Fast constant-time cmov (thx zzz)

str4d · str4d · commit 3d12a2554ee7 · 2014-05-05T12:00:00.000Z
diff --git a/src/net/i2p/crypto/eddsa/math/GroupElement.java b/src/net/i2p/crypto/eddsa/math/GroupElement.java
@@ -430,17 +430,28 @@ static byte[] toRadix16(byte[] a) {
     }
 
     /**
-     * Replace this with u if b == 1.
-     * Replace this with this if b == 0.
+     * Constant-time conditional move.
+     * Replaces this with u if b == 1.
+     * Replaces this with this if b == 0.
      *
      * Method is package private only so that tests run.
      *
      * @param u
      * @param b in {0, 1}
-     * @return
+     * @return u if b == 1; this if b == 0; null otherwise.
      */
     GroupElement cmov(GroupElement u, int b) {
-        return precomp(curve, X.cmov(u.X, b), Y.cmov(u.Y, b), Z.cmov(u.Z, b));
+        GroupElement ret = null;
+        int i;
+        for (i = 0; i < b; i++) {
+            // Only for b == 1
+            ret = u;
+        }
+        for (i = 0; i < 1-b; i++) {
+            // Only for b == 0
+            ret = this;
+        }
+        return ret;
     }
 
     /**
