RSA: use constant-time modinv in deduce_crt()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/bignum.c b/library/bignum.c
index f7ec35a..00aa79c 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1924,9 +1924,9 @@
/*
* Modular inverse: X = A^-1 mod N with N odd (and A any range)
*/
-static int mbedtls_mpi_inv_mod_odd(mbedtls_mpi *X,
- const mbedtls_mpi *A,
- const mbedtls_mpi *N)
+int mbedtls_mpi_inv_mod_odd(mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi T, G;
diff --git a/library/bignum_internal.h b/library/bignum_internal.h
index f3f6fcb..a947497 100644
--- a/library/bignum_internal.h
+++ b/library/bignum_internal.h
@@ -80,4 +80,22 @@
const mbedtls_mpi *A,
const mbedtls_mpi *N);
+/**
+ * \brief Modular inverse: X = A^-1 mod N with N odd
+ *
+ * \param[out] X The inverse of \p A modulo \p N on success,
+ * indeterminate otherwise.
+ * \param[in] A The number to invert.
+ * \param[in] N The modulus. Must be odd and greater than 1.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if preconditions were not
+ * met.
+ * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A is not invertible mod N.
+ */
+int mbedtls_mpi_inv_mod_odd(mbedtls_mpi *X,
+ const mbedtls_mpi *A,
+ const mbedtls_mpi *N);
+
#endif /* bignum_internal.h */
diff --git a/library/rsa_alt_helpers.c b/library/rsa_alt_helpers.c
index feb7874..d91949a 100644
--- a/library/rsa_alt_helpers.c
+++ b/library/rsa_alt_helpers.c
@@ -245,7 +245,7 @@
/* QP = Q^{-1} mod P */
if (QP != NULL) {
- MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(QP, Q, P));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod_odd(QP, Q, P));
}
cleanup: