-
Notifications
You must be signed in to change notification settings - Fork 568
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Convenience overloads for CT::poison() #4197
Conversation
src/lib/utils/ct_utils.h
Outdated
/** | ||
* Unpoison a class type that provides a public `const_time_unpoison()` method | ||
* For instance: BigInt, CT::Mask<>, FrodoMatrix, ... | ||
*/ | ||
template <typename T> | ||
requires requires(const T& x) { x.const_time_unpoison(); } | ||
constexpr void unpoison(const T& x) { | ||
x.const_time_unpoison(); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We saw that BigInt::const_time_poison()
was a thing already and just extended the idea to general types. This will be convenient for the PQC stuff in particular, as it often has helper-structures that could encapsulate their poisoning.
Ideally, this method should be _const_time_poison()
, I guess, but we didn't want to break the existing BigInt
API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could alternately name it _const_time_poison
and on BigInt
just define const_time_poison
as a deprecated forward.
Or just define another instance and handle both cases --
template <typename T>
requires requires(const T& x) { x._const_time_unpoison(); }
constexpr void unpoison(const T& x) {
x._const_time_unpoison();
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll rename them to _....
which is anyway the new convention.
Co-Authored-By: Fabian Albert <fabian.albert@rohde-schwarz.com>
src/lib/utils/ct_utils.h
Outdated
@@ -416,6 +493,10 @@ class Mask final { | |||
*/ | |||
constexpr T value() const { return value_barrier<T>(m_mask); } | |||
|
|||
constexpr void const_time_poison() const { CT::poison(m_mask); } | |||
|
|||
constexpr void const_time_unpoison() const { CT::unpoison(m_mask); } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wait, this doesn't seem right. Are we poisoning/unpoisoning the masks currently somewhere?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. Here:
botan/src/lib/pk_pad/iso9796/iso9796.cpp
Line 192 in 1af5545
CT::unpoison(bad_input); |
botan/src/lib/tls/tls12/tls_cbc/tls_cbc.cpp
Line 452 in 1af5545
CT::unpoison(ok_mask); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah ok, fallout from not having CT::Choice
for this kind of logic.
Fine to merge this then, it's just keeping status quo. These should be fixed though.
f25ce78
to
30c7b85
Compare
I applied all review suggestions and tweaked the requirements for the overloads a little. Most notably: Additionally, I added Also note that I replaced the existing calls to |
30c7b85
to
fc27196
Compare
Essentially just renames all `const_time_poison()` members to `_const_time_poison()`. This communicates that it is not meant for general use by library users and/or by other code locations internally. Likewise for `...unpoison()`.
Co-Authored-By: Fabian Albert <fabian.albert@rohde-schwarz.com>
fc27196
to
85b06f4
Compare
This introduces a few convenience helpers for
CT::poison()
. For instance... and of course the respective
CT::unpoison()
functions.