mbedtls/library
Manuel Pégourié-Gonnard 2ddec4306f Use bit operations for constant-flow padding check
The previous code used comparison operators >= and == that are quite likely to
be compiled to branches by some compilers on some architectures (with some
optimisation levels).

For example, take the following function:

void old_update( size_t data_len, size_t *padlen )
{
    *padlen  *= ( data_len >= *padlen + 1 );
}

With Clang 3.8, let's compile it for the Arm v6-M architecture:

% clang --target=arm-none-eabi -march=armv6-m -Os foo.c -S -o - |
    sed -n '/^old_update:$/,/\.size/p'

old_update:
        .fnstart
@ BB#0:
        .save   {r4, lr}
        push    {r4, lr}
        ldr     r2, [r1]
        adds    r4, r2, #1
        movs    r3, #0
        cmp     r4, r0
        bls     .LBB0_2
@ BB#1:
        mov     r2, r3
.LBB0_2:
        str     r2, [r1]
        pop     {r4, pc}
.Lfunc_end0:
        .size   old_update, .Lfunc_end0-old_update

We can see an unbalanced secret-dependant branch, resulting in a total
execution time depends on the value of the secret (here padlen) in a
straightforward way.

The new version, based on bit operations, doesn't have this issue:

new_update:
        .fnstart
@ BB#0:
        ldr     r2, [r1]
        subs    r0, r0, #1
        subs    r0, r0, r2
        asrs    r0, r0, #31
        bics    r2, r0
        str     r2, [r1]
        bx      lr
.Lfunc_end1:
        .size   new_update, .Lfunc_end1-new_update

(As a bonus, it's smaller and uses less stack.)

While there's no formal guarantee that the version based on bit operations in
C won't be translated using branches by the compiler, experiments tend to show
that's the case [1], and it is commonly accepted knowledge in the practical
crypto community that if we want to sick to C, bit operations are the safest
bet [2].

[1] https://github.com/mpg/ct/blob/master/results
[2] https://github.com/veorq/cryptocoding

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-09-18 12:10:33 +02:00
..
.gitignore
aes.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
aesni.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
arc4.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
aria.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
asn1parse.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
asn1write.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
base64.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
bignum.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
blowfish.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
camellia.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ccm.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
certs.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
chacha20.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
chachapoly.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
cipher_wrap.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
cipher.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
cmac.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
CMakeLists.txt Bump version to Mbed TLS 2.24.0 2020-08-26 16:22:57 +01:00
common.h Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ctr_drbg.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
debug.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
des.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
dhm.c Merge development into development-restricted 2020-08-20 11:07:12 +01:00
ecdh.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ecdsa.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ecjpake.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ecp_curves.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ecp.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
entropy_poll.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
entropy.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
error.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
gcm.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
havege.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
hkdf.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
hmac_drbg.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
Makefile Merge pull request #3454 from gilles-peskine-arm/include-common-h-development 2020-07-03 09:44:18 +02:00
md2.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
md4.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
md5.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
md.c Merge pull request #3578 from gilles-peskine-arm/md_setup-leak-development 2020-08-21 09:19:12 +02:00
memory_buffer_alloc.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
net_sockets.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
nist_kw.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
oid.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
padlock.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
pem.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
pk_wrap.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
pk.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
pkcs5.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
pkcs11.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
pkcs12.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
pkparse.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
pkwrite.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
platform_util.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
platform.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
poly1305.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_core.h Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_invasive.h Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_its.h Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_se.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_se.h Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_service_integration.h Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_slot_management.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_slot_management.h Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto_storage.c psa_crypto_storage: Annotate file removal after a failed creation 2020-08-25 22:50:06 +02:00
psa_crypto_storage.h Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_crypto.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
psa_its_file.c psa_its: Annotate file removal after a failed creation 2020-08-25 22:49:19 +02:00
ripemd160.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
rsa_internal.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
rsa.c Merge development into development-restricted 2020-08-20 11:07:12 +01:00
sha1.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
sha256.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
sha512.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ssl_cache.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ssl_ciphersuites.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ssl_cli.c Merge pull request #2182 from hanno-arm/key_pwd 2020-08-24 09:42:38 +02:00
ssl_cookie.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ssl_invasive.h Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted 2020-08-25 14:35:55 +01:00
ssl_msg.c Use bit operations for constant-flow padding check 2020-09-18 12:10:33 +02:00
ssl_srv.c Merge pull request #2182 from hanno-arm/key_pwd 2020-08-24 09:42:38 +02:00
ssl_ticket.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
ssl_tls.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
threading.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
timing.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
version_features.c Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted 2020-08-25 14:35:55 +01:00
version.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
x509_create.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
x509_crl.c Merge development into development-restricted 2020-08-20 11:07:12 +01:00
x509_crt.c Merge pull request #3433 from raoulstrackx/raoul/verify_crl_without_time 2020-08-26 12:56:11 +02:00
x509_csr.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
x509.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
x509write_crt.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
x509write_csr.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00
xtea.c Update copyright notices to use Linux Foundation guidance 2020-08-19 10:35:41 +02:00