[Gmp-commit] /var/hg/gmp: 2 new changesets

mercurial at gmplib.org mercurial at gmplib.org
Mon Dec 30 16:40:01 UTC 2013 

details:   /var/hg/gmp/rev/29cd35272ea1
changeset: 16126:29cd35272ea1
user:      Torbjorn Granlund <tege at gmplib.org>
date:      Mon Dec 30 17:39:46 2013 +0100
description:
Mention non-sec/cnd functions which are safe.

details:   /var/hg/gmp/rev/3c3384c207fe
changeset: 16127:3c3384c207fe
user:      Torbjorn Granlund <tege at gmplib.org>
date:      Mon Dec 30 17:39:58 2013 +0100
description:
ChangeLog

diffstat:

 ChangeLog    |   4 ++++
 doc/gmp.texi |  13 +++++++++++++
 2 files changed, 17 insertions(+), 0 deletions(-)

diffs (34 lines):

diff -r d5f033ea6f0b -r 3c3384c207fe ChangeLog
--- a/ChangeLog	Mon Dec 30 16:09:19 2013 +0100
+++ b/ChangeLog	Mon Dec 30 17:39:58 2013 +0100
@@ -1,3 +1,7 @@
+2013-12-30  Torbjorn Granlund  <tege at gmplib.org>
+
+	* doc/gmp.texi (Low-level Functions for cryptography): New section.
+
 2013-12-29  Niels Möller  <nisse at lysator.liu.se>
 
 	* tests/mpn/Makefile.am (check_PROGRAMS): Added t-minvert.
diff -r d5f033ea6f0b -r 3c3384c207fe doc/gmp.texi
--- a/doc/gmp.texi	Mon Dec 30 16:09:19 2013 +0100
+++ b/doc/gmp.texi	Mon Dec 30 17:39:58 2013 +0100
@@ -5680,6 +5680,19 @@
 compilers may choose to spill scalar values used within these functions to
 their stack frame and that such scalars may contain sensitive data.
 
+In addition to these specially crafted functions, the following @code{mpn}
+functions are naturally side-channel resistant: @code{mpn_add_n},
+ at code{mpn_sub_n}, @code{mpn_lshift}, @code{mpn_rshift}, @code{mpn_zero},
+ at code{mpn_copyi}, @code{mpn_copyd}, @code{mpn_com}, and the logical function
+(@code{mpn_and_n}, etc).
+
+There are some exceptions from the side-channel resilience: (1) Some assembly
+implementations of @code{mpn_lshift} identify shift-by-one as a special case.
+This is a problem iff the shift count is a function of sensitive data.  (2)
+Alpha ev6 and Pentium4 using 64-bit limbs have leaky @code{mpn_add_n} and
+ at code{mpn_sub_n}.  (3) Alpha ev6 has a leaky @code{mpn_mul_1} which also makes
+ at code{mpn_sec_mul} on those systems unsafe.
+
 @deftypefun mp_limb_t mpn_cnd_add_n (mp_limb_t @var{cnd}, mp_limb_t *@var{rp}, const mp_limb_t *@var{s1p}, const mp_limb_t *@var{s2p}, mp_size_t @var{n})
 @deftypefunx mp_limb_t mpn_cnd_sub_n (mp_limb_t @var{cnd}, mp_limb_t *@var{rp}, const mp_limb_t *@var{s1p}, const mp_limb_t *@var{s2p}, mp_size_t @var{n})
 These functions do conditional addition and subtraction.  If @var{cnd} is

More information about the gmp-commit mailing list