https://github.com/mupq/pqm4
Revision d98a1623ae6d942ad166638a66c287eb3b884e47 authored by Matthias J. Kannwischer on 18 December 2023, 02:07:27 UTC, committed by rpls on 19 December 2023, 13:44:24 UTC
This (partially) addresses https://github.com/mupq/pqm4/issues/319. The function poly_tomsg from the reference implementation of Kyber (which was copied into the M4-optimized implementations) would result in a variable-time udiv instruction operating on secret data when compiled with gcc using -Os. I tried a couple of versions from gcc 11 to gcc 13, but did not see any difference. This commit updates the m4-specific code to use the patch from https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220. Note that the code in PQClean has not yet been updated and hence the clean implementation within pqm4 is still vulnerable.
1 parent dc26f54
Tip revision: d98a1623ae6d942ad166638a66c287eb3b884e47 authored by Matthias J. Kannwischer on 18 December 2023, 02:07:27 UTC
Update Kyber poly_tomsg to fix timing leak (w/ -Os)
Update Kyber poly_tomsg to fix timing leak (w/ -Os)
Tip revision: d98a162
build_everything.py
#!/usr/bin/env python3
"""
Builds all of the binaries without flashing them.
"""
import sys
from interface import parse_arguments, get_platform
from mupq import mupq
if __name__ == "__main__":
args, rest = parse_arguments()
platform, settings = get_platform(args)
with platform:
mupq.BuildAll(settings).test_all(rest)
Computing file changes ...