arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use full S1 table for timing attack counter measures 

Change stride to cache line size divided by word size based on Yun's 32-bit word implementation
pull/402/head
Jeffrey Walton 2017-04-14 06:24:54 -04:00
parent cf160e91c4
commit b081f7c634
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
1 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
aria.cpp
View File

@ -25,11 +25,10 @@
# define CRYPTOPP_ENABLE_ARIA_NEON_INTRINSICS 1 # define CRYPTOPP_ENABLE_ARIA_NEON_INTRINSICS 1
#endif #endif
#if CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS && (CRYPTOPP_MSC_VERSION || (defined(CRYPTOPP_GCC_VERSION) && CRYPTOPP_GCC_VERSION < 50000)) #if CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE && (CRYPTOPP_MSC_VERSION || (defined(CRYPTOPP_GCC_VERSION) && CRYPTOPP_GCC_VERSION < 50000))
# define CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS 1 # define CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS 1
#endif #endif
ANONYMOUS_NAMESPACE_BEGIN ANONYMOUS_NAMESPACE_BEGIN
CRYPTOPP_ALIGN_DATA(16) CRYPTOPP_ALIGN_DATA(16)
@ -195,7 +194,7 @@ inline word32 ReverseWord(const word32 w) {
return ByteReverse(w); return ByteReverse(w);
} }
// Retireve the i-th word, optionally in Big Endian // Retrieve the i-th word, optionally in Big Endian
template <bool big_endian> template <bool big_endian>
inline word32 LoadWord(const word32 x[4], const unsigned int i) { inline word32 LoadWord(const word32 x[4], const unsigned int i) {
if (big_endian) if (big_endian)
@ -204,7 +203,7 @@ inline word32 LoadWord(const word32 x[4], const unsigned int i) {
return x[i]; return x[i];
} }
// Reinterpret x as a word32[], and retireve the i-th word, optionally in Big Endian // Reinterpret x as a word32[], and retrieve the i-th word, optionally in Big Endian
template <bool big_endian> template <bool big_endian>
inline word32 LoadWord(const byte x[16], const unsigned int i) { inline word32 LoadWord(const byte x[16], const unsigned int i) {
if (big_endian) if (big_endian)
@ -641,18 +640,15 @@ void ARIA::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, b
word32 *t = const_cast<word32*>(m_w.data()+20); word32 *t = const_cast<word32*>(m_w.data()+20);
// Timing attack countermeasure. See comments in Rijndael for more details. // Timing attack countermeasure. See comments in Rijndael for more details.
// We used Yun's 32-bit implementation, so we don't want to walk elements. // We used Yun's 32-bit implementation, so we use words rather than bytes.
// In this case, we still want the byte oriented pointer to induce the flush.
const int cacheLineSize = GetCacheLineSize(); const int cacheLineSize = GetCacheLineSize();
const byte *p = reinterpret_cast<const byte*>(S1);
unsigned int i; unsigned int i;
volatile word32 _u = 0; volatile word32 _u = 0;
word32 u = _u; word32 u = _u;
for (i=0; i<256; i+=cacheLineSize) for (i=0; i<COUNTOF(S1); i+=cacheLineSize/(sizeof(S1[0])))
u &= *(const word32 *)(void*)(p+i); u |= *(S1+i);
u &= *(const word32 *)(void*)(p+252); t[0] |= u;
t[0] |= u; t[1] |= u;
#if CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS #if CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS
if (HasSSSE3()) if (HasSSSE3())