hardened_memory.h File Reference

Hardened memory operations for constant power buffer manipulation. More...

#include <stddef.h>
#include <stdint.h>
#include "sw/device/lib/base/hardened.h"
#include "sw/device/lib/base/macros.h"
#include "sw/device/lib/crypto/impl/status.h"

Go to the source code of this file.

Functions
uint32_t	hardened_memshred_random_word (void)
	Expects some external implementation of randomness to be linked.
status_t	hardened_memcpy (uint32_t *OT_RESTRICT dest, const uint32_t *OT_RESTRICT src, size_t word_len)
	Copies 32-bit words between non-overlapping regions.
status_t	hardened_memshred (uint32_t *dest, size_t word_len)
	Fills a 32-bit aligned region of memory with random data.
hardened_bool_t	hardened_memeq (const uint32_t *lhs, const uint32_t *rhs, size_t word_len)
	Compare two potentially-overlapping 32-bit aligned regions of memory for equality.
hardened_bool_t	consttime_memeq_byte (const void *lhs, const void *rhs, size_t len)
	Constant time memeq implementation that can also handle non 32-bit aligned buffers.
status_t	hardened_xor (const uint32_t *OT_RESTRICT x, const uint32_t *OT_RESTRICT y, size_t word_len, uint32_t *OT_RESTRICT dest)
	Combines two word buffers with XOR and store the result in the dest.
status_t	hardened_xor_in_place (uint32_t *OT_RESTRICT x, const uint32_t *OT_RESTRICT y, size_t word_len)
	Combines two word buffers with XOR in-place.

Detailed Description

Hardened memory operations for constant power buffer manipulation.

Definition in file hardened_memory.h.

Function Documentation

consttime_memeq_byte()

hardened_bool_t consttime_memeq_byte	(	const void *	lhs,
		const void *	rhs,
		size_t	len )

Constant time memeq implementation that can also handle non 32-bit aligned buffers.

Important: not hardened against SCA leakage, only guarantees constant time execution.

Parameters

lhs	The first buffer to compare.
rhs	The second buffer to compare.
word_len	The number of bytes to compare.

Definition at line 127 of file hardened_memory.c.

hardened_memcpy()

status_t hardened_memcpy	(	uint32_t *OT_RESTRICT	dest,
		const uint32_t *OT_RESTRICT	src,
		size_t	word_len )

Copies 32-bit words between non-overlapping regions.

Unlike memcpy(), this function has important differences:

• It is significantly slower, since it mitigates power-analysis attacks.
• It performs operations on 32-bit words, rather than bytes.
• It returns void.

Input pointers MUST be 32-bit aligned, although they do not need to actually point to memory declared as uint32_t per the C aliasing rules. Internally, this function is careful to not dereference its operands directly, and instead uses dedicated load/store intrinsics.

Parameters

dest	The destination of the copy.
src	The source of the copy.
word_len	The number of words to copy.

Returns

OK or error.

hardened_memeq()

hardened_bool_t hardened_memeq	(	const uint32_t *	lhs,
		const uint32_t *	rhs,
		size_t	word_len )

Compare two potentially-overlapping 32-bit aligned regions of memory for equality.

Unlike memcmp(), this function has important differences:

• It is significantly slower, since it mitigates power-analysis attacks.
• It performs operations on 32-bit words, rather than bytes.
• It only computes equality, not lexicographic ordering, which would be even slower.
• It returns a hardened_bool_t.
• It is constant-time.

Input pointers MUST be 32-bit aligned, although they do not need to actually point to memory declared as uint32_t per the C aliasing rules. Internally, this function is careful to not dereference its operands directly, and instead uses dedicated load/store intrinsics.

Parameters

lhs	The first buffer to compare.
rhs	The second buffer to compare.
word_len	The number of words to compare.

Definition at line 78 of file hardened_memory.c.

hardened_memshred()

status_t hardened_memshred	(	uint32_t *	dest,
		size_t	word_len )

Fills a 32-bit aligned region of memory with random data.

Unlike memset(), this function has important differences:

• It is significantly slower, since it mitigates power-analysis attacks.
• It performs operations on 32-bit words, rather than bytes.
• A fill value cannot be specified.
• It returns void.

Input pointers MUST be 32-bit aligned, although they do not need to actually point to memory declared as uint32_t per the C aliasing rules. Internally, this function is careful to not dereference its operands directly, and instead uses dedicated load/store intrinsics.

Parameters

dest	The destination of the set.
word_len	The number of words to write.

Returns

OK or error.

Definition at line 53 of file hardened_memory.c.

hardened_memshred_random_word()

uint32_t hardened_memshred_random_word ( void )

extern

Expects some external implementation of randomness to be linked.

Returns

A fresh random word.

hardened_xor()

status_t hardened_xor	(	const uint32_t *OT_RESTRICT	x,
		const uint32_t *OT_RESTRICT	y,
		size_t	word_len,
		uint32_t *OT_RESTRICT	dest )

Combines two word buffers with XOR and store the result in the dest.

buffer.

Performs dest = ((rand ^ x) ^ y) ^ rand

Callers should ensure the entropy complex is up before calling this function. The implementation uses random-order hardening primitives for side-channel defense. Moreover, calles should ensure that the dest. buffer is different from the source buffers.

Parameters

x	Pointer to the first operand.
y	Pointer to the second operand.
word_len	Length in words of each operand.
dest[out]	Pointer to the output buffer.

Returns

OK or error.

hardened_xor_in_place()

status_t hardened_xor_in_place	(	uint32_t *OT_RESTRICT	x,
		const uint32_t *OT_RESTRICT	y,
		size_t	word_len )

Combines two word buffers with XOR in-place.

Callers should ensure the entropy complex is up before calling this function. The implementation uses random-order hardening primitives for side-channel defense.

Parameters

[in,out]	x	Pointer to the first operand (modified in-place).
	y	Pointer to the second operand.
	word_len	Length in words of each operand.

Returns

OK or error.