Add stack burning for PQC algorithms
289c0a596fd3Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Add stack burning for PQC algorithms

* cipher/dilithium.h (DILITHIUM_KEYPAIR_STACK_BURN)
(DILITHIUM_SIGN_STACK_BURN, DILITHIUM_VERIFY_STACK_BURN): New.
* cipher/kem.c (_gcry_kem_genkey, _gcry_kem_encap)
(_gcry_kem_decap): Burn stack after calls to sntrup761, kyber and
mceliece6688128f algos.
* cipher/kyber.h (KYBER_KEYPAIR_STACK_BURN, KYBER_ENCAP_STACK_BURN)
(KYBER_DECAP_STACK_BURN): New.
* cipher/mceliece6688128f.h (MCELIECE6688128F_KEYPAIR_STACK_BURN)
(MCELIECE6688128F_ENC_STACK_BURN, MCELIECE6688128F_DEC_STACK_BURN): New.
* cipher/pubkey-dilithium.c (mldsa_generate, mldsa_sign)
(mldsa_verify): Burn stack after calls to dilithium algo.
* cipher/sntrup761.h (SNTRUP761_KEYPAIR_STACK_BURN)
(SNTRUP761_ENC_STACK_BURN, SNTRUP761_DEC_STACK_BURN): New.

Backport master commit of:
1003c9412a4be0c1d248929267a73cf3849fa60b

Stack usage measured on GCC-14 "-O2" build on x86-64/linux with
additional +33% margin added and rounded up to closest 1 KiB.