Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

backport of fix for variable time crypto/internal/nistec/p256NegCond on ppc64le #269

Open
wants to merge 2 commits into
base: go1.20-fips-release
Choose a base branch
from
Open

backport of fix for variable time crypto/internal/nistec/p256NegCond on ppc64le #269

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a6094fe
Backport of fix https://go-review.googlesource.com/c/go/+/643735 to G…
archanaravindar Feb 18, 2025
ffb0c14
renamed patch file to fix variable time p256NegCond code
archanaravindar Feb 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 71 additions & 0 deletions patches/015-variable-time-fix-for-p256NegCond.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
From ed2c20d4bda037890348bc7cd6abd0bfe9aa34e8 Mon Sep 17 00:00:00 2001
From: Archana Ravindar <[email protected]>
Date: Tue, 18 Feb 2025 16:37:06 +0530
Subject: [PATCH 1/1] backport of variable time fix for p256NegCond

---
src/crypto/internal/nistec/p256_asm_ppc64le.s | 22 +++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/src/crypto/internal/nistec/p256_asm_ppc64le.s b/src/crypto/internal/nistec/p256_asm_ppc64le.s
index 0593ef370f..ba1b6cd715 100644
--- a/src/crypto/internal/nistec/p256_asm_ppc64le.s
+++ b/src/crypto/internal/nistec/p256_asm_ppc64le.s
@@ -124,14 +124,23 @@ GLOBL p256mul<>(SB), 8, $160
#define PH V31

#define CAR1 V6
+#define SEL V8
+#define ZER V9
+
+
// func p256NegCond(val *p256Point, cond int)
TEXT ·p256NegCond(SB), NOSPLIT, $0-16
MOVD val+0(FP), P1ptr
MOVD $16, R16

- MOVD cond+8(FP), R6
- CMP $0, R6
- BC 12, 2, LR // just return if cond == 0
+ // Copy cond into SEL (cond is R1 + 8 (cond offset) + 32)
+ MOVD $40, R17
+ LXVDSX (R1)(R17), SEL
+ // Zeroize ZER
+ VSPLTISB $0, ZER
+ // SEL controls whether to return the original value (Y1H/Y1L)
+ // or the negated value (T1H/T1L).
+ VCMPEQUD SEL, ZER, SEL

MOVD $p256mul<>+0x00(SB), CPOOL

@@ -148,6 +157,9 @@ TEXT ·p256NegCond(SB), NOSPLIT, $0-16
VSUBUQM PL, Y1L, T1L // subtract part2 giving result
VSUBEUQM PH, Y1H, CAR1, T1H // subtract part1 using carry from part2

+ VSEL T1H, Y1H, SEL, T1H
+ VSEL T1L, Y1L, SEL, T1L
+
XXPERMDI T1H, T1H, $2, T1H
XXPERMDI T1L, T1L, $2, T1L

@@ -164,6 +176,8 @@ TEXT ·p256NegCond(SB), NOSPLIT, $0-16
#undef PL
#undef PH
#undef CAR1
+#undef SEL
+#undef ZER

#define P3ptr R3
#define P1ptr R4
@@ -1208,7 +1222,7 @@ sqrLoop:
BR sqrLoop

done:
- MOVD $p256mul<>+0x00(SB), CPOOL
+ MOVD $p256mul<>+0x00(SB), CPOOL

XXPERMDI T0, T0, $2, T0
XXPERMDI T1, T1, $2, T1
--
2.47.1

Loading