1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
|
From 9f335d719ebc27f58251559240de0077ec42c583 Mon Sep 17 00:00:00 2001
From: Pierre Lestringant <plt@amossys.fr>
Date: Wed, 6 Apr 2016 15:51:17 +0200
Subject: [PATCH] Fix the Rijndael timing attack counter measure
---
rijndael.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rijndael.cpp b/rijndael.cpp
index f394960..92f9dea 100644
--- a/rijndael.cpp
+++ b/rijndael.cpp
@@ -372,10 +372,12 @@ void Rijndael::Enc::ProcessAndXorBlock(c
t3 = rk[7];
rk += 8;
- // timing attack countermeasure. see comments at top for more details
+ // timing attack countermeasure. see comments at top for more details.
+ // also see http://github.com/weidai11/cryptopp/issues/146
const int cacheLineSize = GetCacheLineSize();
unsigned int i;
- word32 u = 0;
+ volatile word32 _u = 0;
+ word32 u = _u;
#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
for (i=0; i<2048; i+=cacheLineSize)
#else
@@ -448,10 +450,12 @@ void Rijndael::Dec::ProcessAndXorBlock(c
t3 = rk[7];
rk += 8;
- // timing attack countermeasure. see comments at top for more details
+ // timing attack countermeasure. see comments at top for more details.
+ // also see http://github.com/weidai11/cryptopp/issues/146
const int cacheLineSize = GetCacheLineSize();
unsigned int i;
- word32 u = 0;
+ volatile word32 _u = 0;
+ word32 u = _u;
#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
for (i=0; i<2048; i+=cacheLineSize)
#else
@@ -491,7 +495,7 @@ void Rijndael::Dec::ProcessAndXorBlock(c
// timing attack countermeasure. see comments at top for more details
// If CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined,
// QUARTER_ROUND_LD will use Td, which is already preloaded.
- u = 0;
+ u = _u;
for (i=0; i<256; i+=cacheLineSize)
u &= *(const word32 *)(Sd+i);
u &= *(const word32 *)(Sd+252);
|