diff options
author | Jack Lloyd <[email protected]> | 2018-04-15 17:49:20 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-04-15 17:49:20 -0400 |
commit | f425705104cf01b30ac8f0c155f96b82fa93124d (patch) | |
tree | e710b29285992687c5789361e5205af6caceb741 | |
parent | 4fdc3ee1922df17bcb3a2ecdbd17e4494fe3d661 (diff) |
Add const time annotations
-rw-r--r-- | src/lib/math/bigint/bigint.cpp | 12 | ||||
-rw-r--r-- | src/lib/math/bigint/bigint.h | 8 | ||||
-rw-r--r-- | src/lib/math/numbertheory/monty.h | 3 | ||||
-rw-r--r-- | src/lib/math/numbertheory/monty_exp.cpp | 22 | ||||
-rw-r--r-- | src/lib/math/numbertheory/monty_exp.h | 3 | ||||
-rw-r--r-- | src/lib/pubkey/rsa/rsa.cpp | 2 |
6 files changed, 43 insertions, 7 deletions
diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp index fd967e66e..8874195af 100644 --- a/src/lib/math/bigint/bigint.cpp +++ b/src/lib/math/bigint/bigint.cpp @@ -335,6 +335,18 @@ void BigInt::shrink_to_fit(size_t min_size) m_reg.resize(words); } +#if defined(BOTAN_HAS_VALGRIND) +void BigInt::const_time_poison() const + { + CT::poison(m_reg.data(), m_reg.size()); + } + +void BigInt::const_time_unpoison() const + { + CT::unpoison(m_reg.data(), m_reg.size()); + } +#endif + void BigInt::const_time_lookup(secure_vector<word>& output, const std::vector<BigInt>& vec, size_t idx) diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h index 44177de96..eec7f6176 100644 --- a/src/lib/math/bigint/bigint.h +++ b/src/lib/math/bigint/bigint.h @@ -565,6 +565,14 @@ class BOTAN_PUBLIC_API(2,0) BigInt final */ void encode_words(word out[], size_t size) const; +#if defined(BOTAN_HAS_VALGRIND) + void const_time_poison() const; + void const_time_unpoison() const; +#else + void const_time_poison() const {} + void const_time_unpoison() const {} +#endif + /** * @param rng a random number generator * @param min the minimum value diff --git a/src/lib/math/numbertheory/monty.h b/src/lib/math/numbertheory/monty.h index 9f369f1a5..2af655230 100644 --- a/src/lib/math/numbertheory/monty.h +++ b/src/lib/math/numbertheory/monty.h @@ -100,6 +100,9 @@ class Montgomery_Int final Montgomery_Int& mul_by_8(secure_vector<word>& ws); + void const_time_poison() const { m_v.const_time_poison(); } + void const_time_unpoison() const { return m_v.const_time_unpoison(); } + private: std::shared_ptr<const Montgomery_Params> m_params; BigInt m_v; diff --git a/src/lib/math/numbertheory/monty_exp.cpp b/src/lib/math/numbertheory/monty_exp.cpp index 4bf281fa9..b32a7ab4c 100644 --- a/src/lib/math/numbertheory/monty_exp.cpp +++ b/src/lib/math/numbertheory/monty_exp.cpp @@ -20,7 +20,8 @@ class Montgomery_Exponentation_State public: Montgomery_Exponentation_State(std::shared_ptr<const Montgomery_Params> params, const BigInt& g, - size_t window_bits); + size_t window_bits, + bool const_time); BigInt exponentiation(const BigInt& k) const; @@ -29,13 +30,16 @@ class Montgomery_Exponentation_State std::shared_ptr<const Montgomery_Params> m_params; std::vector<Montgomery_Int> m_g; size_t m_window_bits; + bool m_const_time; }; Montgomery_Exponentation_State::Montgomery_Exponentation_State(std::shared_ptr<const Montgomery_Params> params, const BigInt& g, - size_t window_bits) : + size_t window_bits, + bool const_time) : m_params(params), - m_window_bits(window_bits == 0 ? 4 : window_bits) + m_window_bits(window_bits == 0 ? 4 : window_bits), + m_const_time(const_time) { if(m_window_bits < 1 || m_window_bits > 12) // really even 8 is too large ... throw Invalid_Argument("Invalid window bits for Montgomery exponentiation"); @@ -59,6 +63,8 @@ Montgomery_Exponentation_State::Montgomery_Exponentation_State(std::shared_ptr<c for(size_t i = 0; i != window_size; ++i) { m_g[i].fix_size(); + if(const_time) + m_g[i].const_time_poison(); } } @@ -91,6 +97,7 @@ void const_time_lookup(secure_vector<word>& output, BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& scalar) const { const size_t exp_nibbles = (scalar.bits() + m_window_bits - 1) / m_window_bits; + CT::unpoison(exp_nibbles); Montgomery_Int x(m_params, m_params->R1(), false); @@ -111,11 +118,14 @@ BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& scalar) cons x.mul_by(e_bits, ws); } + x.const_time_unpoison(); return x.value(); } BigInt Montgomery_Exponentation_State::exponentiation_vartime(const BigInt& scalar) const { + BOTAN_ASSERT_NOMSG(m_const_time == false); + const size_t exp_nibbles = (scalar.bits() + m_window_bits - 1) / m_window_bits; Montgomery_Int x(m_params, m_params->R1(), false); @@ -135,15 +145,17 @@ BigInt Montgomery_Exponentation_State::exponentiation_vartime(const BigInt& scal x.mul_by(m_g[nibble], ws); } + x.const_time_unpoison(); return x.value(); } std::shared_ptr<const Montgomery_Exponentation_State> monty_precompute(std::shared_ptr<const Montgomery_Params> params, const BigInt& g, - size_t window_bits) + size_t window_bits, + bool const_time) { - return std::make_shared<const Montgomery_Exponentation_State>(params, g, window_bits); + return std::make_shared<const Montgomery_Exponentation_State>(params, g, window_bits, const_time); } BigInt monty_execute(const Montgomery_Exponentation_State& precomputed_state, diff --git a/src/lib/math/numbertheory/monty_exp.h b/src/lib/math/numbertheory/monty_exp.h index 6eeb88e7f..61da258cc 100644 --- a/src/lib/math/numbertheory/monty_exp.h +++ b/src/lib/math/numbertheory/monty_exp.h @@ -24,7 +24,8 @@ class Montgomery_Exponentation_State; std::shared_ptr<const Montgomery_Exponentation_State> monty_precompute(std::shared_ptr<const Montgomery_Params> params_p, const BigInt& g, - size_t window_bits); + size_t window_bits, + bool const_time = true); /* * Return g^x mod p diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index 69d7052dc..df639be58 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -356,7 +356,7 @@ class RSA_Public_Operation const size_t powm_window = 1; - auto powm_m_n = monty_precompute(m_monty_n, m, powm_window); + auto powm_m_n = monty_precompute(m_monty_n, m, powm_window, false); return monty_execute_vartime(*powm_m_n, m_e); } |