Hardened memory operations for constant power buffer manipulation. More...

#include <stddef.h>
#include <stdint.h>
#include "sw/device/lib/base/hardened.h"
#include "sw/device/lib/base/macros.h"
#include "sw/device/lib/crypto/impl/status.h"

Functions
uint32_t	hardened_memshred_random_word (void)
	Expects some external implementation of randomness to be linked.

status_t	hardened_memcpy (uint32_t OT_RESTRICT dest, const uint32_t OT_RESTRICT src, size_t word_len)
	Copies 32-bit words between non-overlapping regions.

status_t	hardened_memshred (uint32_t *dest, size_t word_len)
	Fills a 32-bit aligned region of memory with random data.

hardened_bool_t	hardened_memeq (const uint32_t lhs, const uint32_t rhs, size_t word_len)
	Compare two potentially-overlapping 32-bit aligned regions of memory for equality.

status_t	hardened_xor (const uint32_t OT_RESTRICT x, const uint32_t OT_RESTRICT y, size_t word_len, uint32_t *OT_RESTRICT dest)
	Combines two word buffers with XOR and store the result in the dest.

status_t	hardened_xor_in_place (uint32_t OT_RESTRICT x, const uint32_t OT_RESTRICT y, size_t word_len)
	Combines two word buffers with XOR in-place.

Detailed Description

Hardened memory operations for constant power buffer manipulation.

Definition in file hardened_memory.h.

Function Documentation

◆ hardened_memcpy()

status_t hardened_memcpy	(	uint32_t *OT_RESTRICT	dest,
		const uint32_t *OT_RESTRICT	src,
		size_t	word_len )

Copies 32-bit words between non-overlapping regions.

Unlike memcpy(), this function has important differences:

It is significantly slower, since it mitigates power-analysis attacks.
It performs operations on 32-bit words, rather than bytes.
It returns void.

Input pointers MUST be 32-bit aligned, although they do not need to actually point to memory declared as uint32_t per the C aliasing rules. Internally, this function is careful to not dereference its operands directly, and instead uses dedicated load/store intrinsics.

Parameters

dest	The destination of the copy.
src	The source of the copy.
word_len	The number of words to copy.

Returns: OK or error.

◆ hardened_memeq()

hardened_bool_t hardened_memeq	(	const uint32_t *	lhs,
		const uint32_t *	rhs,
		size_t	word_len )

Compare two potentially-overlapping 32-bit aligned regions of memory for equality.

Unlike memcmp(), this function has important differences:

It is significantly slower, since it mitigates power-analysis attacks.
It performs operations on 32-bit words, rather than bytes.
It only computes equality, not lexicographic ordering, which would be even slower.
It returns a hardened_bool_t.
It is constant-time.

Input pointers MUST be 32-bit aligned, although they do not need to actually point to memory declared as uint32_t per the C aliasing rules. Internally, this function is careful to not dereference its operands directly, and instead uses dedicated load/store intrinsics.

Parameters

lhs	The first buffer to compare.
rhs	The second buffer to compare.
word_len	The number of words to write.

Definition at line 80 of file hardened_memory.c.

◆ hardened_memshred()

status_t hardened_memshred	(	uint32_t *	dest,
		size_t	word_len )

Fills a 32-bit aligned region of memory with random data.

Unlike memset(), this function has important differences:

It is significantly slower, since it mitigates power-analysis attacks.
It performs operations on 32-bit words, rather than bytes.
A fill value cannot be specified.
It returns void.

Input pointers MUST be 32-bit aligned, although they do not need to actually point to memory declared as uint32_t per the C aliasing rules. Internally, this function is careful to not dereference its operands directly, and instead uses dedicated load/store intrinsics.

Parameters

dest	The destination of the set.
word_len	The number of words to write.

Returns: OK or error.

Definition at line 54 of file hardened_memory.c.

◆ hardened_memshred_random_word()

uint32_t hardened_memshred_random_word ( void )

extern

Expects some external implementation of randomness to be linked.

Returns: A fresh random word.

◆ hardened_xor()

status_t hardened_xor	(	const uint32_t *OT_RESTRICT	x,
		const uint32_t *OT_RESTRICT	y,
		size_t	word_len,
		uint32_t *OT_RESTRICT	dest )

Combines two word buffers with XOR and store the result in the dest.

buffer.

Performs dest = ((rand ^ x) ^ y) ^ rand

Callers should ensure the entropy complex is up before calling this function. The implementation uses random-order hardening primitives for side-channel defense. Moreover, calles should ensure that the dest. buffer is different from the source buffers.

Parameters

x	Pointer to the first operand.
y	Pointer to the second operand.
word_len	Length in words of each operand.
dest[out]	Pointer to the output buffer.

Returns: OK or error.

◆ hardened_xor_in_place()

status_t hardened_xor_in_place	(	uint32_t *OT_RESTRICT	x,
		const uint32_t *OT_RESTRICT	y,
		size_t	word_len )

Combines two word buffers with XOR in-place.

Callers should ensure the entropy complex is up before calling this function. The implementation uses random-order hardening primitives for side-channel defense.

Parameters

[in,out]	x	Pointer to the first operand (modified in-place).
	y	Pointer to the second operand.
	word_len	Length in words of each operand.

Returns: OK or error.

Functions

Detailed Description

Function Documentation

◆ hardened_memcpy()

◆ hardened_memeq()

◆ hardened_memshred()

◆ hardened_memshred_random_word()

◆ hardened_xor()

◆ hardened_xor_in_place()