Skip to content

[crypto] Check if byte-copy was successful #28773

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[crypto] Check if byte-copy was successful #28773

wants to merge 2 commits into from
+24 −11

Conversation

@nasahlpa
Copy link
Member

@nasahlpa nasahlpa commented Nov 19, 2025

After a byte-wise copy using randomized_bytecopy() use the function consttime_memeq_byte() to check if copying the data was successful. This is a FI mitigation.

Closes #28753.

@nasahlpa nasahlpa requested a review from a team as a code owner November 19, 2025 08:02
@nasahlpa nasahlpa requested review from alees24 and removed request for a team November 19, 2025 08:02
@nasahlpa nasahlpa added the CherryPick:earlgrey_1.0.0 This PR should be cherry-picked to earlgrey_1.0.0 label Nov 19, 2025
johannheyszl
johannheyszl reviewed Nov 19, 2025
View reviewed changes
johannheyszl
johannheyszl approved these changes Nov 19, 2025
View reviewed changes
Copy link
Contributor

@johannheyszl johannheyszl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @nasahlpa !

@nasahlpa
[crypto] Check if byte-copy was successful
c023447 
After a byte-wise copy using randomized_bytecopy() use the function
consttime_memeq_byte() to check if copying the data was successful.
This is a FI mitigation.

Closes lowRISC#28753.

Signed-off-by: Pascal Nasahl <[email protected]>
@johannheyszl johannheyszl mentioned this pull request Nov 19, 2025
Closed
h-filali
h-filali reviewed Nov 20, 2025
View reviewed changes
Copy link
Contributor

@h-filali h-filali left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @nasahlpa for adding this!

Do we think we should randomize consttime_memeq_byte as well to avoid leakage?

@nasahlpa
[crypto] Randomize reads of consttime_memeq_byte
212db8c 
To reduce SCA leakage, randomize the order we are reading from the
two buffers. This is in-line with other functions in `hardened_memory`.

Signed-off-by: Pascal Nasahl <[email protected]>
@nasahlpa
Copy link
Member Author

nasahlpa commented Nov 20, 2025

Thanks @nasahlpa for adding this!

Do we think we should randomize consttime_memeq_byte as well to avoid leakage?

Thanks Hakim - yes this is a good point.

I've pushed another commit that does the randomization of the consttime_memeq_byte function. @johannheyszl @h-filali could you please take a look into this commit as well.

h-filali
h-filali approved these changes Nov 20, 2025
View reviewed changes
Copy link
Contributor

@h-filali h-filali left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @nasahlpa. Checked out the second commit and this LGTM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@h-filali h-filali h-filali approved these changes

@alees24 alees24 Awaiting requested review from alees24 alees24 is a code owner automatically assigned from lowRISC/ot-c-cpp-reviewers

+2 more reviewers

@siemen11 siemen11 siemen11 approved these changes

@johannheyszl johannheyszl johannheyszl approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

CherryPick:earlgrey_1.0.0 This PR should be cherry-picked to earlgrey_1.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[crypto] Do memeq in randomized_bytecopy

4 participants

@nasahlpa @siemen11 @h-filali @johannheyszl