From 8b6f982d3b562272423fd74fb583d22d6f0f2966 Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Tue, 16 Aug 2022 11:27:10 +0800 Subject: [PATCH] Updated is my code constant time? (markdown) --- is-my-code-constant-time?.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/is-my-code-constant-time?.md b/is-my-code-constant-time?.md index ec5055e..010b1b2 100644 --- a/is-my-code-constant-time?.md +++ b/is-my-code-constant-time?.md @@ -13,3 +13,37 @@ SM2 Key Exchange要去除big.Int依赖,看起来比ECDH困难得多,主要 ![image](https://user-images.githubusercontent.com/7235232/184781672-60fe4f00-8bab-42f0-960e-e47eb7d3d72f.png) + +来自[ipp-crypto](https://github.com/intel/ipp-crypto)的实现可供参考,待十月份取消golang 1.15后再考虑实现一个用于TLCP的不用big.Int的SM2 Key Exchange。 + +```c +/** + * @brief + * reduction for the SM2 Key Exchange standard + * x` = 2^w + (x & (2^w – 1)) + * when + * w = log2(n)/2 - 1, n - number bytes order + * @param[out] r reduction value x` + * @param[in] a value x + * @param[in] pEC context Elliptic Curve + */ +__INLINE void cpSM2KE_reduction_x2w(BNU_CHUNK_T *r, const BNU_CHUNK_T *a, const IppsGFpECState *pEC) +{ + const gsModEngine *pME = GFP_PMA(ECP_GFP(pEC)); + + const int elemBits = GFP_FEBITLEN(pME); /* size Bits */ + const int elemSize = GFP_FELEN(pME); /* size BNU_CHUNK */ + /* compute w = [log2(n)/2 - 1] */ + const int w = ((elemBits + 1) / 2 - 1); + + /* compute copy BNU_CHUNK */ + const int num_copy_bc = (w + (BNU_CHUNK_BITS - 1)) / BNU_CHUNK_BITS; // 2 + const int num_bit_shift = (w - (num_copy_bc - 1) * BNU_CHUNK_BITS); // 63 + const BNU_CHUNK_T vadd = (BNU_CHUNK_T)(1ULL << num_bit_shift); // 1<<63 = 0x8000000000000000 + const BNU_CHUNK_T mask = (BNU_CHUNK_T)(vadd - 1); // 0x7fffffffffffffff + + ZEXPAND_COPY_BNU(r, elemSize, a, num_copy_bc); // copy 2 64 bits of a to r + r[num_copy_bc - 1] = (r[num_copy_bc - 1] & mask) + vadd; + return; +} +``` \ No newline at end of file