mirror of
https://github.com/emmansun/gmsm.git
synced 2025-04-27 04:36:19 +08:00
subtle: align byte equal alg
This commit is contained in:
parent
5b1df00c92
commit
2c688bb9d3
@ -51,7 +51,7 @@ func (c *sm2Curve) NewPrivateKey(key []byte) (*PrivateKey, error) {
|
||||
if len(key) != len(c.scalarOrderMinus1) {
|
||||
return nil, errors.New("ecdh: invalid private key size")
|
||||
}
|
||||
if subtle.ConstantTimeAllZero(key) || !isLess(key, c.scalarOrderMinus1) {
|
||||
if subtle.ConstantTimeAllZero(key) == 1 || !isLess(key, c.scalarOrderMinus1) {
|
||||
return nil, errInvalidPrivateKey
|
||||
}
|
||||
return &PrivateKey{
|
||||
|
@ -1,9 +1,9 @@
|
||||
package subtle
|
||||
|
||||
func ConstantTimeAllZero(bytes []byte) bool {
|
||||
func ConstantTimeAllZero(bytes []byte) int {
|
||||
var b uint8
|
||||
for _, v := range bytes {
|
||||
b |= v
|
||||
}
|
||||
return b == 0
|
||||
return int((uint32(b) - 1) >> 31)
|
||||
}
|
||||
|
@ -1,6 +1,9 @@
|
||||
package subtle
|
||||
|
||||
import "testing"
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestConstantTimeAllZero(t *testing.T) {
|
||||
type args struct {
|
||||
@ -9,10 +12,10 @@ func TestConstantTimeAllZero(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
want bool
|
||||
want int
|
||||
}{
|
||||
{"all zero", args{[]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0}}, true},
|
||||
{"not all zero", args{[]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 1}}, false},
|
||||
{"all zero", args{[]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0}}, 1},
|
||||
{"not all zero", args{[]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 1}}, 0},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
@ -22,3 +25,17 @@ func TestConstantTimeAllZero(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkConstantTimeAllZero(b *testing.B) {
|
||||
data := make([]byte, 1<<15)
|
||||
sizes := []int64{1 << 3, 1 << 4, 1 << 5, 1 << 7, 1 << 11, 1 << 13, 1 << 15}
|
||||
for _, size := range sizes {
|
||||
b.Run(fmt.Sprintf("%dBytes", size), func(b *testing.B) {
|
||||
s0 := data[:size]
|
||||
b.SetBytes(int64(size))
|
||||
for i := 0; i < b.N; i++ {
|
||||
ConstantTimeAllZero(s0)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
@ -251,7 +251,7 @@ func encryptSM2EC(c *sm2Curve, pub *ecdsa.PublicKey, random io.Reader, msg []byt
|
||||
}
|
||||
C2Bytes := C2.Bytes()[1:]
|
||||
c2 := sm3.Kdf(C2Bytes, len(msg))
|
||||
if subtle.ConstantTimeAllZero(c2) {
|
||||
if subtle.ConstantTimeAllZero(c2) == 1 {
|
||||
retryCount++
|
||||
if retryCount > maxRetryLimit {
|
||||
return nil, fmt.Errorf("sm2: A5, failed to calculate valid t, tried %v times", retryCount)
|
||||
@ -424,7 +424,7 @@ func decryptSM2EC(c *sm2Curve, priv *PrivateKey, ciphertext []byte, opts *Decryp
|
||||
C2Bytes := C2.Bytes()[1:]
|
||||
msgLen := len(c2)
|
||||
msg := sm3.Kdf(C2Bytes, msgLen)
|
||||
if subtle.ConstantTimeAllZero(c2) {
|
||||
if subtle.ConstantTimeAllZero(c2) == 1 {
|
||||
return nil, ErrDecryption
|
||||
}
|
||||
|
||||
|
@ -260,7 +260,7 @@ func encryptLegacy(random io.Reader, pub *ecdsa.PublicKey, msg []byte, opts *Enc
|
||||
|
||||
//A5, calculate t=KDF(x2||y2, klen)
|
||||
c2 := sm3.Kdf(append(toBytes(curve, x2), toBytes(curve, y2)...), msgLen)
|
||||
if subtle.ConstantTimeAllZero(c2) {
|
||||
if subtle.ConstantTimeAllZero(c2) == 1 {
|
||||
retryCount++
|
||||
if retryCount > maxRetryLimit {
|
||||
return nil, fmt.Errorf("sm2: A5, failed to calculate valid t, tried %v times", retryCount)
|
||||
@ -408,7 +408,7 @@ func rawDecrypt(priv *PrivateKey, x1, y1 *big.Int, c2, c3 []byte) ([]byte, error
|
||||
x2, y2 := curve.ScalarMult(x1, y1, priv.D.Bytes())
|
||||
msgLen := len(c2)
|
||||
msg := sm3.Kdf(append(toBytes(curve, x2), toBytes(curve, y2)...), msgLen)
|
||||
if subtle.ConstantTimeAllZero(c2) {
|
||||
if subtle.ConstantTimeAllZero(c2) == 1 {
|
||||
return nil, ErrDecryption
|
||||
}
|
||||
|
||||
|
@ -317,7 +317,7 @@ func WrapKey(rand io.Reader, pub *EncryptMasterPublicKey, uid []byte, hid byte,
|
||||
buffer = append(buffer, uid...)
|
||||
|
||||
key = sm3.Kdf(buffer, kLen)
|
||||
if !subtle.ConstantTimeAllZero(key) {
|
||||
if subtle.ConstantTimeAllZero(key) == 0 {
|
||||
break
|
||||
}
|
||||
}
|
||||
@ -403,7 +403,7 @@ func UnwrapKey(priv *EncryptPrivateKey, uid []byte, cipher *bn256.G1, kLen int)
|
||||
buffer = append(buffer, uid...)
|
||||
|
||||
key := sm3.Kdf(buffer, kLen)
|
||||
if subtle.ConstantTimeAllZero(key) {
|
||||
if subtle.ConstantTimeAllZero(key) == 1 {
|
||||
return nil, ErrDecryption
|
||||
}
|
||||
return key, nil
|
||||
|
Loading…
x
Reference in New Issue
Block a user