diff options
| author | Simo Sorce <simo@redhat.com> | 2018-11-25 19:23:38 +0100 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2018-11-25 19:23:38 +0100 |
| commit | f2bbbc280212702e837c154d9c7b598ff795afd7 (patch) | |
| tree | 8e21cd9d44db75550072caddbf3806405514f2e7 | |
| parent | 7bc8378bdf46db5fbdc13fd6792a12d24af71ecf (diff) | |
| download | nettle-f2bbbc280212702e837c154d9c7b598ff795afd7.tar.gz | |
Switch rsa_compute_root to use side-channel safe variant
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | rsa-sign.c | 40 |
2 files changed, 42 insertions, 3 deletions
@@ -17,7 +17,10 @@ * testsuite/pkcs1-sec-decrypt-test.c (pkcs1_decrypt_for_test): Fix valgrind marking of return value. -2018-11-08 Simo Sorce <simo@redhat.com> +2018-11-08 Simo Sorce <simo@redhat.com> + + * rsa-sign.c (rsa_compute_root) [!NETTLE_USE_MINI_GMP]: Use + _rsa_sec_compute_root. * testsuite/rsa-sec-compute-root-test.c: Add more tests for new side-channel silent functions. @@ -35,9 +35,11 @@ # include "config.h" #endif -#include "rsa.h" +#include <assert.h> -#include "bignum.h" +#include "rsa.h" +#include "rsa-internal.h" +#include "gmp-glue.h" void rsa_private_key_init(struct rsa_private_key *key) @@ -90,6 +92,8 @@ rsa_private_key_prepare(struct rsa_private_key *key) return (key->size > 0); } +#if NETTLE_USE_MINI_GMP + /* Computing an rsa root. */ void rsa_compute_root(const struct rsa_private_key *key, @@ -148,3 +152,35 @@ rsa_compute_root(const struct rsa_private_key *key, mpz_clear(xp); mpz_clear(xq); } + +#else /* !NETTLE_USE_MINI_GMP */ + +/* Computing an rsa root. */ +void +rsa_compute_root(const struct rsa_private_key *key, + mpz_t x, const mpz_t m) +{ + TMP_GMP_DECL (scratch, mp_limb_t); + TMP_GMP_DECL (ml, mp_limb_t); + mp_limb_t *xl; + size_t key_size; + + key_size = NETTLE_OCTET_SIZE_TO_LIMB_SIZE(key->size); + assert(mpz_size (m) <= key_size); + + /* we need a copy because m can be shorter than key_size, + * but _rsa_sec_compute_root expect all inputs to be + * normalized to a key_size long buffer length */ + TMP_GMP_ALLOC (ml, key_size); + mpz_limbs_copy(ml, m, key_size); + + TMP_GMP_ALLOC (scratch, _rsa_sec_compute_root_itch(key)); + + xl = mpz_limbs_write (x, key_size); + _rsa_sec_compute_root (key, xl, ml, scratch); + mpz_limbs_finish (x, key_size); + + TMP_GMP_FREE (ml); + TMP_GMP_FREE (scratch); +} +#endif /* !NETTLE_USE_MINI_GMP */ |