Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Dmitry Baryshkov
nettle
Commits
dbaf6abb
Commit
dbaf6abb
authored
Nov 25, 2018
by
Niels Möller
Browse files
Move decl. of rsa_sec_compute_root_tr to internal header.
Also renamed with leading underscore, and updated all callers.
parent
f2bbbc28
Changes
6
Hide whitespace changes
Inline
Side-by-side
ChangeLog
View file @
dbaf6abb
2018-11-25 Niels Möller <nisse@lysator.liu.se>
* rsa-sign-tr.c (_rsa_sec_compute_root_tr): Renamed, from...
(rsa_sec_compute_root_tr): ... old name. Updated callers.
* rsa.h (rsa_sec_compute_root_tr): Deleted declaration, moved to ...
* rsa-internal.h (_rsa_sec_compute_root_tr): ... new location.
* testsuite/testutils.c (mpz_urandomb) [NETTLE_USE_MINI_GMP]: Fix
masking of most significant bits.
...
...
@@ -17,6 +22,9 @@
* testsuite/pkcs1-sec-decrypt-test.c (pkcs1_decrypt_for_test): Fix
valgrind marking of return value.
Merged below changes from Simo Sorce, to make RSA private key
operations side-channel silent.
2018-11-08 Simo Sorce <simo@redhat.com>
* rsa-sign.c (rsa_compute_root) [!NETTLE_USE_MINI_GMP]: Use
...
...
rsa-decrypt-tr.c
View file @
dbaf6abb
...
...
@@ -57,9 +57,9 @@ rsa_decrypt_tr(const struct rsa_public_key *pub,
TMP_GMP_ALLOC
(
m
,
key_limb_size
);
TMP_GMP_ALLOC
(
em
,
key
->
size
);
res
=
rsa_sec_compute_root_tr
(
pub
,
key
,
random_ctx
,
random
,
m
,
mpz_limbs_read
(
gibberish
),
mpz_size
(
gibberish
));
res
=
_
rsa_sec_compute_root_tr
(
pub
,
key
,
random_ctx
,
random
,
m
,
mpz_limbs_read
(
gibberish
),
mpz_size
(
gibberish
));
mpn_get_base256
(
em
,
key
->
size
,
m
,
key_limb_size
);
...
...
rsa-internal.h
View file @
dbaf6abb
...
...
@@ -38,6 +38,7 @@
#define _rsa_sec_compute_root_itch _nettle_rsa_sec_compute_root_itch
#define _rsa_sec_compute_root _nettle_rsa_sec_compute_root
#define _rsa_sec_compute_root_tr _nettle_rsa_sec_compute_root_tr
#define _pkcs1_sec_decrypt _nettle_pkcs1_sec_decrypt
#define _pkcs1_sec_decrypt_variable _nettle_pkcs1_sec_decrypt_variable
...
...
@@ -49,6 +50,14 @@ _rsa_sec_compute_root(const struct rsa_private_key *key,
mp_limb_t
*
rp
,
const
mp_limb_t
*
mp
,
mp_limb_t
*
scratch
);
/* Safe side-channel silent variant, using RSA blinding, and checking the
* result after CRT. */
int
_rsa_sec_compute_root_tr
(
const
struct
rsa_public_key
*
pub
,
const
struct
rsa_private_key
*
key
,
void
*
random_ctx
,
nettle_random_func
*
random
,
mp_limb_t
*
x
,
const
mp_limb_t
*
m
,
size_t
mn
);
/* additional resistance to memory access side-channel attacks.
* Note: message buffer is returned unchanged on error */
int
...
...
rsa-sec-decrypt.c
View file @
dbaf6abb
...
...
