mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-25 09:02:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

mpi_exp_mod: improve documentation

Browse Source 
Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
Janos Follath 2022-11-11 15:56:38 +00:00
parent b3608afe29
commit f08b40eaab
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
library/bignum.c
View File

@ -2023,11 +2023,20 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) );
/* /*
* Append the output variable to the end of the table for constant time * If we call mpi_montmul() without doing a table lookup first, we leak
* lookup. From this point on we need to use the table entry in each * through timing side channels the fact that a squaring is happening. In
* calculation, this makes it safe to use simple assignment. * some strong attack settings this can be enough to defeat blinding.
*
* To prevent this leak, we append the output variable to the end of the
* table. This allows as to always do a constant time lookup whenever we
* call mpi_montmul().
*/ */
const size_t x_index = w_count - 1; const size_t x_index = w_count - 1;
/*
* To prevent the leak, we need to use the table entry in each calculation
* from this point on. This makes it safe to load X into the table by a
* simple assignment.
*/
W[x_index] = *X; W[x_index] = *X;
/* /*