Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Brian Smith
nettle
Commits
a3eb7a92
Commit
a3eb7a92
authored
Jun 09, 2012
by
Niels Möller
Browse files
Moved rsa blinding code to a separate file.
parent
adad6eaa
Changes
5
Hide whitespace changes
Inline
Side-by-side
ChangeLog
View file @
a3eb7a92
2012-06-09 Niels Möller <nisse@lysator.liu.se>
* rsa.h (_rsa_blind, _rsa_unblind): Declare functions.
* rsa-blind.c (_rsa_blind, _rsa_unblind): Functions moved to a
separate file, renamed and made non-static. Moved from...
* rsa-decrypt-tr.c: ... here.
2012-06-03 Niels Möller <nisse@lysator.liu.se>
* testsuite/pkcs1-test.c (test_main): Include leading zero in
...
...
Makefile.in
View file @
a3eb7a92
...
...
@@ -108,7 +108,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
rsa-sha256-sign.c rsa-sha256-verify.c
\
rsa-sha512-sign.c rsa-sha512-verify.c
\
rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c
\
rsa-keygen.c rsa-compat.c
\
rsa-keygen.c rsa-compat.c
rsa-blind.c
\
rsa2sexp.c sexp2rsa.c
\
dsa.c dsa-sign.c dsa-verify.c dsa-keygen.c
\
dsa-sha1-sign.c dsa-sha1-verify.c
\
...
...
rsa-blind.c
0 → 100644
View file @
a3eb7a92
/* rsa-blind.c
*
* RSA blinding. It is used for timing resistant decryption or signing.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001, 2012 Niels Möller, Nikos Mavrogiannopoulos
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include
"rsa.h"
#include
"bignum.h"
/* Blinds the c, by computing c *= r^e (mod n), for a random r. Also
returns the inverse (ri), for use by rsa_unblind. */
void
_rsa_blind
(
const
struct
rsa_public_key
*
pub
,
void
*
random_ctx
,
nettle_random_func
random
,
mpz_t
c
,
mpz_t
ri
)
{
mpz_t
r
;
mpz_init
(
r
);
/* c = c*(r^e)
* ri = r^(-1)
*/
do
{
nettle_mpz_random
(
r
,
random_ctx
,
random
,
pub
->
n
);
/* invert r */
}
while
(
!
mpz_invert
(
ri
,
r
,
pub
->
n
));
/* c = c*(r^e) mod n */
mpz_powm
(
r
,
r
,
pub
->
e
,
pub
->
n
);
mpz_mul
(
c
,
c
,
r
);
mpz_fdiv_r
(
c
,
c
,
pub
->
n
);
mpz_clear
(
r
);
}
/* c *= ri mod n */
void
_rsa_unblind
(
const
struct
rsa_public_key
*
pub
,
mpz_t
c
,
const
mpz_t
ri
)
{
mpz_mul
(
c
,
c
,
ri
);
mpz_fdiv_r
(
c
,
c
,
pub
->
n
);
}
rsa-decrypt-tr.c
View file @
a3eb7a92
...
...
@@ -33,47 +33,10 @@
#include
"bignum.h"
#include
"pkcs1.h"
/* Blinds the c, by computing c *= r^e (mod n), for a random r. Also
returns the inverse (ri), for use by rsa_unblind. */
static
void
rsa_blind
(
const
struct
rsa_public_key
*
pub
,
void
*
random_ctx
,
nettle_random_func
random
,
mpz_t
c
,
mpz_t
ri
)
{
mpz_t
r
;
mpz_init
(
r
);
/* c = c*(r^e)
* ri = r^(-1)
*/
do
{
nettle_mpz_random
(
r
,
random_ctx
,
random
,
pub
->
n
);
/* invert r */
}
while
(
!
mpz_invert
(
ri
,
r
,
pub
->
n
));
/* c = c*(r^e) mod n */
mpz_powm
(
r
,
r
,
pub
->
e
,
pub
->
n
);
mpz_mul
(
c
,
c
,
r
);
mpz_fdiv_r
(
c
,
c
,
pub
->
n
);
mpz_clear
(
r
);
}
/* c *= ri mod n */
static
void
rsa_unblind
(
const
struct
rsa_public_key
*
pub
,
mpz_t
c
,
const
mpz_t
ri
)
{
mpz_mul
(
c
,
c
,
ri
);
mpz_fdiv_r
(
c
,
c
,
pub
->
n
);
}
int
rsa_decrypt_tr
(
const
struct
rsa_public_key
*
pub
,
const
struct
rsa_private_key
*
key
,
void
*
random_ctx
,
nettle_random_func
random
,
void
*
random_ctx
,
nettle_random_func
random
,
unsigned
*
length
,
uint8_t
*
message
,
const
mpz_t
gibberish
)
{
...
...
@@ -83,9 +46,9 @@ rsa_decrypt_tr(const struct rsa_public_key *pub,
mpz_init_set
(
m
,
gibberish
);
mpz_init
(
ri
);
rsa_blind
(
pub
,
random_ctx
,
random
,
m
,
ri
);
_
rsa_blind
(
pub
,
random_ctx
,
random
,
m
,
ri
);
rsa_compute_root
(
key
,
m
,
m
);
rsa_unblind
(
pub
,
m
,
ri
);
_
rsa_unblind
(
pub
,
m
,
ri
);
mpz_clear
(
ri
);
res
=
pkcs1_decrypt
(
key
->
size
,
m
,
length
,
message
);
...
...
rsa.h
View file @
a3eb7a92
...
...
@@ -73,6 +73,8 @@ extern "C" {
#define rsa_keypair_to_openpgp nettle_rsa_keypair_to_openpgp
#define _rsa_verify _nettle_rsa_verify
#define _rsa_check_size _nettle_rsa_check_size
#define _rsa_blind _nettle_rsa_blind
#define _rsa_unblind _nettle_rsa_unblind
/* This limit is somewhat arbitrary. Technically, the smallest modulo
which makes sense at all is 15 = 3*5, phi(15) = 8, size 4 bits. But
...
...
@@ -383,6 +385,13 @@ _rsa_verify(const struct rsa_public_key *key,
unsigned
_rsa_check_size
(
mpz_t
n
);
void
_rsa_blind
(
const
struct
rsa_public_key
*
pub
,
void
*
random_ctx
,
nettle_random_func
random
,
mpz_t
c
,
mpz_t
ri
);
void
_rsa_unblind
(
const
struct
rsa_public_key
*
pub
,
mpz_t
c
,
const
mpz_t
ri
);
#ifdef __cplusplus
}
#endif
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment