wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2382 from SparkiDev/dsa_ct

Browse Source 
Use a fixed number of bits with DSA gen and sign
This commit is contained in:
toddouska
2019-08-01 11:48:53 -07:00
committed by GitHub
parent c400c38588 d7b893f250
commit 7098fdff29
5 changed files with 87 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wolfcrypt/src/dsa.c
View File

@ -209,7 +209,7 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
/* public key : y = g^x mod p */ /* public key : y = g^x mod p */
if (err == MP_OKAY) if (err == MP_OKAY)
err = mp_exptmod(&dsa->g, &dsa->x, &dsa->p, &dsa->y); err = mp_exptmod_ex(&dsa->g, &dsa->x, dsa->q.used, &dsa->p, &dsa->y);
if (err == MP_OKAY) if (err == MP_OKAY)
dsa->type = DSA_PRIVATE; dsa->type = DSA_PRIVATE;
@ -713,8 +713,10 @@ int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng)
ret = MP_INVMOD_E; ret = MP_INVMOD_E;
/* generate r, r = (g exp k mod p) mod q */ /* generate r, r = (g exp k mod p) mod q */
if (ret == 0 && mp_exptmod(&key->g, &k, &key->p, &r) != MP_OKAY) if (ret == 0 && mp_exptmod_ex(&key->g, &k, key->q.used, &key->p,
&r) != MP_OKAY) {
ret = MP_EXPTMOD_E; ret = MP_EXPTMOD_E;
}
if (ret == 0 && mp_mod(&r, &key->q, &r) != MP_OKAY) if (ret == 0 && mp_mod(&r, &key->q, &r) != MP_OKAY)
ret = MP_MOD_E; ret = MP_MOD_E;

5
wolfcrypt/src/integer.c
View File

@ -927,6 +927,11 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
#endif #endif
} }
int mp_exptmod_ex (mp_int * G, mp_int * X, int digits, mp_int * P, mp_int * Y)
{
(void)digits;
return mp_exptmod(G, X, P, Y);
}
/* b = |a| /* b = |a|
* *

78
wolfcrypt/src/tfm.c
View File

@ -1455,7 +1455,7 @@ int fp_exptmod_nb(exptModNb_t* nb, fp_int* G, fp_int* X, fp_int* P, fp_int* Y)
Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder", Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder",
Cryptographic Hardware and Embedded Systems, CHES 2002 Cryptographic Hardware and Embedded Systems, CHES 2002
*/ */
static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) static int _fp_exptmod(fp_int * G, fp_int * X, int digits, fp_int * P, fp_int * Y)
{ {
#ifndef WOLFSSL_SMALL_STACK #ifndef WOLFSSL_SMALL_STACK
#ifdef WC_NO_CACHE_RESISTANT #ifdef WC_NO_CACHE_RESISTANT
@ -1508,7 +1508,7 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
/* set initial mode and bit cnt */ /* set initial mode and bit cnt */
bitcnt = 1; bitcnt = 1;
buf = 0; buf = 0;
digidx = X->used - 1; digidx = digits - 1;
for (;;) { for (;;) {
/* grab next digit as required */ /* grab next digit as required */
@ -1597,7 +1597,8 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
/* y = g**x (mod b) /* y = g**x (mod b)
* Some restrictions... x must be positive and < b * Some restrictions... x must be positive and < b
*/ */
static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) static int _fp_exptmod(fp_int * G, fp_int * X, int digits, fp_int * P,
fp_int * Y)
{ {
fp_digit buf, mp; fp_digit buf, mp;
int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
@ -1609,6 +1610,8 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
fp_int M[64]; fp_int M[64];
#endif #endif
(void)digits;
/* find window size */ /* find window size */
x = fp_count_bits (X); x = fp_count_bits (X);
if (x <= 21) { if (x <= 21) {
@ -1894,7 +1897,7 @@ int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
err = fp_invmod(tmp, P, tmp); err = fp_invmod(tmp, P, tmp);
if (err == FP_OKAY) { if (err == FP_OKAY) {
X->sign = FP_ZPOS; X->sign = FP_ZPOS;
err = _fp_exptmod(tmp, X, P, Y); err = _fp_exptmod(tmp, X, X->used, P, Y);
if (X != Y) { if (X != Y) {
X->sign = FP_NEG; X->sign = FP_NEG;
} }
@ -1909,10 +1912,70 @@ int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
} }
else { else {
/* Positive exponent so just exptmod */ /* Positive exponent so just exptmod */
return _fp_exptmod(G, X, P, Y); return _fp_exptmod(G, X, X->used, P, Y);
} }
} }
int fp_exptmod_ex(fp_int * G, fp_int * X, int digits, fp_int * P, fp_int * Y)
{
#if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI)
int x = fp_count_bits (X);
#endif
/* prevent overflows */
if (P->used > (FP_SIZE/2)) {
return FP_VAL;
}
#if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI)
if(x > EPS_RSA_EXPT_XBTIS) {
return esp_mp_exptmod(G, X, x, P, Y);
}
#endif
if (X->sign == FP_NEG) {
#ifndef POSITIVE_EXP_ONLY /* reduce stack if assume no negatives */
int err;
#ifndef WOLFSSL_SMALL_STACK
fp_int tmp[1];
#else
fp_int *tmp;
#endif
#ifdef WOLFSSL_SMALL_STACK
tmp = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL)
return FP_MEM;
#endif
/* yes, copy G and invmod it */
fp_init_copy(tmp, G);
err = fp_invmod(tmp, P, tmp);
if (err == FP_OKAY) {
X->sign = FP_ZPOS;
err = _fp_exptmod(tmp, X, digits, P, Y);
if (X != Y) {
X->sign = FP_NEG;
}
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
#else
return FP_VAL;
#endif
}
else {
/* Positive exponent so just exptmod */
return _fp_exptmod(G, X, digits, P, Y);
}
}
/* computes a = 2**b */ /* computes a = 2**b */
void fp_2expt(fp_int *a, int b) void fp_2expt(fp_int *a, int b)
{ {
@ -3104,6 +3167,11 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
return fp_exptmod(G, X, P, Y); return fp_exptmod(G, X, P, Y);
} }
int mp_exptmod_ex (mp_int * G, mp_int * X, int digits, mp_int * P, mp_int * Y)
{
return fp_exptmod_ex(G, X, digits, P, Y);
}
/* compare two ints (signed)*/ /* compare two ints (signed)*/
int mp_cmp (mp_int * a, mp_int * b) int mp_cmp (mp_int * a, mp_int * b)
{ {

