diff options
author | Janos Follath <janos.follath@arm.com> | 2023-11-21 09:46:43 +0000 |
---|---|---|
committer | Dave Rodgman <dave.rodgman@arm.com> | 2024-01-22 15:33:19 +0000 |
commit | 6bcbc925bfe6f56c2d9871e34126cde37181ee14 (patch) | |
tree | a0cbe32caa65dae4c61b4b5eca99c8de52612869 | |
parent | d6b096532c936390d9a085dedb6444cee069a3ba (diff) | |
download | mbedtls-6bcbc925bfe6f56c2d9871e34126cde37181ee14.tar.gz |
Extend blinding to RSA result check
Signed-off-by: Janos Follath <janos.follath@arm.com>
-rw-r--r-- | library/rsa.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/library/rsa.c b/library/rsa.c index 32a26500e..5b6bf404a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1113,8 +1113,6 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, goto cleanup; } - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&I, &T)); - /* * Blinding * T = T * Vi mod N @@ -1123,6 +1121,8 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vi)); MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&I, &T)); + /* * Exponent blinding */ @@ -1191,12 +1191,6 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&T, &TQ, &TP)); #endif /* MBEDTLS_RSA_NO_CRT */ - /* - * Unblind - * T = T * Vf mod N - */ - MBEDTLS_MPI_CHK(rsa_unblind(&T, &ctx->Vf, &ctx->N)); - /* Verify the result to prevent glitching attacks. */ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&C, &T, &ctx->E, &ctx->N, &ctx->RN)); @@ -1205,6 +1199,12 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, goto cleanup; } + /* + * Unblind + * T = T * Vf mod N + */ + MBEDTLS_MPI_CHK(rsa_unblind(&T, &ctx->Vf, &ctx->N)); + olen = ctx->len; MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen)); |