wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #499 from toddouska/timing

Browse Source 
add --enable-harden swtich for timing resistance and blinding, on by …
This commit is contained in:
dgarske
2016-07-26 10:14:20 -07:00
committed by GitHub
parent ea683f493a fc6a5c0702
commit 5bb250583e
7 changed files with 53 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
configure.ac
View File

@@ -192,6 +192,18 @@ AC_ARG_ENABLE([maxstrength],
[ENABLED_MAXSTRENGTH=no]) [ENABLED_MAXSTRENGTH=no])
# Harden, enable Timing Resistance and Blinding by default
AC_ARG_ENABLE([harden],
[AS_HELP_STRING([--enable-harden],[Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)])],
[ENABLED_HARDEN=$enableval],
[ENABLED_HARDEN=yes])
if test "$ENABLED_HARDEN" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING"
fi
# IPv6 Test Apps # IPv6 Test Apps
AC_ARG_ENABLE([ipv6], AC_ARG_ENABLE([ipv6],
[ --enable-ipv6 Enable testing of IPV6 (default: disabled)], [ --enable-ipv6 Enable testing of IPV6 (default: disabled)],

17
mcapi/crypto.c
View File

@@ -536,7 +536,22 @@ int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX* rsa)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
return RsaEncryptSize((RsaKey*)rsa->holder); return RsaEncryptSize((RsaKey*)rsa->holder);
} }
int CRYPT_RSA_SetRng(CRYPT_RSA_CTX* rsa, CRYPT_RNG_CTX* rng)
{
if (rsa == NULL)
return BAD_FUNC_ARG;
#ifdef WC_RSA_BLINDING
return wc_RsaSetRNG((RsaKey*)rsa->holder, (WC_RNG*)rng);
#else
(void)rng;
return 0;
#endif
}
/* ECC init */ /* ECC init */

3
mcapi/crypto.h
View File

@@ -220,7 +220,8 @@ int CRYPT_RSA_PrivateDecrypt(CRYPT_RSA_CTX*, unsigned char*,
unsigned int, const unsigned char*, unsigned int); unsigned int, const unsigned char*, unsigned int);
/* helpers */ /* helpers */
int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX*); int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX*);
int CRYPT_RSA_SetRng(CRYPT_RSA_CTX*, CRYPT_RNG_CTX*);

6
mcapi/mcapi_test.c
View File

@@ -1296,6 +1296,12 @@ static int check_rsa(void)
return -1; return -1;
} }
ret = CRYPT_RSA_SetRng(&mcRsa, &mcRng);
if (ret != 0) {
printf("mcapi rsa set rng failed\n");
return -1;
}
ret = CRYPT_RSA_PublicEncrypt(&mcRsa, out1, sizeof(out1), ourData, ret = CRYPT_RSA_PublicEncrypt(&mcRsa, out1, sizeof(out1), ourData,
RSA_TEST_SIZE, &mcRng); RSA_TEST_SIZE, &mcRng);
if (ret < 0) { if (ret < 0) {

1
wolfcrypt/user-crypto/include/user_rsa.h
View File

@@ -105,6 +105,7 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
#endif #endif
WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
word32*); word32*);
WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)

14
wolfcrypt/user-crypto/src/rsa.c
View File

@@ -2670,5 +2670,19 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen)
#endif /* WOLFSSL_KEY_GEN */ #endif /* WOLFSSL_KEY_GEN */
#ifdef WC_RSA_BLINDING
int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng)
{
if (key == NULL)
return USER_CRYPTO_ERROR;
(void)rng;
return 0;
}
#endif /* WC_RSA_BLINDING */
#endif /* NO_RSA */ #endif /* NO_RSA */

2
wolfssl/wolfcrypt/settings.h
View File

@@ -155,6 +155,8 @@
/* make sure old RNG name is used with CTaoCrypt FIPS */ /* make sure old RNG name is used with CTaoCrypt FIPS */
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
#define WC_RNG RNG #define WC_RNG RNG
/* blinding adds API not available yet in FIPS mode */
#undef WC_RSA_BLINDING
#endif #endif