Add Everest to threat model Signed-off-by: Janos Follath <janos.follath@arm.com>

commit: 4d43f2ed0ec5a408d585e2f4097b8fad894a0dae [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Fri Sep 01 16:22:25 2023 +0100
committer: Janos Follath <janos.follath@arm.com> Fri Sep 01 16:22:25 2023 +0100
tree: 26e865285f853697373e9096c2f63a02cef44437
parent: 1a8ebe39bfa52f9d0c34b9093bf7ecb233097e95 [diff]
diff --git a/SECURITY.md b/SECURITY.md
index 61e3936..7ed72de 100644
--- a/SECURITY.md
+++ b/SECURITY.md

@@ -135,3 +135,12 @@
 - Use cryptographic mechanisms that are not based on block ciphers. In
   particular, for authenticated encryption, use ChaCha20/Poly1305 instead of
   block cipher modes. For random generation, use HMAC\_DRBG instead of CTR\_DRBG.
+
+#### Everest
+
+The HACL* implementation of X25519 taken from the Everest project only protects
+against remote timing attacks. (See their [Security
+Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).)
+
+The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED`
+configuration option is defined. This option is off by default.
commit	4d43f2ed0ec5a408d585e2f4097b8fad894a0dae	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Fri Sep 01 16:22:25 2023 +0100
committer	Janos Follath <janos.follath@arm.com>	Fri Sep 01 16:22:25 2023 +0100
tree	26e865285f853697373e9096c2f63a02cef44437
parent	1a8ebe39bfa52f9d0c34b9093bf7ecb233097e95 [diff]