mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 15:04:18 +01:00
Simplify DH blinding a bit
This commit is contained in:
parent
143b5028a5
commit
ed8a02bfae
@ -257,23 +257,15 @@ static int dhm_update_blinding( dhm_context *ctx,
|
|||||||
int ret, count;
|
int ret, count;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We can just update the previous values (by squaring them) if:
|
* If Vi is initialized, update it by squaring it
|
||||||
* - the values are initialized, and
|
|
||||||
* - our secret exponent did not change.
|
|
||||||
*/
|
*/
|
||||||
if( ctx->Vi.p != NULL &&
|
if( ctx->Vi.p != NULL )
|
||||||
mpi_cmp_mpi( &ctx->X, &ctx->_X ) == 0 )
|
|
||||||
{
|
{
|
||||||
MPI_CHK( mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
|
|
||||||
MPI_CHK( mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
|
MPI_CHK( mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
|
||||||
|
MPI_CHK( mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );
|
||||||
return( 0 );
|
|
||||||
}
|
}
|
||||||
|
else
|
||||||
/*
|
{
|
||||||
* Otherwise, we need to generate new values from scratch for this secret
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* Vi = random( 2, P-1 ) */
|
/* Vi = random( 2, P-1 ) */
|
||||||
count = 0;
|
count = 0;
|
||||||
do
|
do
|
||||||
@ -287,6 +279,21 @@ static int dhm_update_blinding( dhm_context *ctx,
|
|||||||
return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE );
|
return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE );
|
||||||
}
|
}
|
||||||
while( mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
|
while( mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If X did not change, update Vf by squaring it too
|
||||||
|
*/
|
||||||
|
if( mpi_cmp_mpi( &ctx->X, &ctx->_X ) == 0 )
|
||||||
|
{
|
||||||
|
MPI_CHK( mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
|
||||||
|
MPI_CHK( mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Otherwise, compute Vf from scratch
|
||||||
|
*/
|
||||||
|
|
||||||
/* Vf = Vi^-X mod P */
|
/* Vf = Vi^-X mod P */
|
||||||
MPI_CHK( mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
|
MPI_CHK( mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
|
||||||
@ -319,7 +326,7 @@ int dhm_calc_secret( dhm_context *ctx,
|
|||||||
mpi_init( &GYb );
|
mpi_init( &GYb );
|
||||||
|
|
||||||
/* Blind peer's value */
|
/* Blind peer's value */
|
||||||
if( f_rng != 0 )
|
if( f_rng != NULL )
|
||||||
{
|
{
|
||||||
MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
|
MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
|
||||||
MPI_CHK( mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
|
MPI_CHK( mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
|
||||||
@ -333,7 +340,7 @@ int dhm_calc_secret( dhm_context *ctx,
|
|||||||
&ctx->P, &ctx->RP ) );
|
&ctx->P, &ctx->RP ) );
|
||||||
|
|
||||||
/* Unblind secret value */
|
/* Unblind secret value */
|
||||||
if( f_rng != 0 )
|
if( f_rng != NULL )
|
||||||
{
|
{
|
||||||
MPI_CHK( mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
|
MPI_CHK( mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
|
||||||
MPI_CHK( mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
|
MPI_CHK( mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
Diffie-Hellman full exchange #1
|
Diffie-Hellman full exchange #1
|
||||||
dhm_do_dhm:1024:10:"23":10:"5"
|
dhm_do_dhm:10:"23":10:"5"
|
||||||
|
|
||||||
Diffie-Hellman full exchange #2
|
Diffie-Hellman full exchange #2
|
||||||
dhm_do_dhm:1024:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
|
dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
|
||||||
|
|
||||||
Diffie-Hellman full exchange #3
|
Diffie-Hellman full exchange #3
|
||||||
dhm_do_dhm:1024:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271"
|
dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271"
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE */
|
||||||
void dhm_do_dhm( int NOTUSED, int radix_P, char *input_P,
|
void dhm_do_dhm( int radix_P, char *input_P,
|
||||||
int radix_G, char *input_G )
|
int radix_G, char *input_G )
|
||||||
{
|
{
|
||||||
dhm_context ctx_srv;
|
dhm_context ctx_srv;
|
||||||
@ -25,8 +25,6 @@ void dhm_do_dhm( int NOTUSED, int radix_P, char *input_P,
|
|||||||
int x_size;
|
int x_size;
|
||||||
rnd_pseudo_info rnd_info;
|
rnd_pseudo_info rnd_info;
|
||||||
|
|
||||||
((void)NOTUSED);
|
|
||||||
|
|
||||||
memset( &ctx_srv, 0x00, sizeof( dhm_context ) );
|
memset( &ctx_srv, 0x00, sizeof( dhm_context ) );
|
||||||
memset( &ctx_cli, 0x00, sizeof( dhm_context ) );
|
memset( &ctx_cli, 0x00, sizeof( dhm_context ) );
|
||||||
memset( ske, 0x00, 1000 );
|
memset( ske, 0x00, 1000 );
|
||||||
|
Loading…
Reference in New Issue
Block a user