Remove potentially vartime (due to cache side-channel attacks) table access in dalek-ff-group and minimal-ed448

2025-12-08 04:09:23 +00:00 · 2024-10-27 08:51:19 -04:00
parent f3d20e60b3
commit d0201cf2e5
5 changed files with 41 additions and 5 deletions
--- a/2
+++ b/2
@@ -5,4 +5,4 @@ a full copy of the AGPL-3.0 License is included in the root of this repository
 as a reference text. This copy should be provided with any distribution of a
 crate licensed under the AGPL-3.0, as per its terms.
-The GitHub actions (`.github/actions`) are licensed under the MIT license.
+The GitHub actions/workflows (`.github`) are licensed under the MIT license.
--- a/crypto/dalek-ff-group/src/field.rs
+++ b/crypto/dalek-ff-group/src/field.rs
@@ -244,7 +244,16 @@ impl FieldElement {
            res *= res;
          }
        }
-        res *= table[usize::from(bits)];
+
        let mut scale_by = FieldElement::ONE;
        #[allow(clippy::needless_range_loop)]
        for i in 0 .. 16 {
          #[allow(clippy::cast_possible_truncation)] // Safe since 0 .. 16
          {
            scale_by = <_>::conditional_select(&scale_by, &table[i], bits.ct_eq(&(i as u8)));
          }
        }
        res *= scale_by;
        bits = 0;
      }
    }
--- a/crypto/dalek-ff-group/src/lib.rs
+++ b/crypto/dalek-ff-group/src/lib.rs
@@ -208,7 +208,16 @@ impl Scalar {
            res *= res;
          }
        }
-        res *= table[usize::from(bits)];
+
        let mut scale_by = Scalar::ONE;
        #[allow(clippy::needless_range_loop)]
        for i in 0 .. 16 {
          #[allow(clippy::cast_possible_truncation)] // Safe since 0 .. 16
          {
            scale_by = <_>::conditional_select(&scale_by, &table[i], bits.ct_eq(&(i as u8)));
          }
        }
        res *= scale_by;
        bits = 0;
      }
    }
--- a/crypto/ed448/src/backend.rs
+++ b/crypto/ed448/src/backend.rs
@@ -161,7 +161,16 @@ macro_rules! field {
                res *= res;
              }
            }
-            res *= table[usize::from(bits)];
+
            let mut scale_by = $FieldName(Residue::ONE);
            #[allow(clippy::needless_range_loop)]
            for i in 0 .. 16 {
              #[allow(clippy::cast_possible_truncation)] // Safe since 0 .. 16
              {
                scale_by = <_>::conditional_select(&scale_by, &table[i], bits.ct_eq(&(i as u8)));
              }
            }
            res *= scale_by;
            bits = 0;
          }
        }
--- a/crypto/ed448/src/point.rs
+++ b/crypto/ed448/src/point.rs
@@ -242,7 +242,16 @@ impl Mul<Scalar> for Point {
            res = res.double();
          }
        }
-        res += table[usize::from(bits)];
+
        let mut add_by = Point::identity();
        #[allow(clippy::needless_range_loop)]
        for i in 0 .. 16 {
          #[allow(clippy::cast_possible_truncation)] // Safe since 0 .. 16
          {
            add_by = <_>::conditional_select(&add_by, &table[i], bits.ct_eq(&(i as u8)));
          }
        }
        res += add_by;
        bits = 0;
      }
    }