yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 10:55:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't use CRT for signature verification

Browse Source 
If CRT is not used, the helper fields CRT are not assumed to be present in the
RSA context structure, so do the verification directly in this case. If CRT is
used, verification could be done using CRT, but we're sticking to ordinary
verification for uniformity.
This commit is contained in:
Hanno Becker 2017-08-25 11:45:35 +01:00
parent 9f4e670b14
commit c6075cc5ac
1 changed files with 11 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
library/rsa.c
View File

@ -428,15 +428,9 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
#endif
#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION)
/* Temporaries holding input mod p resp. mod q. */
mbedtls_mpi IP, IQ;
/* Temporaries holding double check results mod p resp. mod q;
* should in the end have the same values as IP and IQ. */
mbedtls_mpi CP, CQ;
/* Comparison results */
int check = 0;
/* Temporaries holding the initial input and the double
* checked result; should be the same in the end. */
mbedtls_mpi I, C;
#endif
#if defined(MBEDTLS_RSA_FORCE_BLINDING)
@ -476,8 +470,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
#endif
#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION)
mbedtls_mpi_init( &IP ); mbedtls_mpi_init( &IQ );
mbedtls_mpi_init( &CP ); mbedtls_mpi_init( &CQ );
mbedtls_mpi_init( &I );
mbedtls_mpi_init( &C );
#endif
/* End of MPI initialization */
@ -490,8 +484,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
}
#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION)
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &IP, &T, &ctx->P ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &IQ, &T, &ctx->Q ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) );
#endif
if( f_rng != NULL )
@ -583,18 +576,11 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
}
/* If requested by the config, verify the result to prevent glitching attacks.
* For that, check the two prime moduli separately. */
/* If requested by the config, verify the result to prevent glitching attacks. */
#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION)
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &CP, &T, &ctx->E, &ctx->P, &ctx->RP ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &CQ, &T, &ctx->E, &ctx->Q, &ctx->RQ ) );
check |= mbedtls_mpi_cmp_mpi( &CP, &IP );
check |= mbedtls_mpi_cmp_mpi( &CQ, &IQ );
if( check != 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, &ctx->N, &ctx->RN ) );
if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 )
{
/* Verification failed */
ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
goto cleanup;
}
@ -630,8 +616,8 @@ cleanup:
#endif
#if defined(MBEDTLS_RSA_REQUIRE_VERIFICATION)
mbedtls_mpi_free( &IP ); mbedtls_mpi_free( &IQ );
mbedtls_mpi_free( &CP ); mbedtls_mpi_free( &CQ );
mbedtls_mpi_free( &C );
mbedtls_mpi_free( &I );
#endif
if( ret != 0 )
@ -1245,11 +1231,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
size_t nb_pad, olen, oid_size = 0;
unsigned char *p = sig;
const char *oid = NULL;
unsigned char *sig_try = NULL, *verif = NULL;
size_t i;
unsigned char diff;
volatile unsigned char diff_no_optimize;
int ret;
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );