-
Notifications
You must be signed in to change notification settings - Fork 792
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[cryptotest] Add P-384 targets to cryptotest. #25510
Conversation
These were initially excluded because we didn't support P-384 in cryptolib yet, but now that P-384 support is present we should test it. Verified locally that the ECDH and ECDSA targets pass on FPGA. Signed-off-by: Jade Philipoom <[email protected]>
memcpy(private_key_masked.share1, uj_private_key.d1, kP256ScalarBytes); | ||
private_key_masked_raw = (uint32_t *)&private_key_masked; | ||
private_keyblob_length = sizeof(private_key_masked); | ||
memset(private_key_masked_p256.share0, 0, kP256MaskedScalarShareBytes); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be possible to write a function that takes the same arguments as memset
but that fills the buffer with random data instead of 0s?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, and in fact we already have one:
void hardened_memshred(uint32_t *dest, size_t word_len); |
It's slightly different than memset because it only works with aligned pointers, but it's good practice to handle secret values in words rather than bytes anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks for resolving this!
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin earlgrey_1.0.0
git worktree add -d .worktree/backport-25510-to-earlgrey_1.0.0 origin/earlgrey_1.0.0
cd .worktree/backport-25510-to-earlgrey_1.0.0
git switch --create backport-25510-to-earlgrey_1.0.0
git cherry-pick -x 777277ff68fce7db745d563693a95661dd9f108f |
These were initially excluded because we didn't support P-384 in cryptolib yet, but now that P-384 support is present we should test it. Note that there were some tests with SHA-256 in the original test suite that was commented out, but I removed them: since cryptolib doesn't let you use a hash function with collision resistance weaker than the curve security level these will always fail.
Verified locally that the ECDH and ECDSA targets pass on FPGA.
Follow-up after noticing it was missing while making some changes, see #25391