diff options
| author | lloyd <[email protected]> | 2010-03-08 19:39:38 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2010-03-08 19:39:38 +0000 |
| commit | bd79f42e733a1119033f049effdd341916f38c62 (patch) | |
| tree | c0d8a065e0b5e8106364bd355a5618d28627b0de /src/pubkey/rw | |
| parent | 868c7f7d9c306e6e15d24f2b32e529aa1956516e (diff) | |
Add back in blinding to RSA, RW, ElGamal, and DH.
There are multiple unsatisfactory elements to the current solution,
as compared to how blinding was previously done:
Firstly, blinding is only used in the baseline implementations; the code
using OpenSSL and GMP is not protected by blinding at all.
Secondly, at the point we need to set up blinding, there is no access
to a PRNG. Currently I am going with a quite nasty solution, of using
a private key parameter to seed a simple PRNG constructed as:
SHA-512(TS1 || private_key_param || public_key_param || TS2)
I really want to fix both of these elements but I'm not sure how to do
so easily.
Diffstat (limited to 'src/pubkey/rw')
| -rw-r--r-- | src/pubkey/rw/rw.cpp | 6 | ||||
| -rw-r--r-- | src/pubkey/rw/rw.h | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/src/pubkey/rw/rw.cpp b/src/pubkey/rw/rw.cpp index b2bf2f916..af2b849ff 100644 --- a/src/pubkey/rw/rw.cpp +++ b/src/pubkey/rw/rw.cpp @@ -81,6 +81,8 @@ RW_Signature_Operation::RW_Signature_Operation(const RW_PrivateKey& rw) : powermod_d2_q(rw.get_d2(), rw.get_q()), mod_p(rw.get_p()) { + BigInt k = Blinder::choose_nonce(rw.get_d(), n); + blinder = Blinder(power_mod(k, rw.get_e(), n), inverse_mod(k, n), n); } SecureVector<byte> @@ -95,11 +97,13 @@ RW_Signature_Operation::sign(const byte msg[], u32bit msg_len, if(jacobi(i, n) != 1) i >>= 1; + i = blinder.blind(i); + BigInt j1 = powermod_d1_p(i); BigInt j2 = powermod_d2_q(i); j1 = mod_p.reduce(sub_mul(j1, j2, c)); - BigInt r = mul_add(j1, q, j2); + BigInt r = blinder.unblind(mul_add(j1, q, j2)); r = std::min(r, n - r); diff --git a/src/pubkey/rw/rw.h b/src/pubkey/rw/rw.h index 8ca8d18b0..25e7be634 100644 --- a/src/pubkey/rw/rw.h +++ b/src/pubkey/rw/rw.h @@ -10,6 +10,7 @@ #include <botan/if_algo.h> #include <botan/reducer.h> +#include <botan/blinding.h> namespace Botan { @@ -73,6 +74,7 @@ class BOTAN_DLL RW_Signature_Operation : public PK_Ops::Signature Fixed_Exponent_Power_Mod powermod_d1_p, powermod_d2_q; Modular_Reducer mod_p; + Blinder blinder; }; class BOTAN_DLL RW_Verification_Operation : public PK_Ops::Verification |