RSA blinding on CRT operations to counter timing attacks

commit: 43f9799ce61c6392a014d0a2ea136b4b3a9ee194 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Mon Sep 23 11:23:31 2013 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Mon Sep 23 11:23:31 2013 +0200
tree: df3b646b6c35db528d1902e4de451699ab6e6ef6
parent: 88a2264def143fc9d5b8705bb6aec188ec61061f [diff]
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 0c5db1a..2157d0f 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function

@@ -61,6 +61,9 @@
     rsa_context ctx;
     mpi P1, Q1, H, G;
     size_t output_len;
+    rnd_pseudo_info rnd_info;
+
+    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
 
     mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
     rsa_init( &ctx, RSA_PKCS_V21, {hash} );
@@ -88,7 +91,7 @@
 
     unhexify( message_str, {message_hex_string} );
 
-    TEST_ASSERT( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == {result} );
+    TEST_ASSERT( rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == {result} );
     if( {result} == 0 )
     {
         hexify( output_str, output, ctx.len );
@@ -260,7 +263,7 @@
 #endif
     }
 
-    TEST_ASSERT( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, {digest}, 0, hash_result, result_str ) == {result} );
+    TEST_ASSERT( rsa_pkcs1_verify( &ctx, NULL, NULL, RSA_PUBLIC, {digest}, 0, hash_result, result_str ) == {result} );
 
     rsa_free( &ctx );
 }

diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 6143db1..0e7bb65 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function

@@ -24,6 +24,9 @@
     rsa_context ctx;
     mpi P1, Q1, H, G;
     int msg_len;
+    rnd_pseudo_info rnd_info;
+
+    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
 
     mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
     rsa_init( &ctx, {padding_mode}, 0 );
@@ -92,7 +95,7 @@
 #endif
     }
 
-    TEST_ASSERT( rsa_pkcs1_sign( &ctx, NULL, NULL, RSA_PRIVATE, {digest}, 0, hash_result, output ) == {result} );
+    TEST_ASSERT( rsa_pkcs1_sign( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, {digest}, 0, hash_result, output ) == {result} );
     if( {result} == 0 )
     {
         hexify( output_str, output, ctx.len );
@@ -168,7 +171,7 @@
 #endif
     }
 
-    TEST_ASSERT( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, {digest}, 0, hash_result, result_str ) == {result} );
+    TEST_ASSERT( rsa_pkcs1_verify( &ctx, NULL, NULL, RSA_PUBLIC, {digest}, 0, hash_result, result_str ) == {result} );
 
     rsa_free( &ctx );
 }
@@ -185,6 +188,9 @@
     rsa_context ctx;
     mpi P1, Q1, H, G;
     int hash_len;
+    rnd_pseudo_info rnd_info;
+
+    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
 
     mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
     rsa_init( &ctx, {padding_mode}, 0 );
@@ -214,7 +220,7 @@
     unhexify( message_str, {message_hex_string} );
     hash_len = unhexify( hash_result, {hash_result_string} );
 
-    TEST_ASSERT( rsa_pkcs1_sign( &ctx, NULL, NULL, RSA_PRIVATE, SIG_RSA_RAW, hash_len, hash_result, output ) == 0 );
+    TEST_ASSERT( rsa_pkcs1_sign( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, SIG_RSA_RAW, hash_len, hash_result, output ) == 0 );
 
     hexify( output_str, output, ctx.len );
 
@@ -249,7 +255,7 @@
     hash_len = unhexify( hash_result, {hash_result_string} );
     unhexify( result_str, {result_hex_str} );
 
-    TEST_ASSERT( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_RAW, hash_len, hash_result, result_str ) == {correct} );
+    TEST_ASSERT( rsa_pkcs1_verify( &ctx, NULL, NULL, RSA_PUBLIC, SIG_RSA_RAW, hash_len, hash_result, result_str ) == {correct} );
 
     rsa_free( &ctx );
 }
@@ -335,6 +341,9 @@
     rsa_context ctx;
     mpi P1, Q1, H, G;
     size_t output_len;
+    rnd_pseudo_info rnd_info;
+
+    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
 
     mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
     rsa_init( &ctx, {padding_mode}, 0 );
@@ -363,7 +372,7 @@
     unhexify( message_str, {message_hex_string} );
     output_len = 0;
 
-    TEST_ASSERT( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, {max_output} ) == {result} );
+    TEST_ASSERT( rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, RSA_PRIVATE, &output_len, message_str, output, {max_output} ) == {result} );
     if( {result} == 0 )
     {
         hexify( output_str, output, ctx.len );
@@ -417,6 +426,9 @@
     unsigned char output_str[1000];
     rsa_context ctx;
     mpi P1, Q1, H, G;
+    rnd_pseudo_info rnd_info;
+
+    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
 
     mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
     rsa_init( &ctx, RSA_PKCS_V15, 0 );
@@ -444,7 +456,7 @@
 
     unhexify( message_str, {message_hex_string} );
 
-    TEST_ASSERT( rsa_private( &ctx, message_str, output ) == {result} );
+    TEST_ASSERT( rsa_private( &ctx, rnd_pseudo_rand, &rnd_info, message_str, output ) == {result} );
     if( {result} == 0 )
     {
         hexify( output_str, output, ctx.len );
commit	43f9799ce61c6392a014d0a2ea136b4b3a9ee194	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Mon Sep 23 11:23:31 2013 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Mon Sep 23 11:23:31 2013 +0200
tree	df3b646b6c35db528d1902e4de451699ab6e6ef6
parent	88a2264def143fc9d5b8705bb6aec188ec61061f [diff]