RSA blinding on CRT operations to counter timing attacks
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index b3a2476..68b56aa 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -205,7 +205,7 @@
sha1( buf, (int)( p - 2 - buf ), hash );
- if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
+ if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC, SIG_RSA_SHA1,
0, hash, p ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 9ea2a78..54d6e36 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -197,8 +197,8 @@
buf[n ] = (unsigned char)( rsa.len >> 8 );
buf[n + 1] = (unsigned char)( rsa.len );
- if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, SIG_RSA_SHA1,
- 0, hash, buf + n + 2 ) ) != 0 )
+ if( ( ret = rsa_pkcs1_sign( &rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE,
+ SIG_RSA_SHA1, 0, hash, buf + n + 2 ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 0b168f4..d4f54ad 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -33,16 +33,20 @@
#include "polarssl/config.h"
#include "polarssl/rsa.h"
+#include "polarssl/ctr_drbg.h"
+#include "polarssl/entropy.h"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_FS_IO)
+ !defined(POLARSSL_FS_IO) || !defined(POLARSSL_ENTROPY_C) || \
+ !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_FS_IO not defined.\n");
+ "POLARSSL_FS_IO and/or POLARSSL_ENTROPY_C and/or "
+ "POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
}
#else
@@ -52,8 +56,11 @@
int ret, c;
size_t i;
rsa_context rsa;
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
unsigned char result[1024];
unsigned char buf[512];
+ const char *pers = "rsa_decrypt";
((void) argv);
memset(result, 0, sizeof( result ) );
@@ -70,6 +77,18 @@
goto exit;
}
+ printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ entropy_init( &entropy );
+ if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ goto exit;
+ }
+
printf( "\n . Reading private key from rsa_priv.txt" );
fflush( stdout );
@@ -130,7 +149,8 @@
printf( "\n . Decrypting the encrypted data" );
fflush( stdout );
- if( ( ret = rsa_pkcs1_decrypt( &rsa, RSA_PRIVATE, &i, buf, result,
+ if( ( ret = rsa_pkcs1_decrypt( &rsa, ctr_drbg_random, &ctr_drbg,
+ RSA_PRIVATE, &i, buf, result,
1024 ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret );
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index e77dc92..dc49fac 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -34,16 +34,21 @@
#include "polarssl/rsa.h"
#include "polarssl/sha1.h"
+#include "polarssl/ctr_drbg.h"
+#include "polarssl/entropy.h"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_FS_IO)
+ !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_FS_IO) || \
+ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C)
int main( int argc, char *argv[] )
{
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
- "POLARSSL_SHA1_C and/or POLARSSL_FS_IO not defined.\n");
+ "POLARSSL_SHA1_C and/or POLARSSL_FS_IO "
+ "and/or POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C "
+ "not defined.\n");
return( 0 );
}
#else
@@ -53,8 +58,11 @@
int ret;
size_t i;
rsa_context rsa;
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
unsigned char hash[20];
unsigned char buf[POLARSSL_MPI_MAX_SIZE];
+ const char *pers = "rsa_decrypt";
ret = 1;
@@ -69,6 +77,18 @@
goto exit;
}
+ printf( "\n . Seeding the random number generator..." );
+ fflush( stdout );
+
+ entropy_init( &entropy );
+ if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen( pers ) ) ) != 0 )
+ {
+ printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
+ goto exit;
+ }
+
printf( "\n . Reading private key from rsa_priv.txt" );
fflush( stdout );
@@ -120,8 +140,8 @@
goto exit;
}
- if( ( ret = rsa_pkcs1_sign( &rsa, NULL, NULL, RSA_PRIVATE, SIG_RSA_SHA1,
- 20, hash, buf ) ) != 0 )
+ if( ( ret = rsa_pkcs1_sign( &rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE,
+ SIG_RSA_SHA1, 20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_sign returned -0x%0x\n\n", -ret );
goto exit;
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 2edd70a..db3a010 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -131,7 +131,7 @@
goto exit;
}
- if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
+ if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC, SIG_RSA_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index ccac58d..b77fbca 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -124,7 +124,7 @@
goto exit;
}
- if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
+ if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC, SIG_RSA_SHA1,
20, hash, buf ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 86de2c6..08e3d63 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -439,7 +439,7 @@
for( i = 1; ! alarmed; i++ )
{
buf[0] = 0;
- rsa_private( &rsa, buf, buf );
+ rsa_private( &rsa, myrand, NULL, buf, buf );
}
printf( "%9lu private/s\n", i / 3 );
@@ -468,7 +468,7 @@
for( i = 1; ! alarmed; i++ )
{
buf[0] = 0;
- rsa_private( &rsa, buf, buf );
+ rsa_private( &rsa, myrand, NULL, buf, buf );
}
printf( "%9lu private/s\n", i / 3 );
@@ -497,7 +497,7 @@
for( i = 1; ! alarmed; i++ )
{
buf[0] = 0;
- rsa_private( &rsa, buf, buf );
+ rsa_private( &rsa, myrand, NULL, buf, buf );
}
printf( "%9lu private/s\n", i / 3 );
diff --git a/programs/test/o_p_test.c b/programs/test/o_p_test.c
index 3531d54..edb3107 100644
--- a/programs/test/o_p_test.c
+++ b/programs/test/o_p_test.c
@@ -185,7 +185,7 @@
printf( " . Generating the RSA decrypted value for OpenSSL (PUBLIC) with PolarSSL (PRIVATE) ..." );
fflush( stdout );
- if( ( ret = rsa_pkcs1_decrypt( &p_rsa, RSA_PRIVATE, &olen, o_pub_encrypted, p_pub_decrypted, 1024 ) ) != 0 )
+ if( ( ret = rsa_pkcs1_decrypt( &p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, &olen, o_pub_encrypted, p_pub_decrypted, 1024 ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret );
}
@@ -209,7 +209,7 @@
printf( " . Generating the RSA decrypted value for OpenSSL (PRIVATE) with PolarSSL (PUBLIC) ..." );
fflush( stdout );
- if( ( ret = rsa_pkcs1_decrypt( &p_rsa, RSA_PUBLIC, &olen, o_priv_encrypted, p_priv_decrypted, 1024 ) ) != 0 )
+ if( ( ret = rsa_pkcs1_decrypt( &p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PUBLIC, &olen, o_priv_encrypted, p_priv_decrypted, 1024 ) ) != 0 )
{
printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret );
}