[Gmp-commit] /var/hg/gmp: Make mpn_cnd_add_n and mpn_cnd_sub_n public.

mercurial at gmplib.org mercurial at gmplib.org
Tue Mar 26 09:01:09 CET 2013 

details:   /var/hg/gmp/rev/304af17b9ccc
changeset: 15646:304af17b9ccc
user:      Niels M?ller <nisse at lysator.liu.se>
date:      Tue Mar 26 09:01:06 2013 +0100
description:
Make mpn_cnd_add_n and mpn_cnd_sub_n public.

diffstat:

 ChangeLog    |   9 +++++++++
 doc/gmp.texi |  13 +++++++++++++
 gmp-h.in     |   5 +++++
 gmp-impl.h   |   4 ----
 4 files changed, 27 insertions(+), 4 deletions(-)

diffs (68 lines):

diff -r e909c2822f18 -r 304af17b9ccc ChangeLog
--- a/ChangeLog	Tue Mar 26 00:09:06 2013 +0100
+++ b/ChangeLog	Tue Mar 26 09:01:06 2013 +0100
@@ -1,3 +1,12 @@
+2013-03-26  Niels Möller  <nisse at lysator.liu.se>
+
+	Make mpn_cnd_add_n and mpn_cnd_sub_n public.
+	* doc/gmp.texi (Low-level Functions): Document mpn_cnd_add_n and
+	mpn_cnd_sub_n.
+	* gmp-h.in (mpn_cnd_add_n, mpn_cnd_sub_n): Moved prototypes
+	here...
+	* gmp-impl.h: ... from here.
+
 2013-03-26  Torbjorn Granlund  <tege at gmplib.org>
 
 	* mpn/x86/pentium4/sse2/cnd_add_n.asm: New file.
diff -r e909c2822f18 -r 304af17b9ccc doc/gmp.texi
--- a/doc/gmp.texi	Tue Mar 26 00:09:06 2013 +0100
+++ b/doc/gmp.texi	Tue Mar 26 09:01:06 2013 +0100
@@ -5654,6 +5654,19 @@
 Zero @{@var{rp}, @var{n}@}.
 @end deftypefun
 
+ at deftypefun void mpn_cnd_add_n (mp_limb_t @var{cnd}, mp_limb_t *@var{rp}, const mp_limb_t *@var{s1p}, const mp_limb_t *@var{s2p}, mp_size_t @var{n})
+ at deftypefunx void mpn_cnd_sub_n (mp_limb_t @var{cnd}, mp_limb_t *@var{rp}, const mp_limb_t *@var{s1p}, const mp_limb_t *@var{s2p}, mp_size_t @var{n})
+These functions do conditional addition and subtraction, and are intended for
+cryptographic applications where resilience to side-channel attacks is
+desired. If @var{cnd} is non-zero, they produce the same result as a regular
+ at code{mpn_add_n} or @code{mpn_sub_n}, and if @var{cnd} is zero, they copy
+@{@var{s1p}, at var{n}@} to the result area and return zero. The functions are
+designed to have timing and memory access patterns depending only on size and
+location of the data areas, but independent of the condition @var{cnd}. Like
+for @code{mpn_add_n} and @code{mpn_sub_n}, on most machines, the timing will
+also be independent of the actual limb values.
+ at end deftypefun
+
 @sp 1
 @section Nails
 @cindex Nails
diff -r e909c2822f18 -r 304af17b9ccc gmp-h.in
--- a/gmp-h.in	Tue Mar 26 00:09:06 2013 +0100
+++ b/gmp-h.in	Tue Mar 26 09:01:06 2013 +0100
@@ -1626,6 +1626,11 @@
 #define mpn_zero __MPN(zero)
 __GMP_DECLSPEC void mpn_zero (mp_ptr, mp_size_t);
 
+#define mpn_cnd_add_n __MPN(cnd_add_n)
+__GMP_DECLSPEC mp_limb_t mpn_cnd_add_n (mp_limb_t, mp_ptr, mp_srcptr, mp_srcptr, mp_size_t);
+#define mpn_cnd_sub_n __MPN(cnd_sub_n)
+__GMP_DECLSPEC mp_limb_t mpn_cnd_sub_n (mp_limb_t, mp_ptr, mp_srcptr, mp_srcptr, mp_size_t);
+
 /**************** mpz inlines ****************/
 
 /* The following are provided as inlines where possible, but always exist as
diff -r e909c2822f18 -r 304af17b9ccc gmp-impl.h
--- a/gmp-impl.h	Tue Mar 26 00:09:06 2013 +0100
+++ b/gmp-impl.h	Tue Mar 26 09:01:06 2013 +0100
@@ -1555,10 +1555,6 @@
 __GMP_DECLSPEC mp_size_t mpn_powm_sec_itch (mp_size_t, mp_size_t, mp_size_t);
 #define   mpn_tabselect __MPN(tabselect)
 __GMP_DECLSPEC void      mpn_tabselect (volatile mp_limb_t *, volatile mp_limb_t *, mp_size_t, mp_size_t, mp_size_t);
-#define   mpn_cnd_add_n __MPN(cnd_add_n)
-__GMP_DECLSPEC mp_limb_t mpn_cnd_add_n (mp_limb_t, mp_ptr, mp_srcptr, mp_srcptr, mp_size_t);
-#define   mpn_cnd_sub_n __MPN(cnd_sub_n)
-__GMP_DECLSPEC mp_limb_t mpn_cnd_sub_n (mp_limb_t, mp_ptr, mp_srcptr, mp_srcptr, mp_size_t);
 
 #define mpn_sb_div_qr_sec __MPN(sb_div_qr_sec)
 __GMP_DECLSPEC void mpn_sb_div_qr_sec (mp_ptr, mp_ptr, mp_size_t, mp_srcptr, mp_size_t, mp_ptr);

More information about the gmp-commit mailing list