@@ -57,9 +57,9 @@ rsa_sec_decrypt(const struct rsa_public_key *pub,
TMP_GMP_ALLOC
(
m
,
mpz_size
(
pub
->
n
));
TMP_GMP_ALLOC
(
em
,
key
->
size
);
res
=
rsa_sec_compute_root_tr
(
pub
,
key
,
random_ctx
,
random
,
m
,
mpz_limbs_read
(
gibberish
),
mpz_size
(
gibberish
));
res
=
_
rsa_sec_compute_root_tr
(
pub
,
key
,
random_ctx
,
random
,
m
,
mpz_limbs_read
(
gibberish
),
mpz_size
(
gibberish
));
mpn_get_base256
(
em
,
key
->
size
,
m
,
mpz_size
(
pub
->
n
));
...
...
rsa-sign-tr.c
View file @
dbaf6abb
...
...
@@ -293,10 +293,10 @@ cnd_mpn_zero (int cnd, volatile mp_ptr rp, mp_size_t n)
* This version is side-channel silent even in case of error,
* the destination buffer is always overwritten */
int
rsa_sec_compute_root_tr
(
const
struct
rsa_public_key
*
pub
,
const
struct
rsa_private_key
*
key
,
void
*
random_ctx
,
nettle_random_func
*
random
,
mp_limb_t
*
x
,
const
mp_limb_t
*
m
,
size_t
mn
)
_
rsa_sec_compute_root_tr
(
const
struct
rsa_public_key
*
pub
,
const
struct
rsa_private_key
*
key
,
void
*
random_ctx
,
nettle_random_func
*
random
,
mp_limb_t
*
x
,
const
mp_limb_t
*
m
,
size_t
mn
)
{
TMP_GMP_DECL
(
c
,
mp_limb_t
);
TMP_GMP_DECL
(
ri
,
mp_limb_t
);
...
...
@@ -359,8 +359,8 @@ rsa_compute_root_tr(const struct rsa_public_key *pub,
mp_size_t
l_size
=
NETTLE_OCTET_SIZE_TO_LIMB_SIZE
(
key
->
size
);
TMP_GMP_ALLOC
(
l
,
l_size
);
res
=
rsa_sec_compute_root_tr
(
pub
,
key
,
random_ctx
,
random
,
l
,
mpz_limbs_read
(
m
),
mpz_size
(
m
));
res
=
_
rsa_sec_compute_root_tr
(
pub
,
key
,
random_ctx
,
random
,
l
,
mpz_limbs_read
(
m
),
mpz_size
(
m
));
if
(
res
)
{
mp_limb_t
*
xp
=
mpz_limbs_write
(
x
,
l_size
);
mpn_copyi
(
xp
,
l
,
l_size
);
...
...
rsa.h
View file @
dbaf6abb
...
...
@@ -91,7 +91,6 @@ extern "C" {
#define rsa_sec_decrypt nettle_rsa_sec_decrypt
#define rsa_compute_root nettle_rsa_compute_root
#define rsa_compute_root_tr nettle_rsa_compute_root_tr
#define rsa_sec_compute_root_tr _nettle_rsa_sec_compute_root_tr
#define rsa_generate_keypair nettle_rsa_generate_keypair
#define rsa_keypair_to_sexp nettle_rsa_keypair_to_sexp
#define rsa_keypair_from_sexp_alist nettle_rsa_keypair_from_sexp_alist
...
...
@@ -447,14 +446,6 @@ rsa_compute_root_tr(const struct rsa_public_key *pub,
void
*
random_ctx
,
nettle_random_func
*
random
,
mpz_t
x
,
const
mpz_t
m
);
/* Safe side-channel silent variant, using RSA blinding, and checking the
* result after CRT. */
int
rsa_sec_compute_root_tr
(
const
struct
rsa_public_key
*
pub
,
const
struct
rsa_private_key
*
key
,
void
*
random_ctx
,
nettle_random_func
*
random
,
mp_limb_t
*
x
,
const
mp_limb_t
*
m
,
size_t
mn
);
/* Key generation */
/* Note that the key structs must be initialized first. */
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment