ML-KEM FIPS 203 destruction of intermidiate values

aws · Sep 26, 2024 · 4cd79ef · 4cd79ef
1 parent c2846eb
commit 4cd79ef
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 0 deletions.
diff --git a/crypto/fipsmodule/ml_kem/ml_kem_ref/indcpa.c b/crypto/fipsmodule/ml_kem/ml_kem_ref/indcpa.c
@@ -190,6 +190,9 @@ void gen_matrix(ml_kem_params *params, polyvec *a, const uint8_t seed[KYBER_SYMB
       }
     }
   }
+
+  // FIPS 203. Section 3.3 Destruction of intermidiate values.
+  OPENSSL_memset(buf, 0, sizeof(buf));
 }
 
 /*************************************************
@@ -244,6 +247,14 @@ void indcpa_keypair_derand(ml_kem_params *params,
 
   pack_sk(params, sk, &skpv);
   pack_pk(params, pk, &pkpv, publicseed);
+
+  // FIPS 203. Section 3.3 Destruction of intermidiate values.
+  OPENSSL_memset(buf, 0, sizeof(buf));
+  OPENSSL_memset(coins_with_domain_separator, 0, sizeof(coins_with_domain_separator));
+  OPENSSL_memset(a, 0, sizeof(a));
+  OPENSSL_memset(&e, 0, sizeof(e));
+  OPENSSL_memset(&pkpv, 0, sizeof(pkpv));
+  OPENSSL_memset(&skpv, 0, sizeof(skpv));
 }
 
 
@@ -303,6 +314,17 @@ void indcpa_enc(ml_kem_params *params,
   poly_reduce(&v);
 
   pack_ciphertext(params, c, &b, &v);
+
+  // FIPS 203. Section 3.3 Destruction of intermidiate values.
+  OPENSSL_memset(seed, 0, sizeof(seed));
+  OPENSSL_memset(&sp, 0, sizeof(sp));
+  OPENSSL_memset(&pkpv, 0, sizeof(pkpv));
+  OPENSSL_memset(&ep, 0, sizeof(ep));
+  OPENSSL_memset(&at, 0, sizeof(at));
+  OPENSSL_memset(&b, 0, sizeof(b));
+  OPENSSL_memset(&v, 0, sizeof(v));
+  OPENSSL_memset(&k, 0, sizeof(k));
+  OPENSSL_memset(&epp, 0, sizeof(epp));
 }
 
 /*************************************************
@@ -340,4 +362,11 @@ void indcpa_dec(ml_kem_params *params,
   poly_reduce(&mp);
 
   poly_tomsg(m, &mp);
+
+
+  // FIPS 203. Section 3.3 Destruction of intermidiate values.
+  OPENSSL_memset(&b, 0, sizeof(b));
+  OPENSSL_memset(&skpv, 0, sizeof(skpv));
+  OPENSSL_memset(&v, 0, sizeof(v));
+  OPENSSL_memset(&mp, 0, sizeof(mp));
 }
diff --git a/crypto/fipsmodule/ml_kem/ml_kem_ref/kem.c b/crypto/fipsmodule/ml_kem/ml_kem_ref/kem.c
@@ -57,6 +57,9 @@ int crypto_kem_keypair(ml_kem_params *params,
   uint8_t coins[2*KYBER_SYMBYTES];
   RAND_bytes(coins, 2*KYBER_SYMBYTES);
   crypto_kem_keypair_derand(params, pk, sk, coins);
+
+  // FIPS 203. Section 3.3 Destruction of intermidiate values.
+  OPENSSL_memset(coins, 0, sizeof(coins));
   return 0;
 }
 
@@ -268,6 +271,10 @@ int crypto_kem_enc_derand(ml_kem_params *params,
   indcpa_enc(params, ct, buf, pk, kr+KYBER_SYMBYTES);
 
   memcpy(ss,kr,KYBER_SYMBYTES);
+
+  // FIPS 203. Section 3.3 Destruction of intermidiate values.
+  OPENSSL_memset(buf, 0, sizeof(buf));
+  OPENSSL_memset(kr, 0, sizeof(kr));
   return 0;
 }
 
@@ -298,6 +305,9 @@ int crypto_kem_enc(ml_kem_params *params,
   uint8_t coins[KYBER_SYMBYTES];
   RAND_bytes(coins, KYBER_SYMBYTES);
   crypto_kem_enc_derand(params, ct, ss, pk, coins);
+
+  // FIPS 203. Section 3.3 Destruction of intermidiate values.
+  OPENSSL_memset(coins, 0, sizeof(coins));
   return 0;
 }
 
@@ -351,5 +361,9 @@ int crypto_kem_dec(ml_kem_params *params,
   /* Copy true key to return buffer if fail is false */
   cmov(ss,kr,KYBER_SYMBYTES,!fail);
 
+  // FIPS 203. Section 3.3 Destruction of intermidiate values.
+  OPENSSL_memset(buf, 0, sizeof(buf));
+  OPENSSL_memset(kr, 0, sizeof(kr));
+  OPENSSL_memset(cmp, 0, sizeof(cmp));
   return 0;
 }