Re: [PATCH 08/10] crypto: scatterwak - Add scatterwalk_sg_copychunks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Freitag, 18. März 2016, 20:32:05 schrieb Tudor Ambarus:

Hi Tudor,

> This patch adds the function scatterwalk_sg_copychunks which writes
> a chunk of data from a scatterwalk to another scatterwalk.
> It will be used by caam driver to remove the leading zeros of RSA's
> algorithm output.

The following is unrelated to the patch, but regarding your statement: I 
lately read that leading zeros are skipped for RSA. Why is that implemented 
this way? The driver of my question is side channels. Don't we open ourselves 
up to side channel attacks when forgetting about zeros?

Heck, by simply processing zeros in a modular exponentiation (of a private 
key), we have side channels, because processing of zeros is faster than ones. 
I am starting to wonder whether this magic with the leading zeros is going to 
hurt us?

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux