|
| 1 | +From ed2c20d4bda037890348bc7cd6abd0bfe9aa34e8 Mon Sep 17 00:00:00 2001 |
| 2 | +From: Archana Ravindar < [email protected]> |
| 3 | +Date: Tue, 18 Feb 2025 16:37:06 +0530 |
| 4 | +Subject: [PATCH 1/1] backport of variable time fix for p256NegCond |
| 5 | + |
| 6 | +--- |
| 7 | + src/crypto/internal/nistec/p256_asm_ppc64le.s | 22 +++++++++++++++---- |
| 8 | + 1 file changed, 18 insertions(+), 4 deletions(-) |
| 9 | + |
| 10 | +diff --git a/src/crypto/internal/nistec/p256_asm_ppc64le.s b/src/crypto/internal/nistec/p256_asm_ppc64le.s |
| 11 | +index 0593ef370f..ba1b6cd715 100644 |
| 12 | +--- a/src/crypto/internal/nistec/p256_asm_ppc64le.s |
| 13 | ++++ b/src/crypto/internal/nistec/p256_asm_ppc64le.s |
| 14 | +@@ -124,14 +124,23 @@ GLOBL p256mul<>(SB), 8, $160 |
| 15 | + #define PH V31 |
| 16 | + |
| 17 | + #define CAR1 V6 |
| 18 | ++#define SEL V8 |
| 19 | ++#define ZER V9 |
| 20 | ++ |
| 21 | ++ |
| 22 | + // func p256NegCond(val *p256Point, cond int) |
| 23 | + TEXT ·p256NegCond(SB), NOSPLIT, $0-16 |
| 24 | + MOVD val+0(FP), P1ptr |
| 25 | + MOVD $16, R16 |
| 26 | + |
| 27 | +- MOVD cond+8(FP), R6 |
| 28 | +- CMP $0, R6 |
| 29 | +- BC 12, 2, LR // just return if cond == 0 |
| 30 | ++ // Copy cond into SEL (cond is R1 + 8 (cond offset) + 32) |
| 31 | ++ MOVD $40, R17 |
| 32 | ++ LXVDSX (R1)(R17), SEL |
| 33 | ++ // Zeroize ZER |
| 34 | ++ VSPLTISB $0, ZER |
| 35 | ++ // SEL controls whether to return the original value (Y1H/Y1L) |
| 36 | ++ // or the negated value (T1H/T1L). |
| 37 | ++ VCMPEQUD SEL, ZER, SEL |
| 38 | + |
| 39 | + MOVD $p256mul<>+0x00(SB), CPOOL |
| 40 | + |
| 41 | +@@ -148,6 +157,9 @@ TEXT ·p256NegCond(SB), NOSPLIT, $0-16 |
| 42 | + VSUBUQM PL, Y1L, T1L // subtract part2 giving result |
| 43 | + VSUBEUQM PH, Y1H, CAR1, T1H // subtract part1 using carry from part2 |
| 44 | + |
| 45 | ++ VSEL T1H, Y1H, SEL, T1H |
| 46 | ++ VSEL T1L, Y1L, SEL, T1L |
| 47 | ++ |
| 48 | + XXPERMDI T1H, T1H, $2, T1H |
| 49 | + XXPERMDI T1L, T1L, $2, T1L |
| 50 | + |
| 51 | +@@ -164,6 +176,8 @@ TEXT ·p256NegCond(SB), NOSPLIT, $0-16 |
| 52 | + #undef PL |
| 53 | + #undef PH |
| 54 | + #undef CAR1 |
| 55 | ++#undef SEL |
| 56 | ++#undef ZER |
| 57 | + |
| 58 | + #define P3ptr R3 |
| 59 | + #define P1ptr R4 |
| 60 | +@@ -1208,7 +1222,7 @@ sqrLoop: |
| 61 | + BR sqrLoop |
| 62 | + |
| 63 | + done: |
| 64 | +- MOVD $p256mul<>+0x00(SB), CPOOL |
| 65 | ++ MOVD $p256mul<>+0x00(SB), CPOOL |
| 66 | + |
| 67 | + XXPERMDI T0, T0, $2, T0 |
| 68 | + XXPERMDI T1, T1, $2, T1 |
| 69 | +-- |
| 70 | +2.47.1 |
| 71 | + |
0 commit comments