Software APIs
hardened_memory.h File Reference

Hardened memory operations for constant power buffer manipulation. More...

#include <stddef.h>
#include <stdint.h>
#include "sw/device/lib/base/hardened.h"
#include "sw/device/lib/base/macros.h"
#include "sw/device/lib/crypto/impl/status.h"

Go to the source code of this file.

Functions

uint32_t hardened_memshred_random_word (void)
 Expects some external implementation of randomness to be linked.
 
status_t hardened_memcpy (uint32_t *OT_RESTRICT dest, const uint32_t *OT_RESTRICT src, size_t word_len)
 Copies 32-bit words between non-overlapping regions.
 
status_t hardened_memshred (uint32_t *dest, size_t word_len)
 Fills a 32-bit aligned region of memory with random data.
 
hardened_bool_t hardened_memeq (const uint32_t *lhs, const uint32_t *rhs, size_t word_len)
 Compare two potentially-overlapping 32-bit aligned regions of memory for equality.
 
status_t hardened_xor (const uint32_t *OT_RESTRICT x, const uint32_t *OT_RESTRICT y, size_t word_len, uint32_t *OT_RESTRICT dest)
 Combines two word buffers with XOR and store the result in the dest.
 
status_t hardened_xor_in_place (uint32_t *OT_RESTRICT x, const uint32_t *OT_RESTRICT y, size_t word_len)
 Combines two word buffers with XOR in-place.
 

Detailed Description

Hardened memory operations for constant power buffer manipulation.

Definition in file hardened_memory.h.

Function Documentation

◆ hardened_memcpy()

status_t hardened_memcpy ( uint32_t *OT_RESTRICT dest,
const uint32_t *OT_RESTRICT src,
size_t word_len )

Copies 32-bit words between non-overlapping regions.

Unlike memcpy(), this function has important differences:

  • It is significantly slower, since it mitigates power-analysis attacks.
  • It performs operations on 32-bit words, rather than bytes.
  • It returns void.

Input pointers MUST be 32-bit aligned, although they do not need to actually point to memory declared as uint32_t per the C aliasing rules. Internally, this function is careful to not dereference its operands directly, and instead uses dedicated load/store intrinsics.

Parameters
destThe destination of the copy.
srcThe source of the copy.
word_lenThe number of words to copy.
Returns
OK or error.

◆ hardened_memeq()

hardened_bool_t hardened_memeq ( const uint32_t * lhs,
const uint32_t * rhs,
size_t word_len )

Compare two potentially-overlapping 32-bit aligned regions of memory for equality.

Unlike memcmp(), this function has important differences:

  • It is significantly slower, since it mitigates power-analysis attacks.
  • It performs operations on 32-bit words, rather than bytes.
  • It only computes equality, not lexicographic ordering, which would be even slower.
  • It returns a hardened_bool_t.
  • It is constant-time.

Input pointers MUST be 32-bit aligned, although they do not need to actually point to memory declared as uint32_t per the C aliasing rules. Internally, this function is careful to not dereference its operands directly, and instead uses dedicated load/store intrinsics.

Parameters
lhsThe first buffer to compare.
rhsThe second buffer to compare.
word_lenThe number of words to write.

Definition at line 80 of file hardened_memory.c.

◆ hardened_memshred()

status_t hardened_memshred ( uint32_t * dest,
size_t word_len )

Fills a 32-bit aligned region of memory with random data.

Unlike memset(), this function has important differences:

  • It is significantly slower, since it mitigates power-analysis attacks.
  • It performs operations on 32-bit words, rather than bytes.
  • A fill value cannot be specified.
  • It returns void.

Input pointers MUST be 32-bit aligned, although they do not need to actually point to memory declared as uint32_t per the C aliasing rules. Internally, this function is careful to not dereference its operands directly, and instead uses dedicated load/store intrinsics.

Parameters
destThe destination of the set.
word_lenThe number of words to write.
Returns
OK or error.

Definition at line 54 of file hardened_memory.c.

◆ hardened_memshred_random_word()

uint32_t hardened_memshred_random_word ( void )
extern

Expects some external implementation of randomness to be linked.

Returns
A fresh random word.

◆ hardened_xor()

status_t hardened_xor ( const uint32_t *OT_RESTRICT x,
const uint32_t *OT_RESTRICT y,
size_t word_len,
uint32_t *OT_RESTRICT dest )

Combines two word buffers with XOR and store the result in the dest.

buffer.

Performs dest = ((rand ^ x) ^ y) ^ rand

Callers should ensure the entropy complex is up before calling this function. The implementation uses random-order hardening primitives for side-channel defense. Moreover, calles should ensure that the dest. buffer is different from the source buffers.

Parameters
xPointer to the first operand.
yPointer to the second operand.
word_lenLength in words of each operand.
dest[out]Pointer to the output buffer.
Returns
OK or error.

◆ hardened_xor_in_place()

status_t hardened_xor_in_place ( uint32_t *OT_RESTRICT x,
const uint32_t *OT_RESTRICT y,
size_t word_len )

Combines two word buffers with XOR in-place.

Callers should ensure the entropy complex is up before calling this function. The implementation uses random-order hardening primitives for side-channel defense.

Parameters
[in,out]xPointer to the first operand (modified in-place).
yPointer to the second operand.
word_lenLength in words of each operand.
Returns
OK or error.