From 200708d30a5bb1d185902d82be206c8230f7c2aa Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 15 Nov 2021 16:18:54 +0100 Subject: [PATCH] Move mbedtls_ct_base64_enc_char function to the constant-time module Signed-off-by: Gabor Mezei --- library/base64.c | 20 +------------------- library/constant_time.c | 22 ++++++++++++++++++++++ library/constant_time_internal.h | 6 ++++++ 3 files changed, 29 insertions(+), 19 deletions(-) diff --git a/library/base64.c b/library/base64.c index 2c4df8338..f1a605501 100644 --- a/library/base64.c +++ b/library/base64.c @@ -23,6 +23,7 @@ #include "mbedtls/base64.h" #include "base64_invasive.h" +#include "constant_time_internal.h" #include @@ -38,25 +39,6 @@ #define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ -/* Given a value in the range 0..63, return the corresponding Base64 digit. - * The implementation assumes that letters are consecutive (e.g. ASCII - * but not EBCDIC). - */ -MBEDTLS_STATIC_TESTABLE -unsigned char mbedtls_ct_base64_enc_char( unsigned char val ) -{ - unsigned char digit = 0; - /* For each range of values, if val is in that range, mask digit with - * the corresponding value. Since val can only be in a single range, - * only at most one masking will change digit. */ - digit |= mbedtls_ct_uchar_mask_of_range( 0, 25, val ) & ( 'A' + val ); - digit |= mbedtls_ct_uchar_mask_of_range( 26, 51, val ) & ( 'a' + val - 26 ); - digit |= mbedtls_ct_uchar_mask_of_range( 52, 61, val ) & ( '0' + val - 52 ); - digit |= mbedtls_ct_uchar_mask_of_range( 62, 62, val ) & '+'; - digit |= mbedtls_ct_uchar_mask_of_range( 63, 63, val ) & '/'; - return( digit ); -} - /* * Encode a buffer into base64 format */ diff --git a/library/constant_time.c b/library/constant_time.c index 890041504..cdaa7fad9 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -324,6 +324,28 @@ void mbedtls_ct_mpi_uint_cond_assign( size_t n, #endif /* MBEDTLS_BIGNUM_C */ +#if defined(MBEDTLS_BASE64_C) + +/* Given a value in the range 0..63, return the corresponding Base64 digit. + * The implementation assumes that letters are consecutive (e.g. ASCII + * but not EBCDIC). + */ +unsigned char mbedtls_ct_base64_enc_char( unsigned char val ) +{ + unsigned char digit = 0; + /* For each range of values, if val is in that range, mask digit with + * the corresponding value. Since val can only be in a single range, + * only at most one masking will change digit. */ + digit |= mbedtls_ct_uchar_mask_of_range( 0, 25, val ) & ( 'A' + val ); + digit |= mbedtls_ct_uchar_mask_of_range( 26, 51, val ) & ( 'a' + val - 26 ); + digit |= mbedtls_ct_uchar_mask_of_range( 52, 61, val ) & ( '0' + val - 52 ); + digit |= mbedtls_ct_uchar_mask_of_range( 62, 62, val ) & '+'; + digit |= mbedtls_ct_uchar_mask_of_range( 63, 63, val ) & '/'; + return( digit ); +} + +#endif /* MBEDTLS_BASE64_C */ + #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) /** Shift some data towards the left inside a buffer. diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 69cd09209..f0286221a 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -167,6 +167,12 @@ void mbedtls_ct_mpi_uint_cond_assign( size_t n, #endif /* MBEDTLS_BIGNUM_C */ +#if defined(MBEDTLS_BASE64_C) + +unsigned char mbedtls_ct_base64_enc_char( unsigned char val ); + +#endif /* MBEDTLS_BASE64_C */ + #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) /** Conditional memcpy without branches.