[PATCH 08/13] GCM: Add stack burning
Jussi Kivilinna
jussi.kivilinna at iki.fi
Wed Nov 20 18:00:37 CET 2013
* cipher/cipher-gcm.c (do_ghash, ghash): Return stack burn depth.
(setupM): Wipe 'tmp' buffer.
(do_ghash_buf): Wipe 'tmp' buffer and add stack burning.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
cipher/cipher-gcm.c | 35 ++++++++++++++++++++++++++---------
1 file changed, 26 insertions(+), 9 deletions(-)
diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
index fcfa357..cf666ab 100644
--- a/cipher/cipher-gcm.c
+++ b/cipher/cipher-gcm.c
@@ -108,7 +108,7 @@ do_fillM (unsigned char *h, u64 *M)
}
}
-static inline void
+static inline unsigned int
do_ghash (unsigned char *result, const unsigned char *buf, const u64 *gcmM)
{
u64 V[2];
@@ -158,6 +158,9 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u64 *gcmM)
buf_put_be64 (result + 0, tmp[0]);
buf_put_be64 (result + 8, tmp[1]);
+
+ return (sizeof(V) + sizeof(T) + sizeof(tmp) +
+ sizeof(int)*2 + sizeof(void*)*5);
}
#else
@@ -214,7 +217,7 @@ do_fillM (unsigned char *h, u32 *M)
}
}
-static inline void
+static inline unsigned int
do_ghash (unsigned char *result, const unsigned char *buf, const u32 *gcmM)
{
byte V[16];
@@ -269,6 +272,9 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u32 *gcmM)
buf_put_be32 (result + 4, tmp[1]);
buf_put_be32 (result + 8, tmp[2]);
buf_put_be32 (result + 12, tmp[3]);
+
+ return (sizeof(V) + sizeof(T) + sizeof(tmp) +
+ sizeof(int)*2 + sizeof(void*)*6);
}
#endif /* !HAVE_U64_TYPEDEF || SIZEOF_UNSIGNED_LONG != 8 */
@@ -291,7 +297,7 @@ bshift (unsigned long *b)
return c;
}
-static void
+static unsigned int
do_ghash (unsigned char *hsub, unsigned char *result, const unsigned char *buf)
{
unsigned long V[4];
@@ -333,6 +339,8 @@ do_ghash (unsigned char *hsub, unsigned char *result, const unsigned char *buf)
result[i + 3] = p[0];
}
#endif
+
+ return (sizeof(V) + sizeof(T) + sizeof(int)*2 + sizeof(void*)*5);
}
#define fillM(c, h) do { } while (0)
@@ -549,14 +557,15 @@ static inline void gfmul_pclmul_aggr4(void)
#endif /*GCM_USE_INTEL_PCLMUL*/
-static void
+static unsigned int
ghash (gcry_cipher_hd_t c, byte *result, const byte *buf,
unsigned int nblocks)
{
const unsigned int blocksize = GCRY_GCM_BLOCK_LEN;
+ unsigned int burn;
if (nblocks == 0)
- return;
+ return 0;
if (0)
;
@@ -648,17 +657,20 @@ ghash (gcry_cipher_hd_t c, byte *result, const byte *buf,
"pxor %%xmm6, %%xmm6\n\t"
"pxor %%xmm7, %%xmm7\n\t"
::: "cc" );
+ burn = 0;
}
#endif
else
{
while (nblocks)
{
- GHASH (c, result, buf);
+ burn = GHASH (c, result, buf);
buf += blocksize;
nblocks--;
}
}
+
+ return burn + (burn ? 5*sizeof(void*) : 0);
}
@@ -721,6 +733,8 @@ setupM (gcry_cipher_hd_t c, byte *h)
"pxor %%xmm8, %%xmm8\n\t"
::: "cc" );
#endif
+
+ wipememory (tmp, sizeof(tmp));
}
#endif
else
@@ -792,12 +806,13 @@ do_ghash_buf(gcry_cipher_hd_t c, byte *hash, const byte * buf,
unsigned char tmp[MAX_BLOCKSIZE];
unsigned int blocksize = GCRY_GCM_BLOCK_LEN;
unsigned int nblocks;
+ unsigned int burn = 0;
nblocks = buflen / blocksize;
if (nblocks)
{
- ghash (c, hash, buf, nblocks);
+ burn = ghash (c, hash, buf, nblocks);
buf += blocksize * nblocks;
buflen -= blocksize * nblocks;
}
@@ -806,10 +821,12 @@ do_ghash_buf(gcry_cipher_hd_t c, byte *hash, const byte * buf,
{
buf_cpy (tmp, buf, buflen);
memset (tmp + buflen, 0, blocksize - buflen);
- ghash (c, hash, tmp, 1);
+ burn = ghash (c, hash, tmp, 1);
+ wipememory (tmp, sizeof(tmp));
}
- /* TODO: burn stack */
+ if (burn)
+ _gcry_burn_stack (burn);
}
More information about the Gcrypt-devel
mailing list