Added define LTC_RSA_BLINDING to be able to disable rsa blinding
This commit is contained in:
Steffen Jaeckel
parent
380693edd9
commit
8dc8a2d551
@ -289,10 +289,10 @@
|
||||
#ifndef LTC_NO_MATH
|
||||
|
||||
/* LibTomMath */
|
||||
/* #define LTM_LTC_DESC */
|
||||
/* #define LTM_DESC */
|
||||
|
||||
/* TomsFastMath */
|
||||
/* #define TFM_LTC_DESC */
|
||||
/* #define TFM_DESC */
|
||||
|
||||
#endif /* LTC_NO_MATH */
|
||||
|
||||
@ -302,6 +302,9 @@
|
||||
/* Include RSA support */
|
||||
#define LTC_MRSA
|
||||
|
||||
/* Enable RSA blinding when doing private key operations? */
|
||||
/* #define LTC_RSA_BLINDING */
|
||||
|
||||
/* Include Diffie-Hellman support */
|
||||
#ifndef GPM_DESC
|
||||
/* is_prime fails for GPM */
|
||||
@ -382,6 +385,11 @@
|
||||
#define LTC_PKCS_1
|
||||
#endif
|
||||
|
||||
#if defined(TFM_DESC) && defined(LTC_RSA_BLINDING)
|
||||
#warning RSA blinding currently not supported in combination with TFM
|
||||
#undef LTC_RSA_BLINDING
|
||||
#endif
|
||||
|
||||
#if defined(LTC_DER) && !defined(MPI)
|
||||
#error ASN.1 DER requires MPI functionality
|
||||
#endif
|
||||
|
||||
@ -431,6 +431,15 @@ typedef struct {
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int (*submod)(void *a, void *b, void *c, void *d);
|
||||
|
||||
/* ---- misc stuff ---- */
|
||||
/** Make a pseudo-random mpi
|
||||
@param a The mpi to make random
|
||||
@param size The desired length
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int (*rand)(void *a, int size);
|
||||
|
||||
} ltc_math_descriptor;
|
||||
|
||||
extern ltc_math_descriptor ltc_mp;
|
||||
@ -515,6 +524,8 @@ extern const ltc_math_descriptor gmp_desc;
|
||||
|
||||
#define mp_tohex(a, b) mp_toradix(a, b, 16)
|
||||
|
||||
#define mp_rand(a, b) ltc_mp.rand(a, b)
|
||||
|
||||
#endif
|
||||
|
||||
/* $Source$ */
|
||||
|
||||
@ -409,6 +409,13 @@ static int isprime(void *a, int *b)
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
static int set_rand(void *a, int size)
|
||||
{
|
||||
LTC_ARGCHK(a != NULL);
|
||||
mpz_random(a, size);
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
const ltc_math_descriptor gmp_desc = {
|
||||
"GNU MP",
|
||||
sizeof(mp_limb_t) * CHAR_BIT - GMP_NAIL_BITS,
|
||||
@ -492,6 +499,8 @@ const ltc_math_descriptor gmp_desc = {
|
||||
&addmod,
|
||||
&submod,
|
||||
|
||||
&set_rand,
|
||||
|
||||
};
|
||||
|
||||
|
||||
|
||||
@ -408,7 +408,13 @@ static int isprime(void *a, int *b)
|
||||
err = mpi_to_ltc_error(mp_prime_is_prime(a, 8, b));
|
||||
*b = (*b == MP_YES) ? LTC_MP_YES : LTC_MP_NO;
|
||||
return err;
|
||||
}
|
||||
}
|
||||
|
||||
static int set_rand(void *a, int size)
|
||||
{
|
||||
LTC_ARGCHK(a != NULL);
|
||||
return mpi_to_ltc_error(mp_rand(a, size));
|
||||
}
|
||||
|
||||
const ltc_math_descriptor ltm_desc = {
|
||||
|
||||
@ -494,6 +500,8 @@ const ltc_math_descriptor ltm_desc = {
|
||||
&addmod,
|
||||
&submod,
|
||||
|
||||
&set_rand,
|
||||
|
||||
};
|
||||
|
||||
|
||||
|
||||
@ -787,6 +787,8 @@ const ltc_math_descriptor tfm_desc = {
|
||||
&addmod,
|
||||
&submod,
|
||||
|
||||
NULL,
|
||||
|
||||
};
|
||||
|
||||
|
||||
|
||||
@ -15,25 +15,28 @@
|
||||
/**
|
||||
@file rsa_exptmod.c
|
||||
RSA LTC_PKCS exptmod, Tom St Denis
|
||||
*/
|
||||
*/
|
||||
|
||||
#ifdef LTC_MRSA
|
||||
|
||||
/**
|
||||
Compute an RSA modular exponentiation
|
||||
/**
|
||||
Compute an RSA modular exponentiation
|
||||
@param in The input data to send into RSA
|
||||
@param inlen The length of the input (octets)
|
||||
@param out [out] The destination
|
||||
@param out [out] The destination
|
||||
@param outlen [in/out] The max size and resulting size of the output
|
||||
