diff options
| author | Niels M?ller <nisse@lysator.liu.se> | 2013-03-26 09:01:06 +0100 |
|---|---|---|
| committer | Niels M?ller <nisse@lysator.liu.se> | 2013-03-26 09:01:06 +0100 |
| commit | 30453e023ab2973f91e4c850d016e01357195dfd (patch) | |
| tree | 5ad922e4ae0a8c323ee31808ee1c64697795a769 | |
| parent | b06ad1e4630232da3f9af0100769d7345ee01ab1 (diff) | |
| download | gmp-30453e023ab2973f91e4c850d016e01357195dfd.tar.gz | |
Make mpn_cnd_add_n and mpn_cnd_sub_n public.
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | doc/gmp.texi | 13 | ||||
| -rw-r--r-- | gmp-h.in | 5 | ||||
| -rw-r--r-- | gmp-impl.h | 4 |
4 files changed, 27 insertions, 4 deletions
@@ -1,3 +1,12 @@ +2013-03-26 Niels Möller <nisse@lysator.liu.se> + + Make mpn_cnd_add_n and mpn_cnd_sub_n public. + * doc/gmp.texi (Low-level Functions): Document mpn_cnd_add_n and + mpn_cnd_sub_n. + * gmp-h.in (mpn_cnd_add_n, mpn_cnd_sub_n): Moved prototypes + here... + * gmp-impl.h: ... from here. + 2013-03-26 Torbjorn Granlund <tege@gmplib.org> * mpn/x86/pentium4/sse2/cnd_add_n.asm: New file. diff --git a/doc/gmp.texi b/doc/gmp.texi index 6d49a2730..37e4bb772 100644 --- a/doc/gmp.texi +++ b/doc/gmp.texi @@ -5654,6 +5654,19 @@ Copy from @{@var{s1p}, @var{n}@} to @{@var{rp}, @var{n}@}, decreasingly. Zero @{@var{rp}, @var{n}@}. @end deftypefun +@deftypefun void mpn_cnd_add_n (mp_limb_t @var{cnd}, mp_limb_t *@var{rp}, const mp_limb_t *@var{s1p}, const mp_limb_t *@var{s2p}, mp_size_t @var{n}) +@deftypefunx void mpn_cnd_sub_n (mp_limb_t @var{cnd}, mp_limb_t *@var{rp}, const mp_limb_t *@var{s1p}, const mp_limb_t *@var{s2p}, mp_size_t @var{n}) +These functions do conditional addition and subtraction, and are intended for +cryptographic applications where resilience to side-channel attacks is +desired. If @var{cnd} is non-zero, they produce the same result as a regular +@code{mpn_add_n} or @code{mpn_sub_n}, and if @var{cnd} is zero, they copy +@{@var{s1p},@var{n}@} to the result area and return zero. The functions are +designed to have timing and memory access patterns depending only on size and +location of the data areas, but independent of the condition @var{cnd}. Like +for @code{mpn_add_n} and @code{mpn_sub_n}, on most machines, the timing will +also be independent of the actual limb values. +@end deftypefun + @sp 1 @section Nails @cindex Nails @@ -1626,6 +1626,11 @@ __GMP_DECLSPEC void mpn_copyd (mp_ptr, mp_srcptr, mp_size_t); #define mpn_zero __MPN(zero) __GMP_DECLSPEC void mpn_zero (mp_ptr, mp_size_t); +#define mpn_cnd_add_n __MPN(cnd_add_n) +__GMP_DECLSPEC mp_limb_t mpn_cnd_add_n (mp_limb_t, mp_ptr, mp_srcptr, mp_srcptr, mp_size_t); +#define mpn_cnd_sub_n __MPN(cnd_sub_n) +__GMP_DECLSPEC mp_limb_t mpn_cnd_sub_n (mp_limb_t, mp_ptr, mp_srcptr, mp_srcptr, mp_size_t); + /**************** mpz inlines ****************/ /* The following are provided as inlines where possible, but always exist as diff --git a/gmp-impl.h b/gmp-impl.h index 0dd581296..43de7c8da 100644 --- a/gmp-impl.h +++ b/gmp-impl.h @@ -1555,10 +1555,6 @@ __GMP_DECLSPEC void mpn_powm_sec (mp_ptr, mp_srcptr, mp_size_t, mp_srcptr, __GMP_DECLSPEC mp_size_t mpn_powm_sec_itch (mp_size_t, mp_size_t, mp_size_t); #define mpn_tabselect __MPN(tabselect) __GMP_DECLSPEC void mpn_tabselect (volatile mp_limb_t *, volatile mp_limb_t *, mp_size_t, mp_size_t, mp_size_t); -#define mpn_cnd_add_n __MPN(cnd_add_n) -__GMP_DECLSPEC mp_limb_t mpn_cnd_add_n (mp_limb_t, mp_ptr, mp_srcptr, mp_srcptr, mp_size_t); -#define mpn_cnd_sub_n __MPN(cnd_sub_n) -__GMP_DECLSPEC mp_limb_t mpn_cnd_sub_n (mp_limb_t, mp_ptr, mp_srcptr, mp_srcptr, mp_size_t); #define mpn_sb_div_qr_sec __MPN(sb_div_qr_sec) __GMP_DECLSPEC void mpn_sb_div_qr_sec (mp_ptr, mp_ptr, mp_size_t, mp_srcptr, mp_size_t, mp_ptr); |