mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 02:44:20 +01:00
DHM: make drawing of blinding value a function
In the next commit, we'll need to draw a second random value, in order to blind modular inversion. Having a function for that will avoid repetition. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
db61c3503b
commit
9f58c4b6e5
@ -324,6 +324,32 @@ cleanup:
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Pick a random R in the range [2, M) for blinding purposes
|
||||||
|
*/
|
||||||
|
static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
|
||||||
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||||
|
{
|
||||||
|
int ret, count;
|
||||||
|
|
||||||
|
count = 0;
|
||||||
|
do
|
||||||
|
{
|
||||||
|
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( R, mbedtls_mpi_size( M ), f_rng, p_rng ) );
|
||||||
|
|
||||||
|
while( mbedtls_mpi_cmp_mpi( R, M ) >= 0 )
|
||||||
|
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( R, 1 ) );
|
||||||
|
|
||||||
|
if( count++ > 10 )
|
||||||
|
return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
|
||||||
|
}
|
||||||
|
while( mbedtls_mpi_cmp_int( R, 1 ) <= 0 );
|
||||||
|
|
||||||
|
cleanup:
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Use the blinding method and optimisation suggested in section 10 of:
|
* Use the blinding method and optimisation suggested in section 10 of:
|
||||||
* KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
|
* KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
|
||||||
@ -333,7 +359,7 @@ cleanup:
|
|||||||
static int dhm_update_blinding( mbedtls_dhm_context *ctx,
|
static int dhm_update_blinding( mbedtls_dhm_context *ctx,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||||
{
|
{
|
||||||
int ret, count;
|
int ret;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Don't use any blinding the first time a particular X is used,
|
* Don't use any blinding the first time a particular X is used,
|
||||||
@ -368,18 +394,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx,
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
/* Vi = random( 2, P-1 ) */
|
/* Vi = random( 2, P-1 ) */
|
||||||
count = 0;
|
MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) );
|
||||||
do
|
|
||||||
{
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) );
|
|
||||||
|
|
||||||
while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 )
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) );
|
|
||||||
|
|
||||||
if( count++ > 10 )
|
|
||||||
return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
|
|
||||||
}
|
|
||||||
while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
|
|
||||||
|
|
||||||
/* Vf = Vi^-X mod P */
|
/* Vf = Vi^-X mod P */
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
|
||||||
|
Loading…
Reference in New Issue
Block a user