diff --git a/library/bignum_core.c b/library/bignum_core.c index b401fa36c..c1da93d0a 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -540,4 +540,18 @@ cleanup: return( ret ); } +void mbedtls_mpi_core_ct_uint_table_lookup( mbedtls_mpi_uint *dest, + const mbedtls_mpi_uint *table, + size_t limbs, + size_t count, + size_t index ) +{ + for( size_t i = 0; i < count; i++ ) + { + unsigned char assign = mbedtls_ct_size_bool_eq( i, index ); + const mbedtls_mpi_uint *current = table + i * limbs; + mbedtls_mpi_core_cond_assign( dest, current, limbs, assign ); + } +} + #endif /* MBEDTLS_BIGNUM_C */ diff --git a/library/bignum_core.h b/library/bignum_core.h index 9a5b89fc6..3618e4200 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -452,4 +452,23 @@ void mbedtls_mpi_core_montmul( mbedtls_mpi_uint *X, int mbedtls_mpi_core_get_mont_r2_unsafe( mbedtls_mpi *X, const mbedtls_mpi *N ); +/** + * Select an MPI from a table without leaking the index. + * + * \param dest The destination buffer. This must point to a writable + * buffer of at least \p limbs limbs. + * \param table The address of the table. This must point to a readable + * array of \p count elements of + * \p limbs limbs each each. + * \param limbs The length of a table entry in limbs. + * \param count The number of elements in \p table. + * \param index The secret table index to look up. This must be in the + * range `0,..,count-1`. + */ +void mbedtls_mpi_core_ct_uint_table_lookup( mbedtls_mpi_uint *dest, + const mbedtls_mpi_uint *table, + size_t limbs, + size_t count, + size_t index ); + #endif /* MBEDTLS_BIGNUM_CORE_H */