add copy_or_zeromem()

src/encauth/ccm/ccm_memory.c

@@ -51,10 +51,6 @@ int ccm_memory(int cipher,
    symmetric_key *skey;
    int            err;
    unsigned long  len, L, x, y, z, CTRlen;
-#ifdef LTC_FAST
-   LTC_FAST_TYPE fastMask = ~0; /* initialize fastMask at all zeroes */
-#endif
-   unsigned char mask = 0xff; /* initialize mask at all zeroes */
 
    if (uskey == NULL) {
       LTC_ARGCHK(key    != NULL);
@@ -360,29 +356,11 @@ int ccm_memory(int cipher,
 
       /* Zero the plaintext if the tag was invalid (in constant time) */
       if (ptlen > 0) {
-         y = 0;
-         mask *= 1 - err; /* mask = ( err ? 0 : 0xff ) */
-#ifdef LTC_FAST
-         fastMask *= 1 - err;
-         if (ptlen & ~15) {
-            for (; y < (ptlen & ~15); y += 16) {
-              for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
-                *(LTC_FAST_TYPE_PTR_CAST(&pt_real[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])) & fastMask;
-              }
-            }
-         }
-#endif
-         for (; y < ptlen; y++) {
-            pt_real[y] = pt[y] & mask;
-         }
+         copy_or_zeromem(pt, pt_real, ptlen, err);
       }
    }
 
 #ifdef LTC_CLEAN_STACK
-#ifdef LTC_FAST
-   fastMask = 0;
-#endif
-   mask = 0;
    zeromem(PAD,    sizeof(PAD));
    zeromem(CTRPAD, sizeof(CTRPAD));
    if (pt_work != NULL) {

src/headers/tomcrypt_misc.h

@@ -72,6 +72,9 @@ int hkdf(int hash_idx,
 /* ---- MEM routines ---- */
 int mem_neq(const void *a, const void *b, size_t len);
 void zeromem(volatile void *dst, size_t len);
+#ifdef LTC_SOURCE
+void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz);
+#endif
 void burn_stack(unsigned long len);
 
 const char *error_to_string(int err);

src/misc/copy_or_zeromem.c

@@ -0,0 +1,61 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+#include "tomcrypt.h"
+
+/**
+   @file copy_or_zeromem.c
+   Either copy or zero a block of memory in constant time, Steffen Jaeckel
+*/
+
+/**
+   Either copy or zero a block of memory in constant time
+   @param src    The source where to read from
+   @param dest   The destination where to write to
+   @param len    The length of the area to process (octets)
+   @param coz    Copy (on 0) Or Zero (> 0)
+*/
+void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz)
+{
+   unsigned long y;
+#ifdef LTC_FAST
+   unsigned long z;
+   LTC_FAST_TYPE fastMask = ~0; /* initialize fastMask at all ones */
+#endif
+   unsigned char mask = 0xff; /* initialize mask at all ones */
+
+   LTC_ARGCHK(src  != NULL);
+   LTC_ARGCHK(dest != NULL);
+
+   if (coz != 0) coz = 1;
+   y = 0;
+   mask *= 1 - coz; /* mask = ( coz ? 0 : 0xff ) */
+#ifdef LTC_FAST
+   fastMask *= 1 - coz;
+   if (len & ~15) {
+      for (; y < (len & ~15); y += 16) {
+        for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
+          *(LTC_FAST_TYPE_PTR_CAST(&dest[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&src[y+z])) & fastMask;
+        }
+      }
+   }
+#endif
+   for (; y < len; y++) {
+      dest[y] = src[y] & mask;
+   }
+#ifdef LTC_CLEAN_STACK
+#ifdef LTC_FAST
+   fastMask = 0;
+#endif
+   mask = 0;
+#endif
+}
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */