[crypto] Fix conditional subtraction in p384_key_from_seed #28558
Conversation
Signed-off-by: Kat Fox <[email protected]>
|
Hi @pqcfox, Thank you for your pull request, which we appreciate. By signing off on the lowRISC CIC Contributor License Agreement (the CLA), you are a lowRISC contributor and hence part of the project’s uniform copyright notice in the file header: Detailed and up-to-date attribution for all contributions is available via the Git version control system:
More than 200 individuals from more than 25 organizations and more than 20 non-organizational individuals have contributed to OpenTitan to date. If all of them would add their own attribution or copyright notices, that would clutter the code base and wouldn’t be more accurate or up-to-date than the information available through the version control system. For this reason, the project uses one uniform copyright header, and we ask you to please amend your commits accordingly. For contributors who are members of non-project partner organizations, we require a corporate contributor license agreement. This will remain valid until terminated by either party, so for any subsequent pull requests the Signed-off-by commit message trailer will suffice. Please contact [email protected] to initiate the establishment of a contributor agreement. Thank you for your understanding. We look forward to working with you to get your pull request reviewed, approved, and merged after the aforementioned steps have been taken. |
2 participants
This small PR removes a flag clear in
p384_keygen_from_seed.sto re-enable a conditional subtraction inp384_key_from_seed. Without this conditional subtraction, a small bias is introduced into the generated key distribution as the modified function will no longer always computed = (d0' + d1') mod nford0',d1'congruent tod0,d1modulonrespectively.For side channel purposes, the existing
bn.xorafter the conditional subtraction already handles clearing flags, so no further changes are needed.