TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added RSA blinding (requires mp_rand()).

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos 2011-03-21 08:26:41 +01:00 committed by Steffen Jaeckel
parent ed6897d90f
commit 8c2850f8d9
1 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/pk/rsa/rsa_exptmod.c
View File

@ -7,6 +7,8 @@
* guarantee it works. * guarantee it works.
* *
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*
* Added RSA blinding --nmav
*/ */
#include "tomcrypt.h" #include "tomcrypt.h"
@ -31,7 +33,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen, int which, unsigned char *out, unsigned long *outlen, int which,
rsa_key *key) rsa_key *key)
{ {
void *tmp, *tmpa, *tmpb; void *tmp, *tmpa, *tmpb, *rnd, *rndi /* inverse of rnd */;
unsigned long x; unsigned long x;
int err; int err;
@ -51,8 +53,11 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
} }
/* init and copy into tmp */ /* init and copy into tmp */
if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != CRYPT_OK) { return err; } if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, &rnd, &rndi, NULL)) != CRYPT_OK)
if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto error; } { return err; }
if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK)
{ goto error; }
/* sanity check on the input */ /* sanity check on the input */
if (mp_cmp(key->N, tmp) == LTC_MP_LT) { if (mp_cmp(key->N, tmp) == LTC_MP_LT) {
@ -62,6 +67,30 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
/* are we using the private exponent and is the key optimized? */ /* are we using the private exponent and is the key optimized? */
if (which == PK_PRIVATE) { if (which == PK_PRIVATE) {
/* do blinding */
err = mp_rand(rnd, mp_count_bits(key->N));
if (err != CRYPT_OK) {
goto error;
}
/* rndi = 1/rnd mod N */
err = mp_invmod(rnd, key->N, rndi);
if (err != CRYPT_OK) {
goto error;
}
/* rnd = rnd^e */
err = mp_exptmod( rnd, key->e, key->N, rnd);
if (err != CRYPT_OK) {
goto error;
}
/* tmp = tmp*rnd mod N */
err = mp_mulmod( tmp, rnd, key->N, tmp);
if (err != CRYPT_OK) {
goto error;
}
/* tmpa = tmp^dP mod p */ /* tmpa = tmp^dP mod p */
if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; } if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; }
@ -75,6 +104,12 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
/* tmp = tmpb + q * tmp */ /* tmp = tmpb + q * tmp */
if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; } if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; }
if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; } if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; }
/* unblind */
err = mp_mulmod( tmp, rndi, key->N, tmp);
if (err != CRYPT_OK) {
goto error;
}
} else { } else {
/* exptmod it */ /* exptmod it */
if ((err = mp_exptmod(tmp, key->e, key->N, tmp)) != CRYPT_OK) { goto error; } if ((err = mp_exptmod(tmp, key->e, key->N, tmp)) != CRYPT_OK) { goto error; }
@ -102,7 +137,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
/* clean up and return */ /* clean up and return */
err = CRYPT_OK; err = CRYPT_OK;
error: error:
mp_clear_multi(tmp, tmpa, tmpb, NULL); mp_clear_multi(tmp, tmpa, tmpb, rnd, rndi, NULL);
return err; return err;
} }