ecdsa: use CT modinv
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 2f7a996..0d73c65 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -17,6 +17,7 @@
#include "mbedtls/ecdsa.h"
#include "mbedtls/asn1write.h"
+#include "bignum_internal.h"
#include <string.h>
@@ -340,21 +341,11 @@
MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen));
/*
- * Generate a random value to blind inv_mod in next step,
- * avoiding a potential timing leak.
- */
- MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, &t, f_rng_blind,
- p_rng_blind));
-
- /*
- * Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n
+ * Step 6: compute s = (e + r * d) / k
*/
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, pr, d));
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&e, &e, s));
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&e, &e, &t));
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pk, pk, &t));
- MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pk, pk, &grp->N));
- MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(s, pk, &grp->N));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_gcd_modinv_odd(NULL, s, pk, &grp->N));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, s, &e));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(s, s, &grp->N));
} while (mbedtls_mpi_cmp_int(s, 0) == 0);
@@ -540,7 +531,7 @@
*/
ECDSA_BUDGET(MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2);
- MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&s_inv, s, &grp->N));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_gcd_modinv_odd(NULL, &s_inv, s, &grp->N));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu1, &e, &s_inv));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu1, pu1, &grp->N));