AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Change signature of mbedtls_rsa_deduce_private

Browse Source 
Make input arguments constant and adapt the implementation to use a temporary instead of in-place operations.
This commit is contained in:
Hanno Becker 2017-10-02 09:57:50 +01:00
parent ba5b755f1a
commit bdefff1dde
3 changed files with 19 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
include/mbedtls/rsa.h
View File

@ -122,18 +122,11 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D,
* \return * \return
* - 0 if successful. In this case, D is set to a simultaneous * - 0 if successful. In this case, D is set to a simultaneous
* modular inverse of E modulo both P-1 and Q-1. * modular inverse of E modulo both P-1 and Q-1.
* - A non-zero error code otherwise. In this case, the values * - A non-zero error code otherwise.
* of P, Q, E are undefined.
* *
* \note The input MPI's are deliberately not declared as constant
* and may therefore be used for in-place calculations by
* the implementation. In particular, their values can be
* corrupted when the function fails. If the user cannot
* tolerate this, he has to make copies of the MPI's prior
* to calling this function. See \c mbedtls_mpi_copy for this.
*/ */
int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, mbedtls_mpi *E, int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, mbedtls_mpi const *Q,
mbedtls_mpi *D ); mbedtls_mpi const *E, mbedtls_mpi *D );
/** /**

30
library/rsa.c
View File

@ -252,11 +252,13 @@ cleanup:
* This is essentially a modular inversion. * This is essentially a modular inversion.
*/ */
int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, int mbedtls_rsa_deduce_private( mbedtls_mpi const *P,
mbedtls_mpi *D, mbedtls_mpi *E ) mbedtls_mpi const *Q,
mbedtls_mpi const *E,
mbedtls_mpi *D )
{ {
int ret = 0; int ret = 0;
mbedtls_mpi K; mbedtls_mpi K, L;
if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 ) if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
@ -269,28 +271,26 @@ int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q,
} }
mbedtls_mpi_init( &K ); mbedtls_mpi_init( &K );
mbedtls_mpi_init( &L );
/* Temporarily replace P and Q by P-1 and Q-1, respectively. */ /* Temporarily put K := P-1 and L := Q-1 */
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) );
/* Temporarily compute the gcd(P-1, Q-1) in D. */ /* Temporarily put D := gcd(P-1, Q-1) */
MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, P, Q ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) );
/* Compute LCM(P-1, Q-1) in K */ /* K := LCM(P-1, Q-1) */
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) );
/* Compute modular inverse of E in LCM(P-1, Q-1) */ /* Compute modular inverse of E in LCM(P-1, Q-1) */
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) );
/* Restore P and Q. */
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) );
cleanup: cleanup:
mbedtls_mpi_free( &K ); mbedtls_mpi_free( &K );
mbedtls_mpi_free( &L );
return( ret ); return( ret );
} }
@ -664,7 +664,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx,
* so together with the primality test above all core parameters are * so together with the primality test above all core parameters are
* guaranteed to be sane if this call succeeds. */ * guaranteed to be sane if this call succeeds. */
if( ( ret = mbedtls_rsa_deduce_private( &ctx->P, &ctx->Q, if( ( ret = mbedtls_rsa_deduce_private( &ctx->P, &ctx->Q,
&ctx->D, &ctx->E ) ) != 0 ) &ctx->E, &ctx->D ) ) != 0 )
{ {
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
} }

2
tests/suites/test_suite_rsa.function
View File

@ -804,7 +804,7 @@ void mbedtls_rsa_deduce_private( int radix_P, char *input_P,
} }
/* Try to deduce D from N, P, Q, E. */ /* Try to deduce D from N, P, Q, E. */
TEST_ASSERT( mbedtls_rsa_deduce_private( &P, &Q, &D, &E ) == result ); TEST_ASSERT( mbedtls_rsa_deduce_private( &P, &Q, &E, &D ) == result );
if( !corrupt ) if( !corrupt )
{ {