libmpa: Implement Montgomery ladder

The mpa_exp_mod() function implements a LtoR algorithm. The LtoR
algorithm is sensitive to timing attacks since it leaks information
about the exponent since it's doing a different amount of work in each
loop when doing the modular exponentiation. It will always do a square
in each loop, but it will also do an additional multiply when the
exponent bit k=1.

This patch implements the Montgomery ladder (and thereby replaces the
old LtoR implementation), which always does the same amount of
operations in each loop and thereby make it more robust to timing
attacks.

Fixes: OP-TEE-2016-0002 which was reported by Applus+ Laboratories.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)

0 files changed, 0 insertions, 0 deletions