2
wolfssl/wolfcrypt/integer.h
View File

@ -284,6 +284,8 @@ MP_API int mp_to_unsigned_bin_at_pos(int x, mp_int *t, unsigned char *b);
MP_API int mp_to_unsigned_bin (mp_int * a, unsigned char *b); MP_API int mp_to_unsigned_bin (mp_int * a, unsigned char *b);
MP_API int mp_to_unsigned_bin_len(mp_int * a, unsigned char *b, int c); MP_API int mp_to_unsigned_bin_len(mp_int * a, unsigned char *b, int c);
MP_API int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y); MP_API int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y);
MP_API int mp_exptmod_ex (mp_int * G, mp_int * X, int digits, mp_int * P,
mp_int * Y);
/* end functions needed by Rsa */ /* end functions needed by Rsa */
/* functions added to support above needed, removed TOOM and KARATSUBA */ /* functions added to support above needed, removed TOOM and KARATSUBA */

3
wolfssl/wolfcrypt/tfm.h
View File

@ -547,6 +547,7 @@ int fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
/* d = a**b (mod c) */ /* d = a**b (mod c) */
int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d); int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d);
int fp_exptmod_ex(fp_int *a, fp_int *b, int minDigits, fp_int *c, fp_int *d);
#ifdef WC_RSA_NONBLOCK #ifdef WC_RSA_NONBLOCK
@ -734,6 +735,8 @@ MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
MP_API int mp_mod(mp_int *a, mp_int *b, mp_int *c); MP_API int mp_mod(mp_int *a, mp_int *b, mp_int *c);
MP_API int mp_invmod(mp_int *a, mp_int *b, mp_int *c); MP_API int mp_invmod(mp_int *a, mp_int *b, mp_int *c);
MP_API int mp_exptmod (mp_int * g, mp_int * x, mp_int * p, mp_int * y); MP_API int mp_exptmod (mp_int * g, mp_int * x, mp_int * p, mp_int * y);
MP_API int mp_exptmod_ex (mp_int * g, mp_int * x, int minDigits, mp_int * p,
mp_int * y);
MP_API int mp_mul_2d(mp_int *a, int b, mp_int *c); MP_API int mp_mul_2d(mp_int *a, int b, mp_int *c);
MP_API int mp_2expt(mp_int* a, int b); MP_API int mp_2expt(mp_int* a, int b);