diff options
| author | lloyd <[email protected]> | 2010-03-08 19:39:38 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2010-03-08 19:39:38 +0000 |
| commit | bd79f42e733a1119033f049effdd341916f38c62 (patch) | |
| tree | c0d8a065e0b5e8106364bd355a5618d28627b0de /src/pubkey/blinding.cpp | |
| parent | 868c7f7d9c306e6e15d24f2b32e529aa1956516e (diff) | |
Add back in blinding to RSA, RW, ElGamal, and DH.
There are multiple unsatisfactory elements to the current solution,
as compared to how blinding was previously done:
Firstly, blinding is only used in the baseline implementations; the code
using OpenSSL and GMP is not protected by blinding at all.
Secondly, at the point we need to set up blinding, there is no access
to a PRNG. Currently I am going with a quite nasty solution, of using
a private key parameter to seed a simple PRNG constructed as:
SHA-512(TS1 || private_key_param || public_key_param || TS2)
I really want to fix both of these elements but I'm not sure how to do
so easily.
Diffstat (limited to 'src/pubkey/blinding.cpp')
| -rw-r--r-- | src/pubkey/blinding.cpp | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/src/pubkey/blinding.cpp b/src/pubkey/blinding.cpp new file mode 100644 index 000000000..2bb6680d6 --- /dev/null +++ b/src/pubkey/blinding.cpp @@ -0,0 +1,76 @@ +/* +* Blinding for public key operations +* (C) 1999-2010 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/blinding.h> +#include <botan/numthry.h> +#include <botan/libstate.h> +#include <botan/hash.h> +#include <botan/time.h> +#include <botan/loadstor.h> +#include <memory> + +namespace Botan { + +/* +* Blinder Constructor +*/ +Blinder::Blinder(const BigInt& e, const BigInt& d, const BigInt& n) + { + if(e < 1 || d < 1 || n < 1) + throw Invalid_Argument("Blinder: Arguments too small"); + + reducer = Modular_Reducer(n); + this->e = e; + this->d = d; + } + +BigInt Blinder::choose_nonce(const BigInt& x, const BigInt& mod) + { + Algorithm_Factory& af = global_state().algorithm_factory(); + + std::auto_ptr<HashFunction> hash(af.make_hash_function("SHA-512")); + + u64bit ns_clock = get_nanoseconds_clock(); + for(size_t i = 0; i != sizeof(ns_clock); ++i) + hash->update(get_byte(0, ns_clock)); + + hash->update(BigInt::encode(x)); + hash->update(BigInt::encode(mod)); + + u64bit timestamp = system_time(); + for(size_t i = 0; i != sizeof(timestamp); ++i) + hash->update(get_byte(0, timestamp)); + + SecureVector<byte> r = hash->final(); + + return BigInt::decode(r) % mod; + } + +/* +* Blind a number +*/ +BigInt Blinder::blind(const BigInt& i) const + { + if(!reducer.initialized()) + return i; + + e = reducer.square(e); + d = reducer.square(d); + return reducer.multiply(i, e); + } + +/* +* Unblind a number +*/ +BigInt Blinder::unblind(const BigInt& i) const + { + if(!reducer.initialized()) + return i; + return reducer.multiply(i, d); + } + +} |