diff options
| author | lloyd <[email protected]> | 2010-03-08 19:39:38 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2010-03-08 19:39:38 +0000 |
| commit | bd79f42e733a1119033f049effdd341916f38c62 (patch) | |
| tree | c0d8a065e0b5e8106364bd355a5618d28627b0de /src/pubkey/dh | |
| parent | 868c7f7d9c306e6e15d24f2b32e529aa1956516e (diff) | |
Add back in blinding to RSA, RW, ElGamal, and DH.
There are multiple unsatisfactory elements to the current solution,
as compared to how blinding was previously done:
Firstly, blinding is only used in the baseline implementations; the code
using OpenSSL and GMP is not protected by blinding at all.
Secondly, at the point we need to set up blinding, there is no access
to a PRNG. Currently I am going with a quite nasty solution, of using
a private key parameter to seed a simple PRNG constructed as:
SHA-512(TS1 || private_key_param || public_key_param || TS2)
I really want to fix both of these elements but I'm not sure how to do
so easily.
Diffstat (limited to 'src/pubkey/dh')
| -rw-r--r-- | src/pubkey/dh/dh.cpp | 16 | ||||
| -rw-r--r-- | src/pubkey/dh/dh.h | 19 |
2 files changed, 22 insertions, 13 deletions
diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp index 70791fee4..b242bf8c0 100644 --- a/src/pubkey/dh/dh.cpp +++ b/src/pubkey/dh/dh.cpp @@ -75,4 +75,20 @@ MemoryVector<byte> DH_PrivateKey::public_value() const return DH_PublicKey::public_value(); } +DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) : + p(dh.group_p()), powermod_x_p(dh.get_x(), p) + { + BigInt k = Blinder::choose_nonce(dh.get_x(), p); + blinder = Blinder(k, power_mod(inverse_mod(k, p), dh.get_x(), p), p); + } + +SecureVector<byte> DH_KA_Operation::agree(const byte w[], u32bit w_len) const + { + BigInt input = BigInt::decode(w, w_len); + + BigInt r = blinder.unblind(powermod_x_p(blinder.blind(input))); + + return BigInt::encode_1363(r, p.bytes()); + } + } diff --git a/src/pubkey/dh/dh.h b/src/pubkey/dh/dh.h index ed8caf0c1..0cc2aaabc 100644 --- a/src/pubkey/dh/dh.h +++ b/src/pubkey/dh/dh.h @@ -10,6 +10,7 @@ #include <botan/dl_algo.h> #include <botan/pow_mod.h> +#include <botan/blinding.h> #include <botan/pk_ops.h> namespace Botan { @@ -77,22 +78,14 @@ class BOTAN_DLL DH_PrivateKey : public DH_PublicKey, class BOTAN_DLL DH_KA_Operation : public PK_Ops::Key_Agreement { public: + DH_KA_Operation(const DH_PrivateKey& key); - DH_KA_Operation(const DH_PrivateKey& key) : - powermod_x_p(key.get_x(), key.get_domain().get_p()), - p_bytes(key.get_domain().get_p().bytes()) - {} - - SecureVector<byte> agree(const byte w[], u32bit w_len) const - { - return BigInt::encode_1363( - powermod_x_p(BigInt::decode(w, w_len)), - p_bytes); - } - + SecureVector<byte> agree(const byte w[], u32bit w_len) const; private: + const BigInt& p; + Fixed_Exponent_Power_Mod powermod_x_p; - u32bit p_bytes; + Blinder blinder; }; } |