@param which Which exponent to use, e.g. PK_PRIVATE or PK_PUBLIC
|
||||
@param key The RSA key to use
|
||||
@param key The RSA key to use
|
||||
@return CRYPT_OK if successful
|
||||
*/
|
||||
*/
|
||||
int rsa_exptmod(const unsigned char *in, unsigned long inlen,
|
||||
unsigned char *out, unsigned long *outlen, int which,
|
||||
rsa_key *key)
|
||||
{
|
||||
void *tmp, *tmpa, *tmpb, *rnd, *rndi /* inverse of rnd */;
|
||||
void *tmp, *tmpa, *tmpb;
|
||||
#ifdef LTC_RSA_BLINDING
|
||||
void *rnd = NULL, *rndi = NULL /* inverse of rnd */;
|
||||
#endif
|
||||
unsigned long x;
|
||||
int err;
|
||||
|
||||
@ -41,7 +44,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
LTC_ARGCHK(key != NULL);
|
||||
|
||||
|
||||
/* is the key of the right type for the operation? */
|
||||
if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) {
|
||||
return CRYPT_PK_NOT_PRIVATE;
|
||||
@ -53,7 +56,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
|
||||
}
|
||||
|
||||
/* init and copy into tmp */
|
||||
if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, &rnd, &rndi, NULL)) != CRYPT_OK)
|
||||
if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != CRYPT_OK)
|
||||
{ return err; }
|
||||
if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK)
|
||||
{ goto error; }
|
||||
@ -67,49 +70,55 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
|
||||
|
||||
/* are we using the private exponent and is the key optimized? */
|
||||
if (which == PK_PRIVATE) {
|
||||
#ifdef LTC_RSA_BLINDING
|
||||
if ((err = mp_init_multi(&rnd, &rndi, NULL)) != CRYPT_OK)
|
||||
{ goto error; }
|
||||
/* do blinding */
|
||||
err = mp_rand(rnd, mp_count_bits(key->N));
|
||||
if (err != CRYPT_OK) {
|
||||
goto error;
|
||||
goto error_blind;
|
||||
}
|
||||
|
||||
/* rndi = 1/rnd mod N */
|
||||
err = mp_invmod(rnd, key->N, rndi);
|
||||
if (err != CRYPT_OK) {
|
||||
goto error;
|
||||
goto error_blind;
|
||||
}
|
||||
|
||||
/* rnd = rnd^e */
|
||||
err = mp_exptmod( rnd, key->e, key->N, rnd);
|
||||
if (err != CRYPT_OK) {
|
||||
goto error;
|
||||
goto error_blind;
|
||||
}
|
||||
|
||||
/* tmp = tmp*rnd mod N */
|
||||
err = mp_mulmod( tmp, rnd, key->N, tmp);
|
||||
if (err != CRYPT_OK) {
|
||||
goto error;
|
||||
goto error_blind;
|
||||
}
|
||||
#endif /* LTC_RSA_BLINDING */
|
||||
|
||||
/* tmpa = tmp^dP mod p */
|
||||
if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error_blind; }
|
||||
|
||||
/* tmpb = tmp^dQ mod q */
|
||||
if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error_blind; }
|
||||
|
||||
/* tmp = (tmpa - tmpb) * qInv (mod p) */
|
||||
if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error_blind; }
|
||||
if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error_blind; }
|
||||
|
||||
/* tmp = tmpb + q * tmp */
|
||||
if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error_blind; }
|
||||
if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error_blind; }
|
||||
|
||||
#ifdef LTC_RSA_BLINDING
|
||||
/* unblind */
|
||||
err = mp_mulmod( tmp, rndi, key->N, tmp);
|
||||
if (err != CRYPT_OK) {
|
||||
goto error;
|
||||
goto error_blind;
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
/* exptmod it */
|
||||
if ((err = mp_exptmod(tmp, key->e, key->N, tmp)) != CRYPT_OK) { goto error; }
|
||||
@ -136,8 +145,12 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
|
||||
|
||||
/* clean up and return */
|
||||
err = CRYPT_OK;
|
||||
error_blind:
|
||||
#ifdef LTC_RSA_BLINDING
|
||||
mp_clear_multi(rnd, rndi, NULL);
|
||||
#endif
|
||||
error:
|
||||
mp_clear_multi(tmp, tmpa, tmpb, rnd, rndi, NULL);
|
||||
mp_clear_multi(tmp, tmpa, tmpb, NULL);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user