Added define LTC_RSA_BLINDING to be able to disable rsa blinding
This commit is contained in:
Steffen Jaeckel
parent
380693edd9
commit
8dc8a2d551
@ -289,10 +289,10 @@
|
|||||||
#ifndef LTC_NO_MATH
|
#ifndef LTC_NO_MATH
|
||||||
|
|
||||||
/* LibTomMath */
|
/* LibTomMath */
|
||||||
/* #define LTM_LTC_DESC */
|
/* #define LTM_DESC */
|
||||||
|
|
||||||
/* TomsFastMath */
|
/* TomsFastMath */
|
||||||
/* #define TFM_LTC_DESC */
|
/* #define TFM_DESC */
|
||||||
|
|
||||||
#endif /* LTC_NO_MATH */
|
#endif /* LTC_NO_MATH */
|
||||||
|
|
||||||
@ -302,6 +302,9 @@
|
|||||||
/* Include RSA support */
|
/* Include RSA support */
|
||||||
#define LTC_MRSA
|
#define LTC_MRSA
|
||||||
|
|
||||||
|
/* Enable RSA blinding when doing private key operations? */
|
||||||
|
/* #define LTC_RSA_BLINDING */
|
||||||
|
|
||||||
/* Include Diffie-Hellman support */
|
/* Include Diffie-Hellman support */
|
||||||
#ifndef GPM_DESC
|
#ifndef GPM_DESC
|
||||||
/* is_prime fails for GPM */
|
/* is_prime fails for GPM */
|
||||||
@ -382,6 +385,11 @@
|
|||||||
#define LTC_PKCS_1
|
#define LTC_PKCS_1
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(TFM_DESC) && defined(LTC_RSA_BLINDING)
|
||||||
|
#warning RSA blinding currently not supported in combination with TFM
|
||||||
|
#undef LTC_RSA_BLINDING
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(LTC_DER) && !defined(MPI)
|
#if defined(LTC_DER) && !defined(MPI)
|
||||||
#error ASN.1 DER requires MPI functionality
|
#error ASN.1 DER requires MPI functionality
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -431,6 +431,15 @@ typedef struct {
|
|||||||
@return CRYPT_OK on success
|
@return CRYPT_OK on success
|
||||||
*/
|
*/
|
||||||
int (*submod)(void *a, void *b, void *c, void *d);
|
int (*submod)(void *a, void *b, void *c, void *d);
|
||||||
|
|
||||||
|
/* ---- misc stuff ---- */
|
||||||
|
/** Make a pseudo-random mpi
|
||||||
|
@param a The mpi to make random
|
||||||
|
@param size The desired length
|
||||||
|
@return CRYPT_OK on success
|
||||||
|
*/
|
||||||
|
int (*rand)(void *a, int size);
|
||||||
|
|
||||||
} ltc_math_descriptor;
|
} ltc_math_descriptor;
|
||||||
|
|
||||||
extern ltc_math_descriptor ltc_mp;
|
extern ltc_math_descriptor ltc_mp;
|
||||||
@ -515,6 +524,8 @@ extern const ltc_math_descriptor gmp_desc;
|
|||||||
|
|
||||||
#define mp_tohex(a, b) mp_toradix(a, b, 16)
|
#define mp_tohex(a, b) mp_toradix(a, b, 16)
|
||||||
|
|
||||||
|
#define mp_rand(a, b) ltc_mp.rand(a, b)
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* $Source$ */
|
/* $Source$ */
|
||||||
|
|||||||
@ -409,6 +409,13 @@ static int isprime(void *a, int *b)
|
|||||||
return CRYPT_OK;
|
return CRYPT_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int set_rand(void *a, int size)
|
||||||
|
{
|
||||||
|
LTC_ARGCHK(a != NULL);
|
||||||
|
mpz_random(a, size);
|
||||||
|
return CRYPT_OK;
|
||||||
|
}
|
||||||
|
|
||||||
const ltc_math_descriptor gmp_desc = {
|
const ltc_math_descriptor gmp_desc = {
|
||||||
"GNU MP",
|
"GNU MP",
|
||||||
sizeof(mp_limb_t) * CHAR_BIT - GMP_NAIL_BITS,
|
sizeof(mp_limb_t) * CHAR_BIT - GMP_NAIL_BITS,
|
||||||
@ -492,6 +499,8 @@ const ltc_math_descriptor gmp_desc = {
|
|||||||
&addmod,
|
&addmod,
|
||||||
&submod,
|
&submod,
|
||||||
|
|
||||||
|
&set_rand,
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -410,6 +410,12 @@ static int isprime(void *a, int *b)
|
|||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int set_rand(void *a, int size)
|
||||||
|
{
|
||||||
|
LTC_ARGCHK(a != NULL);
|
||||||
|
return mpi_to_ltc_error(mp_rand(a, size));
|
||||||
|
}
|
||||||
|
|
||||||
const ltc_math_descriptor ltm_desc = {
|
const ltc_math_descriptor ltm_desc = {
|
||||||
|
|
||||||
"LibTomMath",
|
"LibTomMath",
|
||||||
@ -494,6 +500,8 @@ const ltc_math_descriptor ltm_desc = {
|
|||||||
&addmod,
|
&addmod,
|
||||||
&submod,
|
&submod,
|
||||||
|
|
||||||
|
&set_rand,
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -787,6 +787,8 @@ const ltc_math_descriptor tfm_desc = {
|
|||||||
&addmod,
|
&addmod,
|
||||||
&submod,
|
&submod,
|
||||||
|
|
||||||
|
NULL,
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -33,7 +33,10 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
|
|||||||
unsigned char *out, unsigned long *outlen, int which,
|
unsigned char *out, unsigned long *outlen, int which,
|
||||||
rsa_key *key)
|
rsa_key *key)
|
||||||
{
|
{
|
||||||
void *tmp, *tmpa, *tmpb, *rnd, *rndi /* inverse of rnd */;
|
void *tmp, *tmpa, *tmpb;
|
||||||
|
#ifdef LTC_RSA_BLINDING
|
