yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-25 21:35:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'pj/development' into mbedtls-1.3

Browse Source 
* pj/development:
  Added more constant-time code and removed biases in the prime number generation routines.
This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-15 14:12:59 +02:00
commit aac657a1d3
2 changed files with 32 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
library/bignum.c
View File

@ -223,8 +223,8 @@ int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign )
int ret = 0; int ret = 0;
size_t i; size_t i;
/* make sure assign is 0 or 1 */ /* make sure assign is 0 or 1 in a time-constant manner */
assign = ( assign != 0 ); assign = (assign | (unsigned char)-assign) >> 7;
MPI_CHK( mpi_grow( X, Y->n ) ); MPI_CHK( mpi_grow( X, Y->n ) );
@ -255,8 +255,8 @@ int mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char swap )
if( X == Y ) if( X == Y )
return( 0 ); return( 0 );
/* make sure swap is 0 or 1 */ /* make sure swap is 0 or 1 in a time-constant manner */
swap = ( swap != 0 ); swap = (swap | (unsigned char)-swap) >> 7;
MPI_CHK( mpi_grow( X, Y->n ) ); MPI_CHK( mpi_grow( X, Y->n ) );
MPI_CHK( mpi_grow( Y, X->n ) ); MPI_CHK( mpi_grow( Y, X->n ) );
@ -1958,8 +1958,8 @@ static int mpi_miller_rabin( const mpi *X,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ) void *p_rng )
{ {
int ret; int ret, count;
size_t i, j, n, s; size_t i, j, k, n, s;
mpi W, R, T, A, RR; mpi W, R, T, A, RR;
mpi_init( &W ); mpi_init( &R ); mpi_init( &T ); mpi_init( &A ); mpi_init( &W ); mpi_init( &R ); mpi_init( &T ); mpi_init( &A );
@ -1987,14 +1987,23 @@ static int mpi_miller_rabin( const mpi *X,
/* /*
* pick a random A, 1 < A < |X| - 1 * pick a random A, 1 < A < |X| - 1
*/ */
count = 0;
do {
MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
if( mpi_cmp_mpi( &A, &W ) >= 0 ) j = mpi_msb( &A );
{ k = mpi_msb( &W );
j = mpi_msb( &A ) - mpi_msb( &W ); if (j > k) {
MPI_CHK( mpi_shift_r( &A, j + 1 ) ); MPI_CHK( mpi_shift_r( &A, j - k ) );
} }
A.p[0] |= 3;
if (count++ > 30) {
return POLARSSL_ERR_MPI_NOT_ACCEPTABLE;
}
} while ( (mpi_cmp_mpi( &A, &W ) >= 0) ||
(mpi_cmp_int( &A, 1 ) <= 0) );
/* /*
* A = A^R mod |X| * A = A^R mod |X|
@ -2092,10 +2101,11 @@ int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag,
MPI_CHK( mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); MPI_CHK( mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
k = mpi_msb( X ); k = mpi_msb( X );
if( k < nbits ) MPI_CHK( mpi_shift_l( X, nbits - k ) ); if( k > nbits ) MPI_CHK( mpi_shift_r( X, k - nbits + 1 ) );
if( k > nbits ) MPI_CHK( mpi_shift_r( X, k - nbits ) );
X->p[0] |= 3; mpi_set_bit( X, nbits-1, 1 );
X->p[0] |= 1;
if( dh_flag == 0 ) if( dh_flag == 0 )
{ {
@ -2114,6 +2124,9 @@ int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag,
* is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
* Make sure it is satisfied, while keeping X = 3 mod 4 * Make sure it is satisfied, while keeping X = 3 mod 4
*/ */
X->p[0] |= 2;
MPI_CHK( mpi_mod_int( &r, X, 3 ) ); MPI_CHK( mpi_mod_int( &r, X, 3 ) );
if( r == 0 ) if( r == 0 )
MPI_CHK( mpi_add_int( X, X, 8 ) ); MPI_CHK( mpi_add_int( X, X, 8 ) );

6
library/rsa.c
View File

@ -773,7 +773,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
for( i = 0; i < ilen - 2 * hlen - 2; i++ ) for( i = 0; i < ilen - 2 * hlen - 2; i++ )
{ {
pad_done |= p[i]; pad_done |= p[i];
pad_len += ( pad_done == 0 ); pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
} }
p += pad_len; p += pad_len;
@ -847,8 +847,8 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
* (minus one, for the 00 byte) */ * (minus one, for the 00 byte) */
for( i = 0; i < ilen - 3; i++ ) for( i = 0; i < ilen - 3; i++ )
{ {
pad_done |= ( p[i] == 0 ); pad_done |= ((p[i] | (unsigned char)-p[i]) >> 7) ^ 1;
pad_count += ( pad_done == 0 ); pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
} }
p += pad_count; p += pad_count;