mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-02-02 05:21:08 +00:00
Blinding RSA only active when f_rng is provided
This commit is contained in:
Paul Bakker
parent
48377d9834
commit
f451bac000
|
|
@ -275,7 +275,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
|
||||||
* the message padding
|
* the message padding
|
||||||
*
|
*
|
||||||
* \param ctx RSA context
|
* \param ctx RSA context
|
||||||
* \param f_rng RNG function (Only required for RSA_PRIVATE)
|
* \param f_rng RNG function (Only needed for RSA_PRIVATE)
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
||||||
* \param olen will contain the plaintext length
|
* \param olen will contain the plaintext length
|
||||||
|
|
@ -301,7 +301,7 @@ int rsa_pkcs1_decrypt( rsa_context *ctx,
|
||||||
* \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
|
* \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
|
||||||
*
|
*
|
||||||
* \param ctx RSA context
|
* \param ctx RSA context
|
||||||
* \param f_rng RNG function (Only required for RSA_PRIVATE)
|
* \param f_rng RNG function (Only needed for RSA_PRIVATE)
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
||||||
* \param olen will contain the plaintext length
|
* \param olen will contain the plaintext length
|
||||||
|
|
@ -327,7 +327,7 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
|
||||||
* \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
|
* \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
|
||||||
*
|
*
|
||||||
* \param ctx RSA context
|
* \param ctx RSA context
|
||||||
* \param f_rng RNG function (Only required for RSA_PRIVATE)
|
* \param f_rng RNG function (Only needed for RSA_PRIVATE)
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
||||||
* \param label buffer holding the custom label to use
|
* \param label buffer holding the custom label to use
|
||||||
|
|
@ -393,7 +393,7 @@ int rsa_pkcs1_sign( rsa_context *ctx,
|
||||||
* \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
|
* \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
|
||||||
*
|
*
|
||||||
* \param ctx RSA context
|
* \param ctx RSA context
|
||||||
* \param f_rng RNG function (Only required for RSA_PRIVATE)
|
* \param f_rng RNG function (Only needed for RSA_PRIVATE)
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
||||||
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
|
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
|
||||||
|
|
@ -456,7 +456,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
|
||||||
* the message digest
|
* the message digest
|
||||||
*
|
*
|
||||||
* \param ctx points to an RSA public key
|
* \param ctx points to an RSA public key
|
||||||
* \param f_rng RNG function (Only required for RSA_PRIVATE)
|
* \param f_rng RNG function (Only needed for RSA_PRIVATE)
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
||||||
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
|
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
|
||||||
|
|
@ -489,7 +489,7 @@ int rsa_pkcs1_verify( rsa_context *ctx,
|
||||||
* \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
|
* \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
|
||||||
*
|
*
|
||||||
* \param ctx points to an RSA public key
|
* \param ctx points to an RSA public key
|
||||||
* \param f_rng RNG function (Only required for RSA_PRIVATE)
|
* \param f_rng RNG function (Only needed for RSA_PRIVATE)
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
||||||
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
|
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
|
||||||
|
|
@ -517,7 +517,7 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
|
||||||
* \brief Do a public RSA and check the message digest
|
* \brief Do a public RSA and check the message digest
|
||||||
*
|
*
|
||||||
* \param ctx points to an RSA public key
|
* \param ctx points to an RSA public key
|
||||||
* \param f_rng RNG function (Only required for RSA_PRIVATE)
|
* \param f_rng RNG function (Only needed for RSA_PRIVATE)
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
* \param mode RSA_PUBLIC or RSA_PRIVATE
|
||||||
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
|
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
|
||||||
|
|
|
||||||
|
|
@ -267,8 +267,6 @@ int rsa_private( rsa_context *ctx,
|
||||||
mpi T, T1, T2;
|
mpi T, T1, T2;
|
||||||
mpi A, X;
|
mpi A, X;
|
||||||
|
|
||||||
if( f_rng == NULL )
|
|
||||||
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 );
|
mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 );
|
||||||
mpi_init( &A ); mpi_init( &X );
|
mpi_init( &A ); mpi_init( &X );
|
||||||
|
|
@ -283,15 +281,18 @@ int rsa_private( rsa_context *ctx,
|
||||||
#if defined(POLARSSL_RSA_NO_CRT)
|
#if defined(POLARSSL_RSA_NO_CRT)
|
||||||
MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
|
MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
|
||||||
#else
|
#else
|
||||||
/*
|
if( f_rng != NULL )
|
||||||
* RSA Blinding
|
{
|
||||||
* A = rnd MPI
|
/*
|
||||||
* T = A^E * T mod N
|
* RSA Blinding
|
||||||
*/
|
* A = rnd MPI
|
||||||
MPI_CHK( mpi_fill_random( &A, ctx->len - 1, f_rng, p_rng ) );
|
* T = A^E * T mod N
|
||||||
MPI_CHK( mpi_exp_mod( &X, &A, &ctx->E, &ctx->N, NULL ) );
|
*/
|
||||||
MPI_CHK( mpi_mul_mpi( &X, &X, &T ) );
|
MPI_CHK( mpi_fill_random( &A, ctx->len - 1, f_rng, p_rng ) );
|
||||||
MPI_CHK( mpi_mod_mpi( &T, &X, &ctx->N ) );
|
MPI_CHK( mpi_exp_mod( &X, &A, &ctx->E, &ctx->N, NULL ) );
|
||||||
|
MPI_CHK( mpi_mul_mpi( &X, &X, &T ) );
|
||||||
|
MPI_CHK( mpi_mod_mpi( &T, &X, &ctx->N ) );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* faster decryption using the CRT
|
* faster decryption using the CRT
|
||||||
|
|
@ -310,18 +311,21 @@ int rsa_private( rsa_context *ctx,
|
||||||
MPI_CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) );
|
MPI_CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* X = T2 + T * Q
|
* T = T2 + T * Q
|
||||||
*/
|
*/
|
||||||
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
|
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
|
||||||
MPI_CHK( mpi_add_mpi( &X, &T2, &T1 ) );
|
MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) );
|
||||||
|
|
||||||
/*
|
if( f_rng != NULL )
|
||||||
* Unblind
|
{
|
||||||
* T = X / A mod N
|
/*
|
||||||
*/
|
* Unblind
|
||||||
MPI_CHK( mpi_inv_mod( &A, &A, &ctx->N ) );
|
* T = T / A mod N
|
||||||
MPI_CHK( mpi_mul_mpi( &T, &X, &A ) );
|
*/
|
||||||
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
|
MPI_CHK( mpi_inv_mod( &A, &A, &ctx->N ) );
|
||||||
|
MPI_CHK( mpi_mul_mpi( &T, &T, &A ) );
|
||||||
|
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
olen = ctx->len;
|
olen = ctx->len;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue