diff options
author | Niels Möller <nisse@lysator.liu.se> | 2018-12-26 11:30:21 +0100 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2018-12-26 11:30:21 +0100 |
commit | fc30c4d8276db2802d844be0c6c2cc67ff2d43cf (patch) | |
tree | 24ce9f3a3cb7225ec63d6631df8e432ced079cf7 /rsa-internal.h | |
parent | 16d8133bec6d196ce3c5d02349a6475efaccf6c0 (diff) | |
parent | 350d87626235a20ec299ea851ef0b81218f1a5ec (diff) | |
download | nettle-fc30c4d8276db2802d844be0c6c2cc67ff2d43cf.tar.gz |
Merge branch 'release-3.4-fixes' into master
Diffstat (limited to 'rsa-internal.h')
-rw-r--r-- | rsa-internal.h | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/rsa-internal.h b/rsa-internal.h index 5c97eaa1..264c0a6a 100644 --- a/rsa-internal.h +++ b/rsa-internal.h @@ -34,13 +34,18 @@ #ifndef NETTLE_RSA_INTERNAL_H_INCLUDED #define NETTLE_RSA_INTERNAL_H_INCLUDED -#include "nettle-types.h" +#include "rsa.h" #define _rsa_verify _nettle_rsa_verify #define _rsa_verify_recover _nettle_rsa_verify_recover #define _rsa_check_size _nettle_rsa_check_size #define _rsa_blind _nettle_rsa_blind #define _rsa_unblind _nettle_rsa_unblind +#define _rsa_sec_compute_root_itch _nettle_rsa_sec_compute_root_itch +#define _rsa_sec_compute_root _nettle_rsa_sec_compute_root +#define _rsa_sec_compute_root_tr _nettle_rsa_sec_compute_root_tr +#define _pkcs1_sec_decrypt _nettle_pkcs1_sec_decrypt +#define _pkcs1_sec_decrypt_variable _nettle_pkcs1_sec_decrypt_variable /* Internal functions. */ int @@ -66,4 +71,32 @@ void _rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri) _NETTLE_ATTRIBUTE_DEPRECATED; +/* side-channel silent root computation */ +mp_size_t +_rsa_sec_compute_root_itch(const struct rsa_private_key *key); +void +_rsa_sec_compute_root(const struct rsa_private_key *key, + mp_limb_t *rp, const mp_limb_t *mp, + mp_limb_t *scratch); + +/* Safe side-channel silent variant, using RSA blinding, and checking the + * result after CRT. */ +int +_rsa_sec_compute_root_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + mp_limb_t *x, const mp_limb_t *m, size_t mn); + +/* additional resistance to memory access side-channel attacks. + * Note: message buffer is returned unchanged on error */ +int +_pkcs1_sec_decrypt (size_t length, uint8_t *message, + size_t padded_message_length, + const volatile uint8_t *padded_message); + +int +_pkcs1_sec_decrypt_variable(size_t *length, uint8_t *message, + size_t padded_message_length, + const volatile uint8_t *padded_message); + #endif /* NETTLE_RSA_INTERNAL_H_INCLUDED */ |