Constant-time GF multiplication

peterdettman · peterdettman · commit 6cc4a1614564 · 2017-09-18T09:22:18.000+07:00
diff --git a/crypto/src/crypto/digests/DSTU7564Digest.cs b/crypto/src/crypto/digests/DSTU7564Digest.cs
@@ -17,7 +17,6 @@ namespace Org.BouncyCastle.Crypto.Digests
     public class Dstu7564Digest : IDigest, IMemoable
     {
         private const int ROWS = 8;
-        private const int REDUCTION_POLYNOMIAL = 0x011d;
         private const int BITS_IN_BYTE = 8;
 
         private const int NB_512 = 8;  //Number of 8-byte words in state for <=256-bit hash code.
@@ -316,28 +315,24 @@ private void ShiftBytes(byte[][] state)
 
         private static byte MultiplyGF(byte x, byte y)
         {
-            int i;
-            byte r = 0;
-            byte hbit = 0;
-            for (i = 0; i < BITS_IN_BYTE; ++i)
-            {
-                if ((y & 0x1) == 1)
-                {
-                    r ^= x;
-                }
+            // REDUCTION_POLYNOMIAL = 0x011d; /* x^8 + x^4 + x^3 + x^2 + 1 */
 
-                hbit = (byte)(x & 0x80);
+            uint u = x, v = y;
+            uint r = u & (0U - (v & 1));
 
-                x <<= 1;
+            for (int i = 1; i < BITS_IN_BYTE; i++)
+            {
+                u <<= 1;
+                v >>= 1;
+                r ^= u & (0U - (v & 1));
+            }
 
-                if (hbit == 0x80)
-                {
-                    x = (byte)((int)x ^ REDUCTION_POLYNOMIAL);
-                }
+            uint hi = r & 0xFF00U;
+            r ^= hi ^ (hi >> 4) ^ (hi >> 5) ^ (hi >> 6) ^ (hi >> 8);
+            hi = r & 0x0F00U;
+            r ^= hi ^ (hi >> 4) ^ (hi >> 5) ^ (hi >> 6) ^ (hi >> 8);
 
-                y >>= 1;
-            }
-            return r;
+            return (byte)r;
         }
 
         private void MixColumns(byte[][] state)
diff --git a/crypto/src/crypto/engines/Dstu7624Engine.cs b/crypto/src/crypto/engines/Dstu7624Engine.cs
@@ -16,8 +16,6 @@ public class Dstu7624Engine
         private static readonly int BITS_IN_WORD = 64;
         private static readonly int BITS_IN_BYTE = 8;
 
-        private static readonly int REDUCTION_POLYNOMIAL = 0x011d; /* x^8 + x^4 + x^3 + x^2 + 1 */
-
         private ulong[] internalState;
         private ulong[] workingKey;
         private ulong[][] roundKeys;
@@ -495,29 +493,26 @@ private void MatrixMultiply(byte[][] matrix)
             }
         }
 
-        private byte MultiplyGF(byte x, byte y)
+        private static byte MultiplyGF(byte x, byte y)
         {
-            byte r = 0;
-            byte hbit = 0;
+            // REDUCTION_POLYNOMIAL = 0x011d; /* x^8 + x^4 + x^3 + x^2 + 1 */
 
-            for (int i = 0; i < BITS_IN_BYTE; i++)
-            {
-                if ((y & 0x01) == 1)
-                {
-                    r ^= x;
-                }
+            uint u = x, v = y;
+            uint r = u & (0U - (v & 1));
 
-                hbit = (byte)(x & 0x80);
+            for (int i = 1; i < BITS_IN_BYTE; i++)
+            {
+                u <<= 1;
+                v >>= 1;
+                r ^= u & (0U - (v & 1));
+            }
 
-                x <<= 1;
+            uint hi = r & 0xFF00U;
+            r ^= hi ^ (hi >> 4) ^ (hi >> 5) ^ (hi >> 6) ^ (hi >> 8);
+            hi = r & 0x0F00U;
+            r ^= hi ^ (hi >> 4) ^ (hi >> 5) ^ (hi >> 6) ^ (hi >> 8);
 
-                if (hbit == 0x80)
-                {
-                    x = (byte)((int)x ^ REDUCTION_POLYNOMIAL);
-                }
-                y >>= 1;
-            }
-            return r;
+            return (byte)r;
         }
 
         private void SubBytes()
