Commit 736e642b authored by Nikos Mavrogiannopoulos's avatar Nikos Mavrogiannopoulos Committed by Niels Möller
Browse files

Enhanced rsa_pkcs1_sign_tr() to protect against HW/software errors

That verifies the output of the timing-resistant version of the
signing function, to make it also fault-resistant.
parent 4b90268a
...@@ -34,11 +34,31 @@ ...@@ -34,11 +34,31 @@
# include "config.h" # include "config.h"
#endif #endif
#include "rsa.h" #include "rsa.h"
#include "pkcs1.h" #include "pkcs1.h"
/* Checks for any errors done in the RSA computation. That avoids
* attacks which rely on faults on hardware, or even software MPI
* implementation. */
static int
rsa_verify_res(const struct rsa_public_key *pub,
mpz_t s, mpz_t m)
mpz_t t;
int res;
mpz_powm(t, s, pub->e, pub->n);
res = !mpz_cmp(m, t);
return res;
/* Side-channel resistant version of rsa_pkcs1_sign() */
int int
rsa_pkcs1_sign_tr(const struct rsa_public_key *pub, rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key, const struct rsa_private_key *key,
...@@ -46,23 +66,34 @@ rsa_pkcs1_sign_tr(const struct rsa_public_key *pub, ...@@ -46,23 +66,34 @@ rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
size_t length, const uint8_t *digest_info, size_t length, const uint8_t *digest_info,
mpz_t s) mpz_t s)
{ {
mpz_t ri; mpz_t ri, m;
int ret;
if (pkcs1_rsa_digest_encode (s, key->size, length, digest_info)) if (pkcs1_rsa_digest_encode (m, key->size, length, digest_info))
{ {
mpz_init (ri); mpz_init (ri);
_rsa_blind (pub, random_ctx, random, s, ri); _rsa_blind (pub, random_ctx, random, m, ri);
rsa_compute_root(key, s, s); rsa_compute_root(key, s, m);
_rsa_unblind (pub, s, ri);
mpz_clear (ri); if (rsa_verify_res(pub, s, m) == 0)
mpz_set_ui(s, 0);
ret = 0;
ret = 1;
return 1; _rsa_unblind (pub, s, ri);
mpz_clear (ri);
} }
else else
{ {
mpz_set_ui(s, 0); mpz_set_ui(s, 0);
return 0; ret = 0;
} }
return ret;
} }
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment