diff options
Diffstat (limited to 'rsa-pkcs1-sign-tr.c')
-rw-r--r-- | rsa-pkcs1-sign-tr.c | 48 |
1 files changed, 4 insertions, 44 deletions
diff --git a/rsa-pkcs1-sign-tr.c b/rsa-pkcs1-sign-tr.c index f2b3e45d..00094b56 100644 --- a/rsa-pkcs1-sign-tr.c +++ b/rsa-pkcs1-sign-tr.c @@ -38,26 +38,6 @@ #include "pkcs1.h" -/* Checks for any errors done in the RSA computation. That avoids - * attacks which rely on faults on hardware, or even software MPI - * implementation. */ -static int -rsa_verify_res(const struct rsa_public_key *pub, - mpz_t s, mpz_t m) -{ - mpz_t t; - int res; - - mpz_init(t); - - mpz_powm(t, s, pub->e, pub->n); - - res = !mpz_cmp(m, t); - - mpz_clear(t); - return res; -} - /* Side-channel resistant version of rsa_pkcs1_sign() */ int rsa_pkcs1_sign_tr(const struct rsa_public_key *pub, @@ -66,34 +46,14 @@ rsa_pkcs1_sign_tr(const struct rsa_public_key *pub, size_t length, const uint8_t *digest_info, mpz_t s) { - mpz_t ri, m; + mpz_t m; int ret; mpz_init(m); - if (pkcs1_rsa_digest_encode (m, key->size, length, digest_info)) - { - mpz_init (ri); - - _rsa_blind (pub, random_ctx, random, m, ri); - rsa_compute_root(key, s, m); - - if (rsa_verify_res(pub, s, m) == 0) - { - mpz_set_ui(s, 0); - ret = 0; - } - else - ret = 1; - - _rsa_unblind (pub, s, ri); - mpz_clear (ri); - } - else - { - mpz_set_ui(s, 0); - ret = 0; - } + ret = (pkcs1_rsa_digest_encode (m, key->size, length, digest_info) + && rsa_compute_root_tr (pub, key, random_ctx, random, + s, m)); mpz_clear(m); return ret; } |