mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 18:55:51 +01:00
Optimize RSA blinding by caching-updating values
This commit is contained in:
parent
ea53a55c0f
commit
8a109f106d
@ -255,13 +255,27 @@ cleanup:
|
|||||||
|
|
||||||
#if !defined(POLARSSL_RSA_NO_CRT)
|
#if !defined(POLARSSL_RSA_NO_CRT)
|
||||||
/*
|
/*
|
||||||
* Generate blinding values
|
* Generate or update blinding values, see section 10 of:
|
||||||
|
* KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
|
||||||
|
* DSS, and other systems. In : Advances in Cryptology—CRYPTO’96. Springer
|
||||||
|
* Berlin Heidelberg, 1996. p. 104-113.
|
||||||
*/
|
*/
|
||||||
static int rsa_prepare_blinding( rsa_context *ctx,
|
static int rsa_prepare_blinding( rsa_context *ctx,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
if( ctx->Vf.p != NULL )
|
||||||
|
{
|
||||||
|
/* We already have blinding values, just update them by squaring */
|
||||||
|
MPI_CHK( mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
|
||||||
|
MPI_CHK( mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );
|
||||||
|
MPI_CHK( mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
|
||||||
|
MPI_CHK( mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
/* Unblinding value: Vf = random number */
|
/* Unblinding value: Vf = random number */
|
||||||
MPI_CHK( mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) );
|
MPI_CHK( mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) );
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user