
|
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
|
||||||
|
Reference in New Issue
Block a user