Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address potential constant time issues #164

Merged
merged 7 commits into from
Oct 24, 2020
Merged

Address potential constant time issues #164

merged 7 commits into from
Oct 24, 2020

Conversation

stefanberger
Copy link
Owner

This PR addresses potential constant time issues that may arise when passing secrets to certain OpenSSL BIGNUM operations.

@stefanberger
tpm2: Set BN_FLG_CONSTTIME to select constant time computations
c939fd9 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
Travis: Run additional IBM TSS2 related test; use Bionic
2bf7fd7 
Run some additional IBM TSS2 related tests for better code
coverage. We need to switch to Bionic to get the tss2 package.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
Travis: Add python3 dependencies for swtpm test
fef98fb 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tpm12: Set BN_FLG_CONSTTIME to select constant time computations
f7f5682 
Set BN_FLG_CONSTTIME on the sensitive parts of the RSA key to
select constant time computations.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tpm12: Use EVP functions for decryption
29fe308 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tpm12: Use EVP functions for encryption
6a070b5 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tpm12: Add a note to RSA related to EVP conversion for constant-time
c372f5d 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@coveralls
Copy link

Pull Request Test Coverage Report for Build 1669

  • 111 of 161 (68.94%) changed or added relevant lines in 4 files are covered.
  • 414 unchanged lines in 46 files lost coverage.
  • Overall coverage increased (+0.9%) to 77.059%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/tpm2/crypto/openssl/TpmToOsslMath.c 2 3 66.67%
src/tpm12/tpm_openssl_helpers.c 31 47 65.96%
src/tpm12/tpm_crypto.c 75 108 69.44%
Files with Coverage Reduction New Missed Lines %
src/tpm12/tpm_admin.c 1 51.62%
src/tpm12/tpm_init.c 1 84.7%
src/tpm12/tpm_migration.c 1 84.45%
src/tpm2/crypto/openssl/CryptSmac.c 1 47.83%
src/tpm2/NVMem.c 1 93.02%
src/tpm2/PCR.c 1 96.3%
src/tpm2/Time.c 1 95.52%
src/tpm12/tpm_owner.c 2 64.99%
src/tpm12/tpm_permanent.c 2 87.04%
src/tpm12/tpm_startup.c 2 68.49%
Totals Coverage Status
Change from base Build 1596: 0.9%
Covered Lines: 28346
Relevant Lines: 36785
💛 - Coveralls

@stefanberger stefanberger merged commit 785ad4d into stable-0.7.0 Oct 24, 2020
@stefanberger stefanberger deleted the stable-0.7.0-constanttime branch October 24, 2020 03:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stefanberger @coveralls