From b4cadae4e2f92afd58715e79e1e8289108989e9b Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 23 Jan 2020 14:52:29 -0800 Subject: [PATCH] Constant time q modinv p in RSA key gen --- wolfcrypt/src/rsa.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 5ffb3b98c..3fb2a3833 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -4063,8 +4063,15 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) err = mp_mod(&key->d, &tmp1, &key->dP); if (err == MP_OKAY) /* key->dQ = d mod(q-1) */ err = mp_mod(&key->d, &tmp2, &key->dQ); +#ifdef WOLFSSL_MP_INVMOD_CONSTANT_TIME if (err == MP_OKAY) /* key->u = 1/q mod p */ err = mp_invmod(&q, &p, &key->u); +#else + if (err == MP_OKAY) + err = mp_sub_d(&p, 2, &tmp3); + if (err == MP_OKAY) /* key->u = 1/q mod p = q^p-2 mod p */ + err = mp_exptmod(&q, &tmp3 , &p, &key->u); +#endif if (err == MP_OKAY) err = mp_copy(&p, &key->p); if (err == MP_OKAY)