aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-04-15 17:49:20 -0400
committerJack Lloyd <[email protected]>2018-04-15 17:49:20 -0400
commitf425705104cf01b30ac8f0c155f96b82fa93124d (patch)
treee710b29285992687c5789361e5205af6caceb741 /src/lib
parent4fdc3ee1922df17bcb3a2ecdbd17e4494fe3d661 (diff)
Add const time annotations
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/math/bigint/bigint.cpp12
-rw-r--r--src/lib/math/bigint/bigint.h8
-rw-r--r--src/lib/math/numbertheory/monty.h3
-rw-r--r--src/lib/math/numbertheory/monty_exp.cpp22
-rw-r--r--src/lib/math/numbertheory/monty_exp.h3
-rw-r--r--src/lib/pubkey/rsa/rsa.cpp2
6 files changed, 43 insertions, 7 deletions
diff --git a/src/lib/math/bigint/bigint.cpp b/src/lib/math/bigint/bigint.cpp
index fd967e66e..8874195af 100644
--- a/src/lib/math/bigint/bigint.cpp
+++ b/src/lib/math/bigint/bigint.cpp
@@ -335,6 +335,18 @@ void BigInt::shrink_to_fit(size_t min_size)
m_reg.resize(words);
}
+#if defined(BOTAN_HAS_VALGRIND)
+void BigInt::const_time_poison() const
+ {
+ CT::poison(m_reg.data(), m_reg.size());
+ }
+
+void BigInt::const_time_unpoison() const
+ {
+ CT::unpoison(m_reg.data(), m_reg.size());
+ }
+#endif
+
void BigInt::const_time_lookup(secure_vector<word>& output,
const std::vector<BigInt>& vec,
size_t idx)
diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h
index 44177de96..eec7f6176 100644
--- a/src/lib/math/bigint/bigint.h
+++ b/src/lib/math/bigint/bigint.h
@@ -565,6 +565,14 @@ class BOTAN_PUBLIC_API(2,0) BigInt final
*/
void encode_words(word out[], size_t size) const;
+#if defined(BOTAN_HAS_VALGRIND)
+ void const_time_poison() const;
+ void const_time_unpoison() const;
+#else
+ void const_time_poison() const {}
+ void const_time_unpoison() const {}
+#endif
+
/**
* @param rng a random number generator
* @param min the minimum value
diff --git a/src/lib/math/numbertheory/monty.h b/src/lib/math/numbertheory/monty.h
index 9f369f1a5..2af655230 100644
--- a/src/lib/math/numbertheory/monty.h
+++ b/src/lib/math/numbertheory/monty.h
@@ -100,6 +100,9 @@ class Montgomery_Int final
Montgomery_Int& mul_by_8(secure_vector<word>& ws);
+ void const_time_poison() const { m_v.const_time_poison(); }
+ void const_time_unpoison() const { return m_v.const_time_unpoison(); }
+
private:
std::shared_ptr<const Montgomery_Params> m_params;
BigInt m_v;
diff --git a/src/lib/math/numbertheory/monty_exp.cpp b/src/lib/math/numbertheory/monty_exp.cpp
index 4bf281fa9..b32a7ab4c 100644
--- a/src/lib/math/numbertheory/monty_exp.cpp
+++ b/src/lib/math/numbertheory/monty_exp.cpp
@@ -20,7 +20,8 @@ class Montgomery_Exponentation_State
public:
Montgomery_Exponentation_State(std::shared_ptr<const Montgomery_Params> params,
const BigInt& g,
- size_t window_bits);
+ size_t window_bits,
+ bool const_time);
BigInt exponentiation(const BigInt& k) const;
@@ -29,13 +30,16 @@ class Montgomery_Exponentation_State
std::shared_ptr<const Montgomery_Params> m_params;
std::vector<Montgomery_Int> m_g;
size_t m_window_bits;
+ bool m_const_time;
};
Montgomery_Exponentation_State::Montgomery_Exponentation_State(std::shared_ptr<const Montgomery_Params> params,
const BigInt& g,
- size_t window_bits) :
+ size_t window_bits,
+ bool const_time) :
m_params(params),
- m_window_bits(window_bits == 0 ? 4 : window_bits)
+ m_window_bits(window_bits == 0 ? 4 : window_bits),
+ m_const_time(const_time)
{
if(m_window_bits < 1 || m_window_bits > 12) // really even 8 is too large ...
throw Invalid_Argument("Invalid window bits for Montgomery exponentiation");
@@ -59,6 +63,8 @@ Montgomery_Exponentation_State::Montgomery_Exponentation_State(std::shared_ptr<c
for(size_t i = 0; i != window_size; ++i)
{
m_g[i].fix_size();
+ if(const_time)
+ m_g[i].const_time_poison();
}
}
@@ -91,6 +97,7 @@ void const_time_lookup(secure_vector<word>& output,
BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& scalar) const
{
const size_t exp_nibbles = (scalar.bits() + m_window_bits - 1) / m_window_bits;
+ CT::unpoison(exp_nibbles);
Montgomery_Int x(m_params, m_params->R1(), false);
@@ -111,11 +118,14 @@ BigInt Montgomery_Exponentation_State::exponentiation(const BigInt& scalar) cons
x.mul_by(e_bits, ws);
}
+ x.const_time_unpoison();
return x.value();
}
BigInt Montgomery_Exponentation_State::exponentiation_vartime(const BigInt& scalar) const
{
+ BOTAN_ASSERT_NOMSG(m_const_time == false);
+
const size_t exp_nibbles = (scalar.bits() + m_window_bits - 1) / m_window_bits;
Montgomery_Int x(m_params, m_params->R1(), false);
@@ -135,15 +145,17 @@ BigInt Montgomery_Exponentation_State::exponentiation_vartime(const BigInt& scal
x.mul_by(m_g[nibble], ws);
}
+ x.const_time_unpoison();
return x.value();
}
std::shared_ptr<const Montgomery_Exponentation_State>
monty_precompute(std::shared_ptr<const Montgomery_Params> params,
const BigInt& g,
- size_t window_bits)
+ size_t window_bits,
+ bool const_time)
{
- return std::make_shared<const Montgomery_Exponentation_State>(params, g, window_bits);
+ return std::make_shared<const Montgomery_Exponentation_State>(params, g, window_bits, const_time);
}
BigInt monty_execute(const Montgomery_Exponentation_State& precomputed_state,
diff --git a/src/lib/math/numbertheory/monty_exp.h b/src/lib/math/numbertheory/monty_exp.h
index 6eeb88e7f..61da258cc 100644
--- a/src/lib/math/numbertheory/monty_exp.h
+++ b/src/lib/math/numbertheory/monty_exp.h
@@ -24,7 +24,8 @@ class Montgomery_Exponentation_State;
std::shared_ptr<const Montgomery_Exponentation_State>
monty_precompute(std::shared_ptr<const Montgomery_Params> params_p,
const BigInt& g,
- size_t window_bits);
+ size_t window_bits,
+ bool const_time = true);
/*
* Return g^x mod p
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
index 69d7052dc..df639be58 100644
--- a/src/lib/pubkey/rsa/rsa.cpp
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -356,7 +356,7 @@ class RSA_Public_Operation
const size_t powm_window = 1;
- auto powm_m_n = monty_precompute(m_monty_n, m, powm_window);
+ auto powm_m_n = monty_precompute(m_monty_n, m, powm_window, false);
return monty_execute_vartime(*powm_m_n, m_e);
}