From 8d72d9d3b3e0aeb9af68df85f555944c0558eb4f Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sun, 20 May 2018 15:40:08 -0400
Subject: Add small cache for RSA blinding factors.

Generating new RSA blinding factors turns out to be relatively
expensive, but we can amortize that cost by maintaining a small cache
and simply mutating old values after each use with a cheaper
operation.  Squaring works, pretty much by definition.

Blinding factors are only sort-of-sensitive: we don't want them to
leak out of the HSM, but they're only based on the public modulus, not
the private key components, and we're only using them to foil side
channel attacks, so the risk involved in caching them seems small.

For the moment, the cache is very small, since we only care about this
for bulk signature operations.  Tune this later if it becomes an issue.
---
 hal_internal.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'hal_internal.h')

diff --git a/hal_internal.h b/hal_internal.h
index a97a8f2..922562a 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -144,6 +144,8 @@ extern void hal_critical_section_start(void);
 extern void hal_critical_section_end(void);
 extern void hal_ks_lock(void);
 extern void hal_ks_unlock(void);
+extern void hal_rsa_bf_lock(void);
+extern void hal_rsa_bf_unlock(void);
 extern void hal_task_yield(void);
 
 /*
-- 
cgit v1.2.3