Commit f2bbbc28 authored by Simo Sorce's avatar Simo Sorce Committed by Niels Möller
Browse files

Switch rsa_compute_root to use side-channel safe variant

parent 7bc8378b
......@@ -17,7 +17,10 @@
* testsuite/pkcs1-sec-decrypt-test.c (pkcs1_decrypt_for_test): Fix
valgrind marking of return value.
2018-11-08 Simo Sorce <>
2018-11-08 Simo Sorce <>
* rsa-sign.c (rsa_compute_root) [!NETTLE_USE_MINI_GMP]: Use
* testsuite/rsa-sec-compute-root-test.c: Add more tests for new
side-channel silent functions.
......@@ -35,9 +35,11 @@
# include "config.h"
#include "rsa.h"
#include <assert.h>
#include "bignum.h"
#include "rsa.h"
#include "rsa-internal.h"
#include "gmp-glue.h"
rsa_private_key_init(struct rsa_private_key *key)
......@@ -90,6 +92,8 @@ rsa_private_key_prepare(struct rsa_private_key *key)
return (key->size > 0);
/* Computing an rsa root. */
rsa_compute_root(const struct rsa_private_key *key,
......@@ -148,3 +152,35 @@ rsa_compute_root(const struct rsa_private_key *key,
mpz_clear(xp); mpz_clear(xq);
#else /* !NETTLE_USE_MINI_GMP */
/* Computing an rsa root. */
rsa_compute_root(const struct rsa_private_key *key,
mpz_t x, const mpz_t m)
TMP_GMP_DECL (scratch, mp_limb_t);
TMP_GMP_DECL (ml, mp_limb_t);
mp_limb_t *xl;
size_t key_size;
key_size = NETTLE_OCTET_SIZE_TO_LIMB_SIZE(key->size);
assert(mpz_size (m) <= key_size);
/* we need a copy because m can be shorter than key_size,
* but _rsa_sec_compute_root expect all inputs to be
* normalized to a key_size long buffer length */
TMP_GMP_ALLOC (ml, key_size);
mpz_limbs_copy(ml, m, key_size);
TMP_GMP_ALLOC (scratch, _rsa_sec_compute_root_itch(key));
xl = mpz_limbs_write (x, key_size);
_rsa_sec_compute_root (key, xl, ml, scratch);
mpz_limbs_finish (x, key_size);
TMP_GMP_FREE (scratch);
#endif /* !NETTLE_USE_MINI_GMP */
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment