yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-09 16:05:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

RSA blinding: check highly unlikely cases

Browse source
This commit is contained in:
Paul Bakker 2014-07-07 13:34:41 +02:00
parent 6b06502c4b
commit ff6e24710a
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
library/rsa.c
View file

@ -283,12 +283,20 @@ int rsa_private( rsa_context *ctx,
#else #else
if( f_rng != NULL ) if( f_rng != NULL )
{ {
int count = 0;
/* /*
* Blinding * Blinding
* T = T * Vi mod N * T = T * Vi mod N
*/ */
/* Unblinding value: Vf = random number */ /* Unblinding value: Vf = random number */
MPI_CHK( mpi_fill_random( &Vf, ctx->len - 1, f_rng, p_rng ) ); do {
if( count++ > 10 )
return( POLARSSL_ERR_RSA_RNG_FAILED );
MPI_CHK( mpi_fill_random( &Vf, ctx->len - 1, f_rng, p_rng ) );
MPI_CHK( mpi_gcd( &Vi, &Vf, &ctx->N ) );
} while( mpi_cmp_int( &Vi, 1 ) != 0 );
/* Mathematically speaking, the algorithm should check Vf /* Mathematically speaking, the algorithm should check Vf
* against 0, P and Q (Vf should be relatively prime to N, and 0 < Vf < N), * against 0, P and Q (Vf should be relatively prime to N, and 0 < Vf < N),