Simplify DH blinding a bit
diff --git a/library/dhm.c b/library/dhm.c
index 11eee2a..b95f899 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -257,37 +257,44 @@
int ret, count;
/*
- * We can just update the previous values (by squaring them) if:
- * - the values are initialized, and
- * - our secret exponent did not change.
+ * If Vi is initialized, update it by squaring it
*/
- if( ctx->Vi.p != NULL &&
- mpi_cmp_mpi( &ctx->X, &ctx->_X ) == 0 )
+ if( ctx->Vi.p != NULL )
+ {
+ MPI_CHK( mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
+ MPI_CHK( mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );
+ }
+ else
+ {
+ /* Vi = random( 2, P-1 ) */
+ count = 0;
+ do
+ {
+ mpi_fill_random( &ctx->Vi, mpi_size( &ctx->P ), f_rng, p_rng );
+
+ while( mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 )
+ mpi_shift_r( &ctx->Vi, 1 );
+
+ if( count++ > 10 )
+ return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE );
+ }
+ while( mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
+ }
+
+ /*
+ * If X did not change, update Vf by squaring it too
+ */
+ if( mpi_cmp_mpi( &ctx->X, &ctx->_X ) == 0 )
{
MPI_CHK( mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
- MPI_CHK( mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
-
+ MPI_CHK( mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
return( 0 );
}
/*
- * Otherwise, we need to generate new values from scratch for this secret
+ * Otherwise, compute Vf from scratch
*/
- /* Vi = random( 2, P-1 ) */
- count = 0;
- do
- {
- mpi_fill_random( &ctx->Vi, mpi_size( &ctx->P ), f_rng, p_rng );
-
- while( mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 )
- mpi_shift_r( &ctx->Vi, 1 );
-
- if( count++ > 10 )
- return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE );
- }
- while( mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
-
/* Vf = Vi^-X mod P */
MPI_CHK( mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
MPI_CHK( mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) );
@@ -319,7 +326,7 @@
mpi_init( &GYb );
/* Blind peer's value */
- if( f_rng != 0 )
+ if( f_rng != NULL )
{
MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
MPI_CHK( mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
@@ -333,7 +340,7 @@
&ctx->P, &ctx->RP ) );
/* Unblind secret value */
- if( f_rng != 0 )
+ if( f_rng != NULL )
{
MPI_CHK( mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
MPI_CHK( mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data
index 0c0dce8..168c77c 100644
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@@ -1,8 +1,8 @@
Diffie-Hellman full exchange #1
-dhm_do_dhm:1024:10:"23":10:"5"
+dhm_do_dhm:10:"23":10:"5"
Diffie-Hellman full exchange #2
-dhm_do_dhm:1024:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
+dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
Diffie-Hellman full exchange #3
-dhm_do_dhm:1024:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271"
+dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271"
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index 31a9004..e8d9cea 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -8,7 +8,7 @@
*/
/* BEGIN_CASE */
-void dhm_do_dhm( int NOTUSED, int radix_P, char *input_P,
+void dhm_do_dhm( int radix_P, char *input_P,
int radix_G, char *input_G )
{
dhm_context ctx_srv;
@@ -25,8 +25,6 @@
int x_size;
rnd_pseudo_info rnd_info;
- ((void)NOTUSED);
-
memset( &ctx_srv, 0x00, sizeof( dhm_context ) );
memset( &ctx_cli, 0x00, sizeof( dhm_context ) );
memset( ske, 0x00, 1000 );