||||||
|
void *rnd = NULL, *rndi = NULL /* inverse of rnd */;
|
||||||
|
#endif
|
||||||
unsigned long x;
|
unsigned long x;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
@ -53,7 +56,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* init and copy into tmp */
|
/* init and copy into tmp */
|
||||||
if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, &rnd, &rndi, NULL)) != CRYPT_OK)
|
if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != CRYPT_OK)
|
||||||
{ return err; }
|
{ return err; }
|
||||||
if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK)
|
if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK)
|
||||||
{ goto error; }
|
{ goto error; }
|
||||||
@ -67,49 +70,55 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
|
|||||||
|
|
||||||
/* are we using the private exponent and is the key optimized? */
|
/* are we using the private exponent and is the key optimized? */
|
||||||
if (which == PK_PRIVATE) {
|
if (which == PK_PRIVATE) {
|
||||||
|
#ifdef LTC_RSA_BLINDING
|
||||||
|
if ((err = mp_init_multi(&rnd, &rndi, NULL)) != CRYPT_OK)
|
||||||
|
{ goto error; }
|
||||||
/* do blinding */
|
/* do blinding */
|
||||||
err = mp_rand(rnd, mp_count_bits(key->N));
|
err = mp_rand(rnd, mp_count_bits(key->N));
|
||||||
if (err != CRYPT_OK) {
|
if (err != CRYPT_OK) {
|
||||||
goto error;
|
goto error_blind;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* rndi = 1/rnd mod N */
|
/* rndi = 1/rnd mod N */
|
||||||
err = mp_invmod(rnd, key->N, rndi);
|
err = mp_invmod(rnd, key->N, rndi);
|
||||||
if (err != CRYPT_OK) {
|
if (err != CRYPT_OK) {
|
||||||
goto error;
|
goto error_blind;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* rnd = rnd^e */
|
/* rnd = rnd^e */
|
||||||
err = mp_exptmod( rnd, key->e, key->N, rnd);
|
err = mp_exptmod( rnd, key->e, key->N, rnd);
|
||||||
if (err != CRYPT_OK) {
|
if (err != CRYPT_OK) {
|
||||||
goto error;
|
goto error_blind;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* tmp = tmp*rnd mod N */
|
/* tmp = tmp*rnd mod N */
|
||||||
err = mp_mulmod( tmp, rnd, key->N, tmp);
|
err = mp_mulmod( tmp, rnd, key->N, tmp);
|
||||||
if (err != CRYPT_OK) {
|
if (err != CRYPT_OK) {
|
||||||
goto error;
|
goto error_blind;
|
||||||
}
|
}
|
||||||
|
#endif /* LTC_RSA_BLINDING */
|
||||||
|
|
||||||
/* tmpa = tmp^dP mod p */
|
/* tmpa = tmp^dP mod p */
|
||||||
if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; }
|
if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error_blind; }
|
||||||
|
|
||||||
/* tmpb = tmp^dQ mod q */
|
/* tmpb = tmp^dQ mod q */
|
||||||
if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error; }
|
if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error_blind; }
|
||||||
|
|
||||||
/* tmp = (tmpa - tmpb) * qInv (mod p) */
|
/* tmp = (tmpa - tmpb) * qInv (mod p) */
|
||||||
if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error; }
|
if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error_blind; }
|
||||||
if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error; }
|
if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error_blind; }
|
||||||
|
|
||||||
/* tmp = tmpb + q * tmp */
|
/* tmp = tmpb + q * tmp */
|
||||||
if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; }
|
if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error_blind; }
|
||||||
if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; }
|
if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error_blind; }
|
||||||
|
|
||||||
|
#ifdef LTC_RSA_BLINDING
|
||||||
/* unblind */
|
/* unblind */
|
||||||
err = mp_mulmod( tmp, rndi, key->N, tmp);
|
err = mp_mulmod( tmp, rndi, key->N, tmp);
|
||||||
if (err != CRYPT_OK) {
|
if (err != CRYPT_OK) {
|
||||||
goto error;
|
goto error_blind;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
} else {
|
} else {
|
||||||
/* exptmod it */
|
/* exptmod it */
|
||||||
if ((err = mp_exptmod(tmp, key->e, key->N, tmp)) != CRYPT_OK) { goto error; }
|
if ((err = mp_exptmod(tmp, key->e, key->N, tmp)) != CRYPT_OK) { goto error; }
|
||||||
@ -136,8 +145,12 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
|
|||||||
|
|
||||||
/* clean up and return */
|
/* clean up and return */
|
||||||
err = CRYPT_OK;
|
err = CRYPT_OK;
|
||||||
|
error_blind:
|
||||||
|
#ifdef LTC_RSA_BLINDING
|
||||||
|
mp_clear_multi(rnd, rndi, NULL);
|
||||||
|
#endif
|
||||||
error:
|
error:
|
||||||
mp_clear_multi(tmp, tmpa, tmpb, rnd, rndi, NULL);
|
mp_clear_multi(tmp, tmpa, tmpb, NULL);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user