#include #include #include "verify.h" /************************************************* * Name: verify * * Description: Compare two arrays for equality in constant time. * * Arguments: const uint8_t *a: pointer to first byte array * const uint8_t *b: pointer to second byte array * size_t len: length of the byte arrays * * Returns 0 if the byte arrays are equal, 1 otherwise **************************************************/ int verify(const uint8_t *a, const uint8_t *b, size_t len) { size_t i; uint8_t r = 0; for(i=0;i> 63; } /************************************************* * Name: cmov * * Description: Copy len bytes from x to r if b is 1; * don't modify x if b is 0. Requires b to be in {0,1}; * assumes two's complement representation of negative integers. * Runs in constant time. * * Arguments: uint8_t *r: pointer to output byte array * const uint8_t *x: pointer to input byte array * size_t len: Amount of bytes to be copied * uint8_t b: Condition bit; has to be in {0,1} **************************************************/ void cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b) { size_t i; #if defined(__GNUC__) || defined(__clang__) // Prevent the compiler from // 1) inferring that b is 0/1-valued, and // 2) handling the two cases with a branch. // This is not necessary when verify.c and kem.c are separate translation // units, but we expect that downstream consumers will copy this code and/or // change how it is built. __asm__("" : "+r"(b) : /* no inputs */); #endif b = -b; for(i=0;i