• Vitaly Chikunov's avatar
    crypto: ecc - regularize scalar for scalar multiplication · 9e1a69dc
    Vitaly Chikunov authored
    [ Upstream commit 3da2c1df ]
    
    ecc_point_mult is supposed to be used with a regularized scalar,
    otherwise, it's possible to deduce the position of the top bit of the
    scalar with timing attack. This is important when the scalar is a
    private key.
    
    ecc_point_mult is already using a regular algorithm (i.e. having an
    operation flow independent of the input scalar) but regularization step
    is not implemented.
    
    Arrange scalar to always have fixed top bit by adding a multiple of the
    curve order (n).
    
    References:
    The constant time regularization step is based on micro-ecc by Kenneth
    MacKay and also referenced in the literature (Bernstein, D. J., & Lange,
    T. (2017). Montgomery curves and the Montgomery ladder. (Cryptology
    ePrint Archive; Vol. 2017/293). s.l.: IACR. Chapter 4.6.2.)
    Signed-off-by: default avatarVitaly Chikunov <vt@altlinux.org>
    Cc: kernel-hardening@lists.openwall.com
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    9e1a69dc
Name
Last commit
Last update
..
asymmetric_keys Loading commit data...
async_tx Loading commit data...
842.c Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
ablkcipher.c Loading commit data...
acompress.c Loading commit data...
aead.c Loading commit data...
aegis.h Loading commit data...
aegis128.c Loading commit data...
aegis128l.c Loading commit data...
aegis256.c Loading commit data...
aes_generic.c Loading commit data...
aes_ti.c Loading commit data...
af_alg.c Loading commit data...
ahash.c Loading commit data...
akcipher.c Loading commit data...
algapi.c Loading commit data...
algboss.c Loading commit data...
algif_aead.c Loading commit data...
algif_hash.c Loading commit data...
algif_rng.c Loading commit data...
algif_skcipher.c Loading commit data...
ansi_cprng.c Loading commit data...
anubis.c Loading commit data...
api.c Loading commit data...
arc4.c Loading commit data...
authenc.c Loading commit data...
authencesn.c Loading commit data...
blkcipher.c Loading commit data...
blowfish_common.c Loading commit data...
blowfish_generic.c Loading commit data...
camellia_generic.c Loading commit data...
cast5_generic.c Loading commit data...
cast6_generic.c Loading commit data...
cast_common.c Loading commit data...
cbc.c Loading commit data...
ccm.c Loading commit data...
cfb.c Loading commit data...
chacha20_generic.c Loading commit data...
chacha20poly1305.c Loading commit data...
cipher.c Loading commit data...
cmac.c Loading commit data...
compress.c Loading commit data...
crc32_generic.c Loading commit data...
crc32c_generic.c Loading commit data...
crct10dif_common.c Loading commit data...
crct10dif_generic.c Loading commit data...
cryptd.c Loading commit data...
crypto_engine.c Loading commit data...
crypto_null.c Loading commit data...
crypto_user_base.c Loading commit data...
crypto_user_stat.c Loading commit data...
crypto_wq.c Loading commit data...
ctr.c Loading commit data...
cts.c Loading commit data...
deflate.c Loading commit data...
des_generic.c Loading commit data...
dh.c Loading commit data...
dh_helper.c Loading commit data...
drbg.c Loading commit data...
ecb.c Loading commit data...
ecc.c Loading commit data...
ecc.h Loading commit data...
ecc_curve_defs.h Loading commit data...
ecdh.c Loading commit data...
ecdh_helper.c Loading commit data...
echainiv.c Loading commit data...
fcrypt.c Loading commit data...
fips.c Loading commit data...
gcm.c Loading commit data...
gf128mul.c Loading commit data...
ghash-generic.c Loading commit data...
hash_info.c Loading commit data...
hmac.c Loading commit data...
internal.h Loading commit data...
jitterentropy-kcapi.c Loading commit data...
jitterentropy.c Loading commit data...
keywrap.c Loading commit data...
khazad.c Loading commit data...
kpp.c Loading commit data...
lrw.c Loading commit data...
lz4.c Loading commit data...
lz4hc.c Loading commit data...
lzo.c Loading commit data...
md4.c Loading commit data...
md5.c Loading commit data...
memneq.c Loading commit data...
michael_mic.c Loading commit data...
morus1280.c Loading commit data...
morus640.c Loading commit data...
ofb.c Loading commit data...
pcbc.c Loading commit data...
pcrypt.c Loading commit data...
poly1305_generic.c Loading commit data...
proc.c Loading commit data...
ripemd.h Loading commit data...
rmd128.c Loading commit data...
rmd160.c Loading commit data...
rmd256.c Loading commit data...
rmd320.c Loading commit data...
rng.c Loading commit data...
rsa-pkcs1pad.c Loading commit data...
rsa.c Loading commit data...
rsa_helper.c Loading commit data...
rsaprivkey.asn1 Loading commit data...
rsapubkey.asn1 Loading commit data...
salsa20_generic.c Loading commit data...
scatterwalk.c Loading commit data...
scompress.c Loading commit data...
seed.c Loading commit data...
seqiv.c Loading commit data...
serpent_generic.c Loading commit data...
sha1_generic.c Loading commit data...
sha256_generic.c Loading commit data...
sha3_generic.c Loading commit data...
sha512_generic.c Loading commit data...
shash.c Loading commit data...
simd.c Loading commit data...
skcipher.c Loading commit data...
sm3_generic.c Loading commit data...
sm4_generic.c Loading commit data...
tcrypt.c Loading commit data...
tcrypt.h Loading commit data...
tea.c Loading commit data...
testmgr.c Loading commit data...
testmgr.h Loading commit data...
tgr192.c Loading commit data...
twofish_common.c Loading commit data...
twofish_generic.c Loading commit data...
vmac.c Loading commit data...
wp512.c Loading commit data...
xcbc.c Loading commit data...
xor.c Loading commit data...
xts.c Loading commit data...
zstd.c Loading commit data...