Commit dbaf6abb authored by Niels Möller's avatar Niels Möller

Move decl. of rsa_sec_compute_root_tr to internal header.

Also renamed with leading underscore, and updated all callers.
parent f2bbbc28
2018-11-25 Niels Möller <nisse@lysator.liu.se>
* rsa-sign-tr.c (_rsa_sec_compute_root_tr): Renamed, from...
(rsa_sec_compute_root_tr): ... old name. Updated callers.
* rsa.h (rsa_sec_compute_root_tr): Deleted declaration, moved to ...
* rsa-internal.h (_rsa_sec_compute_root_tr): ... new location.
* testsuite/testutils.c (mpz_urandomb) [NETTLE_USE_MINI_GMP]: Fix
masking of most significant bits.
......@@ -17,6 +22,9 @@
* testsuite/pkcs1-sec-decrypt-test.c (pkcs1_decrypt_for_test): Fix
valgrind marking of return value.
Merged below changes from Simo Sorce, to make RSA private key
operations side-channel silent.
2018-11-08 Simo Sorce <simo@redhat.com>
* rsa-sign.c (rsa_compute_root) [!NETTLE_USE_MINI_GMP]: Use
......
......@@ -57,9 +57,9 @@ rsa_decrypt_tr(const struct rsa_public_key *pub,
TMP_GMP_ALLOC (m, key_limb_size);
TMP_GMP_ALLOC (em, key->size);
res = rsa_sec_compute_root_tr (pub, key, random_ctx, random, m,
mpz_limbs_read(gibberish),
mpz_size(gibberish));
res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m,
mpz_limbs_read(gibberish),
mpz_size(gibberish));
mpn_get_base256 (em, key->size, m, key_limb_size);
......
......@@ -38,6 +38,7 @@
#define _rsa_sec_compute_root_itch _nettle_rsa_sec_compute_root_itch
#define _rsa_sec_compute_root _nettle_rsa_sec_compute_root
#define _rsa_sec_compute_root_tr _nettle_rsa_sec_compute_root_tr
#define _pkcs1_sec_decrypt _nettle_pkcs1_sec_decrypt
#define _pkcs1_sec_decrypt_variable _nettle_pkcs1_sec_decrypt_variable
......@@ -49,6 +50,14 @@ _rsa_sec_compute_root(const struct rsa_private_key *key,
mp_limb_t *rp, const mp_limb_t *mp,
mp_limb_t *scratch);
/* Safe side-channel silent variant, using RSA blinding, and checking the
* result after CRT. */
int
_rsa_sec_compute_root_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
mp_limb_t *x, const mp_limb_t *m, size_t mn);
/* additional resistance to memory access side-channel attacks.
* Note: message buffer is returned unchanged on error */
int
......
......@@ -57,9 +57,9 @@ rsa_sec_decrypt(const struct rsa_public_key *pub,
TMP_GMP_ALLOC (m, mpz_size(pub->n));
TMP_GMP_ALLOC (em, key->size);
res = rsa_sec_compute_root_tr (pub, key, random_ctx, random, m,
mpz_limbs_read(gibberish),
mpz_size(gibberish));
res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m,
mpz_limbs_read(gibberish),
mpz_size(gibberish));
mpn_get_base256 (em, key->size, m, mpz_size(pub->n));
......
......@@ -293,10 +293,10 @@ cnd_mpn_zero (int cnd, volatile mp_ptr rp, mp_size_t n)
* This version is side-channel silent even in case of error,
* the destination buffer is always overwritten */
int
rsa_sec_compute_root_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
mp_limb_t *x, const mp_limb_t *m, size_t mn)
_rsa_sec_compute_root_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
mp_limb_t *x, const mp_limb_t *m, size_t mn)
{
TMP_GMP_DECL (c, mp_limb_t);
TMP_GMP_DECL (ri, mp_limb_t);
......@@ -359,8 +359,8 @@ rsa_compute_root_tr(const struct rsa_public_key *pub,
mp_size_t l_size = NETTLE_OCTET_SIZE_TO_LIMB_SIZE(key->size);
TMP_GMP_ALLOC (l, l_size);
res = rsa_sec_compute_root_tr (pub, key, random_ctx, random, l,
mpz_limbs_read(m), mpz_size(m));
res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, l,
mpz_limbs_read(m), mpz_size(m));
if (res) {
mp_limb_t *xp = mpz_limbs_write (x, l_size);
mpn_copyi (xp, l, l_size);
......
......@@ -91,7 +91,6 @@ extern "C" {
#define rsa_sec_decrypt nettle_rsa_sec_decrypt
#define rsa_compute_root nettle_rsa_compute_root
#define rsa_compute_root_tr nettle_rsa_compute_root_tr
#define rsa_sec_compute_root_tr _nettle_rsa_sec_compute_root_tr
#define rsa_generate_keypair nettle_rsa_generate_keypair
#define rsa_keypair_to_sexp nettle_rsa_keypair_to_sexp
#define rsa_keypair_from_sexp_alist nettle_rsa_keypair_from_sexp_alist
......@@ -447,14 +446,6 @@ rsa_compute_root_tr(const struct rsa_public_key *pub,
void *random_ctx, nettle_random_func *random,
mpz_t x, const mpz_t m);
/* Safe side-channel silent variant, using RSA blinding, and checking the
* result after CRT. */
int
rsa_sec_compute_root_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
mp_limb_t *x, const mp_limb_t *m, size_t mn);
/* Key generation */
/* Note that the key structs must be initialized first. */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment