From a27430a2fc1347926142db0f1a24fe6ecaee9163 Mon Sep 17 00:00:00 2001 From: mdw Date: Sun, 2 Jul 2000 18:24:39 +0000 Subject: [PATCH] Use a new multiplication function from an Ascom white paper to resist timing attacks. --- idea.c | 63 +++++++++++++++++++++++++++++++++------------------------------ 1 file changed, 33 insertions(+), 30 deletions(-) diff --git a/idea.c b/idea.c index 5f88948..cde3af4 100644 --- a/idea.c +++ b/idea.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: idea.c,v 1.2 2000/06/17 11:24:08 mdw Exp $ + * $Id: idea.c,v 1.3 2000/07/02 18:24:39 mdw Exp $ * * Implementation of the IDEA cipher * @@ -30,6 +30,10 @@ /*----- Revision history --------------------------------------------------* * * $Log: idea.c,v $ + * Revision 1.3 2000/07/02 18:24:39 mdw + * Use a new multiplication function from an Ascom white paper to resist + * timing attacks. + * * Revision 1.2 2000/06/17 11:24:08 mdw * New key size interface. * @@ -90,22 +94,21 @@ static uint16 inv(uint16 n) * Arguments @x@ and @y@ are two 32-bit values to multiply. On exit, @x@ is * the product of the two arguments. The result is not normalized back to 16 * bits; the arguments are not expected to be normalized. + * + * This code is from `Side Channel Attack Hardening of the IDEA Cipher', + * published by Ascom Tech. */ #define MUL(x, y) do { \ - uint32 _mx, _my = (y); \ - if ((_mx = U16(x)) == 0) \ - (x) = 1 - _my; \ - else if (_my == 0) \ - (x) = 1 - _mx; \ - else { \ - _my *= _mx; \ - _mx = U16(_my); _my >>= 16; \ - if (_mx < _my) \ - (x) = _mx - _my + 1; \ - else \ - (x) = _mx - _my; \ - } \ + unsigned _t; \ + uint32 _tt; \ + \ + x = U16(x - 1); \ + _t = U16(y - 1); \ + _tt = (uint32)x * (uint32)_t + (uint32)x + (uint32)_t + 1; \ + x = U16(_tt); \ + _t = U16(_tt >> 16); \ + x = x - _t + (x <= _t); \ } while (0) /* --- @idea_init@ --- * @@ -209,28 +212,28 @@ void idea_init(idea_ctx *k, const void *buf, size_t sz) /* --- @ROUND@ --- */ #define MIX(k, a, b, c, d) do { \ - MUL(a, (k)[0]); \ - (b) += (k)[1]; \ - (c) += (k)[2]; \ - MUL(d, (k)[3]); \ + MUL(a, k[0]); \ + b += k[1]; \ + c += k[2]; \ + MUL(d, k[3]); \ } while (0) #define MA(k, a, b, c, d) do { \ - unsigned _u = (a) ^ (c); \ - unsigned _v = (b) ^ (d); \ - MUL(_u, (k)[4]); \ + unsigned _u = a ^ c; \ + unsigned _v = b ^ d; \ + MUL(_u, k[4]); \ _v += _u; \ - MUL(_v, (k)[5]); \ + MUL(_v, k[5]); \ _u += _v; \ - (a) ^= _v; \ - (b) ^= _u; \ - (c) ^= _v; \ - (d) ^= _u; \ + a ^= _v; \ + b ^= _u; \ + c ^= _v; \ + d ^= _u; \ } while (0); #define ROUND(k, a, b, c, d) do { \ - MIX((k), (a), (b), (c), (d)); \ - MA((k), (a), (b), (c), (d)); \ + MIX(k, a, b, c, d); \ + MA(k, a, b, c, d); \ (k) += 6; \ } while (0) @@ -252,8 +255,8 @@ void idea_init(idea_ctx *k, const void *buf, size_t sz) ROUND(_k, _a, _b, _c, _d); \ ROUND(_k, _a, _c, _b, _d); \ MIX (_k, _a, _c, _b, _d); \ - (c) = (U16(_a) << 16) | U16(_c); \ - (d) = (U16(_b) << 16) | U16(_d); \ + c = (U16(_a) << 16) | U16(_c); \ + d = (U16(_b) << 16) | U16(_d); \ } while (0) #define DBLK(k, a, b) EBLK((k), (a), (b)) -- 2.11.0