Commit fae2c01f authored by Niels Möller's avatar Niels Möller
Browse files

Revert deletion of _rsa_blind and _rsa_unblind.

parent dc03f267
2015-11-15 Niels Möller <nisse@lysator.liu.se>
* rsa-blind.c: Revert delete in 2015-09-14 change.
* rsa.h: Undo deletions.
* Makefile.in (hogweed_SOURCES): Readded rsa-blind.c.
2015-09-17 Niels Möller <nisse@lysator.liu.se>
* rsa-md5-sign-tr.c (rsa_md5_sign_tr, rsa_md5_sign_digest_tr): New
......
......@@ -151,7 +151,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
rsa-sha256-sign.c rsa-sha256-sign-tr.c rsa-sha256-verify.c \
rsa-sha512-sign.c rsa-sha512-sign-tr.c rsa-sha512-verify.c \
rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \
rsa-keygen.c \
rsa-keygen.c rsa-blind.c \
rsa2sexp.c sexp2rsa.c \
dsa.c dsa-compat.c dsa-compat-keygen.c dsa-gen-params.c \
dsa-sign.c dsa-verify.c dsa-keygen.c dsa-hash.c \
......
/* rsa-blind.c
RSA blinding. Used for resistance to timing-attacks.
Copyright (C) 2001, 2012 Niels Möller, Nikos Mavrogiannopoulos
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "rsa.h"
#include "bignum.h"
/* Blinds the c, by computing c *= r^e (mod n), for a random r. Also
returns the inverse (ri), for use by rsa_unblind. */
void
_rsa_blind (const struct rsa_public_key *pub,
void *random_ctx, nettle_random_func *random,
mpz_t c, mpz_t ri)
{
mpz_t r;
mpz_init(r);
/* c = c*(r^e)
* ri = r^(-1)
*/
do
{
nettle_mpz_random(r, random_ctx, random, pub->n);
/* invert r */
}
while (!mpz_invert (ri, r, pub->n));
/* c = c*(r^e) mod n */
mpz_powm(r, r, pub->e, pub->n);
mpz_mul(c, c, r);
mpz_fdiv_r(c, c, pub->n);
mpz_clear(r);
}
/* c *= ri mod n */
void
_rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri)
{
mpz_mul(c, c, ri);
mpz_fdiv_r(c, c, pub->n);
}
......@@ -94,6 +94,8 @@ extern "C" {
#define rsa_keypair_to_openpgp nettle_rsa_keypair_to_openpgp
#define _rsa_verify _nettle_rsa_verify
#define _rsa_check_size _nettle_rsa_check_size
#define _rsa_blind _nettle_rsa_blind
#define _rsa_unblind _nettle_rsa_unblind
/* This limit is somewhat arbitrary. Technically, the smallest modulo
which makes sense at all is 15 = 3*5, phi(15) = 8, size 4 bits. But
......@@ -481,6 +483,15 @@ _rsa_verify(const struct rsa_public_key *key,
size_t
_rsa_check_size(mpz_t n);
/* _rsa_blind and _rsa_unblind are deprecated, unused in the library,
and will likely be removed with the next ABI break. */
void
_rsa_blind (const struct rsa_public_key *pub,
void *random_ctx, nettle_random_func *random,
mpz_t c, mpz_t ri);
void
_rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri);
#ifdef __cplusplus
}
#endif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment