Simplify DH blinding a bit

2024-11-26 02:55:45 +01:00 · 2013-09-04 16:39:03 +02:00 · 2013-09-04 16:39:03 +02:00 · ed8a02bfae
commit ed8a02bfae
parent 143b5028a5
3 changed files with 35 additions and 30 deletions
--- a/library/dhm.c
+++ b/library/dhm.c
@ -257,23 +257,15 @@ static int dhm_update_blinding( dhm_context *ctx,
    int ret, count;
    /*
-     * We can just update the previous values (by squaring them) if:
+     * If Vi is initialized, update it by squaring it
     * - the values are initialized, and
     * - our secret exponent did not change.
     */
-    if( ctx->Vi.p != NULL &&
+    if( ctx->Vi.p != NULL )
        mpi_cmp_mpi( &ctx->X, &ctx->_X ) == 0 )
    {
        MPI_CHK( mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
        MPI_CHK( mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
-
+        MPI_CHK( mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );
        return( 0 );
    }
-
+    else
-    /*
+    {
     * Otherwise, we need to generate new values from scratch for this secret
     */
        /* Vi = random( 2, P-1 ) */
        count = 0;
        do
@ -287,6 +279,21 @@ static int dhm_update_blinding( dhm_context *ctx,
                return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE );
        }
        while( mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
    }
    /*
     * If X did not change, update Vf by squaring it too
     */
    if( mpi_cmp_mpi( &ctx->X, &ctx->_X ) == 0 )
    {
        MPI_CHK( mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
        MPI_CHK( mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
        return( 0 );
    }
    /*
     * Otherwise, compute Vf from scratch
     */
    /* Vf = Vi^-X mod P */
    MPI_CHK( mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
@ -319,7 +326,7 @@ int dhm_calc_secret( dhm_context *ctx,
    mpi_init( &GYb );
    /* Blind peer's value */
-    if( f_rng != 0 )
+    if( f_rng != NULL )
    {
        MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
        MPI_CHK( mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
@ -333,7 +340,7 @@ int dhm_calc_secret( dhm_context *ctx,
                          &ctx->P, &ctx->RP ) );
    /* Unblind secret value */
-    if( f_rng != 0 )
+    if( f_rng != NULL )
    {
        MPI_CHK( mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
        MPI_CHK( mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@ -1,8 +1,8 @@
 Diffie-Hellman full exchange #1
-dhm_do_dhm:1024:10:"23":10:"5"
+dhm_do_dhm:10:"23":10:"5"
 Diffie-Hellman full exchange #2
-dhm_do_dhm:1024:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
+dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
 Diffie-Hellman full exchange #3
-dhm_do_dhm:1024:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271"
+dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271"
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@ -8,7 +8,7 @@
 */
 /* BEGIN_CASE */
-void dhm_do_dhm( int NOTUSED, int radix_P, char *input_P,
+void dhm_do_dhm( int radix_P, char *input_P,
                 int radix_G, char *input_G )
 {
    dhm_context ctx_srv;
@ -25,8 +25,6 @@ void dhm_do_dhm( int NOTUSED, int radix_P, char *input_P,
    int x_size;
    rnd_pseudo_info rnd_info;
    ((void)NOTUSED);
    memset( &ctx_srv, 0x00, sizeof( dhm_context ) );
    memset( &ctx_cli, 0x00, sizeof( dhm_context ) );
    memset( ske, 0x00, 1000 );