aboutsummaryrefslogtreecommitdiffstats
path: root/mpi/mpi-pow.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2013-10-18mpi: mpi-pow improvementsWerner Koch1-0/+443
* mpi/mpi-pow.c (USE_ALGORITHM_SIMPLE_EXPONENTIATION): New. (mul_mod) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New. (mpi_powm) [!USE_ALGORITHM_SIMPLE_EXPONENTIATION]: New implementation of left-to-right k-ary exponentiation. -- This is a backport from Libgcrypt commit 45aa6131e93fac89d46733b3436d960f35fb99b2 Signed-off-by: NIIBE Yutaka <[email protected]> For the Yarom/Falkner flush+reload cache side-channel attack, we changed the code so that it always calls the multiplication routine (even if we can skip it to get result). This results some performance regression. This change is for recovering performance with efficient algorithm. Signed-off-by: Werner Koch <[email protected]>
2013-07-25Mitigate a flush+reload cache attack on RSA secret exponents.Werner Koch1-3/+12
* mpi/mpi-pow.c (mpi_powm): Always perform the mpi_mul for exponents hold in secure memory. -- The attack is described in a paper to be pusblished at eprint.iacr.org: Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack by Yuval Yarom and Katrina Falkner. 18 July 2013. Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a spy program to recover over 98% of the bits of the private key in a single decryption or signing round. Unlike previous attacks, the attack targets the last level L3 cache. Consequently, the spy program and the victim do not need to share the execution core of the CPU. The attack is not limited to a traditional OS and can be used in a virtualised environment, where it can attack programs executing in a different VM. Signed-off-by: Werner Koch <[email protected]>
2011-08-09Removed some set but unused vars.Werner Koch1-3/+2
2007-10-23Switched to GPLv3.Werner Koch1-4/+2
Updated gettext.
2005-05-31Updated FSF street address and preparations for a release candidate.Werner Koch1-1/+2
2004-05-20* longlong.h: Typo.David Shaw1-7/+8
* mpi-pow.c (mpi_powm): s/exp/exponent/ to shutup a compiler warning. From Werner on stable branch.
2002-06-29Update head to match stable 1.0David Shaw1-0/+294
2000-12-19Removed files from the HEAD revision, because they are now in anotherWerner Koch1-295/+0
repository
2000-07-17See ChangeLog: Mon Jul 17 16:35:47 CEST 2000 Werner KochWerner Koch1-4/+17
1999-12-08See ChangeLog: Wed Dec 8 21:58:32 CET 1999 Werner KochWerner Koch1-2/+2
1999-04-18See ChangeLog: Sun Apr 18 10:11:28 CEST 1999 Werner KochWerner Koch1-1/+2
1998-12-23See ChangeLog: Wed Dec 23 13:34:22 CET 1998 Werner KochWerner Koch1-3/+3
1998-06-16some more internall structure changesWerner Koch1-4/+4
1998-02-24Renamed to GNUPGV-0-2-8Werner Koch1-4/+4
1998-01-16added some trust model stuffWerner Koch1-1/+1
1997-12-23changed configuration stuff, replaced some Makefile.am by distfiles.Werner Koch1-1/+20
1997-11-26changed the dir layoutWerner Koch1-7/+22
1997-11-18initially checkinWerner Koch1-0/+247
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 18:14:08 +0000