diff options
| author | Filippo Valsorda <filippo@golang.org> | 2024-11-03 13:44:20 +0100 |
|---|---|---|
| committer | Filippo Valsorda <filippo@golang.org> | 2024-11-18 16:40:20 +0000 |
| commit | e689a7c8e8ed6c690adec8a125b242608a3c0815 (patch) | |
| tree | bc958bf8720e7f6773c96239b5dd9e083d58dd93 /src/crypto/internal | |
| parent | 15b7046309b6d8e8ab411272d4320e51fe6dfd7d (diff) | |
| download | go-e689a7c8e8ed6c690adec8a125b242608a3c0815.tar.xz | |
crypto/internal/fips/subtle: move constant time functions from crypto/subtle
Change-Id: I267a3cac168fc0366fafac4c26e6a80ca545436a
Reviewed-on: https://go-review.googlesource.com/c/go/+/624755
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Diffstat (limited to 'src/crypto/internal')
| -rw-r--r-- | src/crypto/internal/fips/subtle/constant_time.go | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/src/crypto/internal/fips/subtle/constant_time.go b/src/crypto/internal/fips/subtle/constant_time.go new file mode 100644 index 0000000000..9fd3923e76 --- /dev/null +++ b/src/crypto/internal/fips/subtle/constant_time.go @@ -0,0 +1,60 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package subtle + +// ConstantTimeCompare returns 1 if the two slices, x and y, have equal contents +// and 0 otherwise. The time taken is a function of the length of the slices and +// is independent of the contents. If the lengths of x and y do not match it +// returns 0 immediately. +func ConstantTimeCompare(x, y []byte) int { + if len(x) != len(y) { + return 0 + } + + var v byte + + for i := 0; i < len(x); i++ { + v |= x[i] ^ y[i] + } + + return ConstantTimeByteEq(v, 0) +} + +// ConstantTimeSelect returns x if v == 1 and y if v == 0. +// Its behavior is undefined if v takes any other value. +func ConstantTimeSelect(v, x, y int) int { return ^(v-1)&x | (v-1)&y } + +// ConstantTimeByteEq returns 1 if x == y and 0 otherwise. +func ConstantTimeByteEq(x, y uint8) int { + return int((uint32(x^y) - 1) >> 31) +} + +// ConstantTimeEq returns 1 if x == y and 0 otherwise. +func ConstantTimeEq(x, y int32) int { + return int((uint64(uint32(x^y)) - 1) >> 63) +} + +// ConstantTimeCopy copies the contents of y into x (a slice of equal length) +// if v == 1. If v == 0, x is left unchanged. Its behavior is undefined if v +// takes any other value. +func ConstantTimeCopy(v int, x, y []byte) { + if len(x) != len(y) { + panic("subtle: slices have different lengths") + } + + xmask := byte(v - 1) + ymask := byte(^(v - 1)) + for i := 0; i < len(x); i++ { + x[i] = x[i]&xmask | y[i]&ymask + } +} + +// ConstantTimeLessOrEq returns 1 if x <= y and 0 otherwise. +// Its behavior is undefined if x or y are negative or > 2**31 - 1. +func ConstantTimeLessOrEq(x, y int) int { + x32 := int32(x) + y32 := int32(y) + return int(((x32 - y32 - 1) >> 31) & 1) +} |