[commit: packages/integer-gmp] master: Add side-channel attack resilient `powModSecInteger` (4d7cd68)

git at git.haskell.org git at git.haskell.org
Mon Oct 28 21:12:27 UTC 2013 

Repository : ssh://git@git.haskell.org/integer-gmp

On branch  : master
Link       : http://git.haskell.org/packages/integer-gmp.git/commitdiff/4d7cd68b3c6fd87e80d178f1433f3b67e16a6b98

>---------------------------------------------------------------

commit 4d7cd68b3c6fd87e80d178f1433f3b67e16a6b98
Author: Herbert Valerio Riedel <hvr at gnu.org>
Date:   Sun Oct 27 23:14:11 2013 +0100

    Add side-channel attack resilient `powModSecInteger`
    
    This is a follow-up to 97c101b7363f84d925a600acb56a9fa3a997ea0d which
    introduced the "ordinary" `powModInteger` operation.
    
    Signed-off-by: Herbert Valerio Riedel <hvr at gnu.org>


>---------------------------------------------------------------

4d7cd68b3c6fd87e80d178f1433f3b67e16a6b98
 GHC/Integer/GMP/Internals.hs |    2 +-
 GHC/Integer/GMP/Prim.hs      |    6 ++++++
 GHC/Integer/Type.lhs         |   16 +++++++++++++++-
 cbits/gmp-wrappers.cmm       |    2 ++
 4 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/GHC/Integer/GMP/Internals.hs b/GHC/Integer/GMP/Internals.hs
index b80840b..f1aec51 100644
--- a/GHC/Integer/GMP/Internals.hs
+++ b/GHC/Integer/GMP/Internals.hs
@@ -1,6 +1,6 @@
 {-# LANGUAGE NoImplicitPrelude #-}
 
-module GHC.Integer.GMP.Internals (Integer(..), gcdInt, gcdInteger, gcdExtInteger, lcmInteger, powInteger, powModInteger, recipModInteger)
+module GHC.Integer.GMP.Internals (Integer(..), gcdInt, gcdInteger, gcdExtInteger, lcmInteger, powInteger, powModInteger, powModSecInteger, recipModInteger)
     where
 
 import GHC.Integer.Type
diff --git a/GHC/Integer/GMP/Prim.hs b/GHC/Integer/GMP/Prim.hs
index 401855b..0fd1b32 100644
--- a/GHC/Integer/GMP/Prim.hs
+++ b/GHC/Integer/GMP/Prim.hs
@@ -43,6 +43,7 @@ module GHC.Integer.GMP.Prim (
 
     powInteger#,
     powModInteger#,
+    powModSecInteger#,
     recipModInteger#,
 
 #if WORD_SIZE_IN_BITS < 64
@@ -198,6 +199,11 @@ foreign import prim "integer_cmm_powModIntegerzh" powModInteger#
 
 -- |
 --
+foreign import prim "integer_cmm_powModSecIntegerzh" powModSecInteger#
+  :: Int# -> ByteArray# -> Int# -> ByteArray# -> Int# -> ByteArray# -> (# Int#, ByteArray# #)
+
+-- |
+--
 foreign import prim "integer_cmm_recipModIntegerzh" recipModInteger#
   :: Int# -> ByteArray# -> Int# -> ByteArray# -> (# Int#, ByteArray# #)
 
diff --git a/GHC/Integer/Type.lhs b/GHC/Integer/Type.lhs
index 6e13eb5..5ff79ab 100644
--- a/GHC/Integer/Type.lhs
+++ b/GHC/Integer/Type.lhs
@@ -45,7 +45,7 @@ import GHC.Integer.GMP.Prim (
     int2Integer#, integer2Int#, word2Integer#, integer2Word#,
     andInteger#, orInteger#, xorInteger#, complementInteger#,
     testBitInteger#, mul2ExpInteger#, fdivQ2ExpInteger#,
-    powInteger#, powModInteger#, recipModInteger#,
+    powInteger#, powModInteger#, powModSecInteger#, recipModInteger#,
 #if WORD_SIZE_IN_BITS < 64
     int64ToInteger#,  integerToInt64#,
     word64ToInteger#, integerToWord64#,
@@ -616,6 +616,20 @@ powModInteger (J# s1 d1) (J# s2 d2) (J# s3 d3) =
         (# s', d' #) -> J# s' d'
 powModInteger b e m = powModInteger (toBig b) (toBig e) (toBig m)
 
+-- | @powModSecInteger b e m@ computes base @b@ raised to exponent @e@
+-- modulo @m at . It is required that @e@ > 0 and @m@ is odd.
+--
+-- This is a \"secure\" variant of 'powModInteger' using the
+-- @mpz_powm_sec()@ function which is designed to be resilient to side
+-- channel attacks and is therefore intended for cryptographic
+-- applications.
+{-# NOINLINE powModSecInteger #-}
+powModSecInteger :: Integer -> Integer -> Integer -> Integer
+powModSecInteger (J# s1 d1) (J# s2 d2) (J# s3 d3) =
+    case powModSecInteger# s1 d1 s2 d2 s3 d3 of
+        (# s', d' #) -> J# s' d'
+powModSecInteger b e m = powModSecInteger (toBig b) (toBig e) (toBig m)
+
 -- | @recipModInteger x m@ computes the inverse of @x@ modulo @m at . If
 -- the inverse exists, the return value @y@ will satisfy @0 < y <
 -- abs(m)@, otherwise the result is 0.
diff --git a/cbits/gmp-wrappers.cmm b/cbits/gmp-wrappers.cmm
index 68e6485..aadd134 100644
--- a/cbits/gmp-wrappers.cmm
+++ b/cbits/gmp-wrappers.cmm
@@ -52,6 +52,7 @@ import "integer-gmp" __gmpz_ior;
 import "integer-gmp" __gmpz_com;
 import "integer-gmp" __gmpz_pow_ui;
 import "integer-gmp" __gmpz_powm;
+import "integer-gmp" __gmpz_powm_sec;
 import "integer-gmp" __gmpz_invert;
 
 import "integer-gmp" integer_cbits_decodeDouble;
@@ -437,6 +438,7 @@ GMP_TAKE2_RET2(integer_cmm_quotRemIntegerzh,        __gmpz_tdiv_qr)
 GMP_TAKE2_RET2(integer_cmm_divModIntegerzh,         __gmpz_fdiv_qr)
 
 GMP_TAKE3_RET1(integer_cmm_powModIntegerzh,         __gmpz_powm)
+GMP_TAKE3_RET1(integer_cmm_powModSecIntegerzh,      __gmpz_powm_sec)
 GMP_TAKE2_RET1(integer_cmm_recipModIntegerzh,       __gmpz_invert)
 GMP_TAKE1_UL1_RET1(integer_cmm_powIntegerzh,        __gmpz_pow_ui)

More information about the ghc-commits mailing list