Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decrease the timing differences when trimming zeros from DH TLS PMS #129

Merged
merged 3 commits into from
Sep 15, 2020
Merged

Decrease the timing differences when trimming zeros from DH TLS PMS #129

merged 3 commits into from
Sep 15, 2020

Conversation

SalusaSecondus
Copy link
Contributor

Description of changes:

These changes reduce the timing signal generated by trimming zeros from DH agreed TLS pre-master secrets. They cannot be fully eliminated, but these changes help mitigate them.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

scottarc
scottarc approved these changes Sep 15, 2020
View reviewed changes
src/com/amazon/corretto/crypto/provider/EvpKeyAgreement.java Show resolved Hide resolved
src/com/amazon/corretto/crypto/provider/ConstantTime.java
/**
* Equivalent to {@code val != 0 ? 1 : 0}
*/
static final int isNonZero(int val) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very minor bikeshed: Is it possible to use byte as the return type instead of int to save on memory usage? (If the answer is "No", that's fine.)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically, yes.

However, Java automatically casts all bit-wise operations to int or larger. So, I'm not sure if it would practically decrease memory usage and it would make everything a bit more annoying to read (due to large numbers of casts).

src/com/amazon/corretto/crypto/provider/ConstantTime.java Show resolved Hide resolved
src/com/amazon/corretto/crypto/provider/ConstantTime.java Show resolved Hide resolved
src/com/amazon/corretto/crypto/provider/ConstantTime.java Show resolved Hide resolved
src/com/amazon/corretto/crypto/provider/ConstantTime.java Show resolved Hide resolved
src/com/amazon/corretto/crypto/provider/ConstantTime.java Show resolved Hide resolved
src/com/amazon/corretto/crypto/provider/ConstantTime.java Show resolved Hide resolved
src/com/amazon/corretto/crypto/provider/EvpKeyAgreement.java Show resolved Hide resolved
src/com/amazon/corretto/crypto/provider/EvpKeyAgreement.java Show resolved Hide resolved
@SalusaSecondus SalusaSecondus merged commit bdfb7cf into corretto:develop Sep 15, 2020
@SalusaSecondus SalusaSecondus deleted the trimZeros branch September 15, 2020 20:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scottarc scottarc scottarc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SalusaSecondus @scottarc