[Assignment-7] add rsa blinding against time based side channel attacks
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m1s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m4s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 1m2s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 33s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 11s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 8s
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m1s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m4s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 1m2s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 33s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 11s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 8s
This commit is contained in:
parent
ba8e969470
commit
4c9de6da37
2 changed files with 66 additions and 23 deletions
|
@ -20,6 +20,7 @@ static int random_prime(mpz_t prime, const size_t size) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int rsa_keygen(rsa_key *key) {
|
static int rsa_keygen(rsa_key *key) {
|
||||||
|
// null pointer handling
|
||||||
if(key == NULL)
|
if(key == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
@ -31,9 +32,6 @@ static int rsa_keygen(rsa_key *key) {
|
||||||
if ((!random_prime(key->p, MODULUS_SIZE/2)) || (!random_prime(key->q, MODULUS_SIZE/2)))
|
if ((!random_prime(key->p, MODULUS_SIZE/2)) || (!random_prime(key->q, MODULUS_SIZE/2)))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
//printf("%d\n", mpz_probab_prime_p(key->p, 50));
|
|
||||||
//printf("%d\n", mpz_probab_prime_p(key->q, 50));
|
|
||||||
|
|
||||||
// compute n
|
// compute n
|
||||||
mpz_mul(key->n, key->p, key->q);
|
mpz_mul(key->n, key->p, key->q);
|
||||||
|
|
||||||
|
@ -55,12 +53,30 @@ static int rsa_keygen(rsa_key *key) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int rsa_export(rsa_key *key) {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
static int rsa_import(rsa_key *key) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int rsa_init(rsa_key *key) {
|
int rsa_init(rsa_key *key) {
|
||||||
if(1) {
|
if(rsa_import(key)) {
|
||||||
return rsa_keygen(key);
|
return 1;
|
||||||
} else {
|
} else {
|
||||||
// TODO: get from sealing
|
return rsa_keygen(key);
|
||||||
}
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int rsa_public_init(rsa_public_key *key) {
|
||||||
|
// null pointer handling
|
||||||
|
if(key == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
mpz_init_set_ui(key->e, 65537);
|
||||||
|
mpz_init_set_str(key->n, "", 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
void rsa_free(rsa_key *key) {
|
void rsa_free(rsa_key *key) {
|
||||||
|
@ -68,6 +84,11 @@ void rsa_free(rsa_key *key) {
|
||||||
mpz_clears(key->p, key->q, key->n, key->e, key->d, NULL);
|
mpz_clears(key->p, key->q, key->n, key->e, key->d, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void rsa_public_free(rsa_public_key *key) {
|
||||||
|
// free bignums
|
||||||
|
mpz_clears(key->e, key->n, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
static int pkcs1(mpz_t message, const u8 *data, const size_t length) {
|
static int pkcs1(mpz_t message, const u8 *data, const size_t length) {
|
||||||
// temporary buffer
|
// temporary buffer
|
||||||
u8 padded_bytes[MODULUS_SIZE];
|
u8 padded_bytes[MODULUS_SIZE];
|
||||||
|
@ -98,40 +119,53 @@ static int pkcs1(mpz_t message, const u8 *data, const size_t length) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO RSA Blinding
|
size_t rsa_sign(u8 *sig, const u8 *sha256, const rsa_key *key) {
|
||||||
int rsa_sign(u8 *sig, const u8 *sha256, const rsa_key *key) {
|
|
||||||
// null pointer handling
|
// null pointer handling
|
||||||
if((sig == NULL) || (sha256 == NULL) || (key == NULL))
|
if((sig == NULL) || (sha256 == NULL) || (key == NULL))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
// init bignum message
|
// init bignum message
|
||||||
mpz_t message; mpz_init(message);
|
mpz_t message; mpz_init(message);
|
||||||
|
mpz_t blinder; mpz_init(blinder);
|
||||||
|
|
||||||
|
// get random blinder
|
||||||
|
random_prime(blinder, MODULUS_SIZE - 10);
|
||||||
|
|
||||||
// add padding
|
// add padding
|
||||||
if(!pkcs1(message, sha256, 32)) {
|
if(!pkcs1(message, sha256, 32)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// blind
|
||||||
|
mpz_mul(message, message, blinder);
|
||||||
|
mpz_mod(message, message, key->n);
|
||||||
|
mpz_invert(blinder, blinder, key->n);
|
||||||
|
mpz_powm(blinder, blinder, key->d, key->n);
|
||||||
|
|
||||||
// compute signature
|
// compute signature
|
||||||
mpz_powm(message, message, key->d, key->n);
|
mpz_powm(message, message, key->d, key->n);
|
||||||
|
|
||||||
|
// unblind
|
||||||
|
mpz_mul(message, message, blinder);
|
||||||
|
mpz_mod(message, message, key->n);
|
||||||
|
|
||||||
// export signature
|
// export signature
|
||||||
size_t size = (mpz_sizeinbase(message, 2) + 7) / 8;
|
size_t size = (mpz_sizeinbase(message, 2) + 7) / 8;
|
||||||
mpz_export(sig, &size, 1, 1, 0, 0, message);
|
mpz_export(sig, &size, 1, 1, 0, 0, message);
|
||||||
|
|
||||||
// free bignum and return true
|
// free bignum and return true
|
||||||
mpz_clear(message);
|
mpz_clears(message, blinder, NULL);
|
||||||
return 1;
|
return size;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int rsa_verify(const u8 *sig, const size_t sig_length, const u8 *sha256, const rsa_public_key *pk) {
|
||||||
int rsa_verify(const u8 *sig, const size_t sig_length, u8 *sha256, rsa_public_key *pk) {
|
|
||||||
// null pointer handling
|
// null pointer handling
|
||||||
if((sig == NULL) || (sha256 == NULL) || (pk == NULL))
|
if((sig == NULL) || (sha256 == NULL) || (pk == NULL))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
// initialize bignums
|
// initialize bignums
|
||||||
mpz_t signature, message; mpz_inits(signature, message, NULL);
|
mpz_t signature, message;
|
||||||
|
mpz_inits(signature, message, NULL);
|
||||||
|
|
||||||
// import signature
|
// import signature
|
||||||
mpz_import(signature, (sig_length < MODULUS_SIZE) ? sig_length : MODULUS_SIZE, 1, 1, 0, 0, sig);
|
mpz_import(signature, (sig_length < MODULUS_SIZE) ? sig_length : MODULUS_SIZE, 1, 1, 0, 0, sig);
|
||||||
|
@ -142,7 +176,7 @@ int rsa_verify(const u8 *sig, const size_t sig_length, u8 *sha256, rsa_public_ke
|
||||||
// rebuild signed message
|
// rebuild signed message
|
||||||
if(!pkcs1(message, sha256, 32))
|
if(!pkcs1(message, sha256, 32))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
// compare signature with expected value
|
// compare signature with expected value
|
||||||
if(mpz_cmp(signature, message) != 0)
|
if(mpz_cmp(signature, message) != 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -152,10 +186,15 @@ int rsa_verify(const u8 *sig, const size_t sig_length, u8 *sha256, rsa_public_ke
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void rsa_print(rsa_key *key) {
|
void rsa_print(const rsa_key *key) {
|
||||||
gmp_printf("%Zu\n", key->p);
|
gmp_printf("%Zx\n", key->p);
|
||||||
gmp_printf("%Zu\n", key->q);
|
gmp_printf("%Zx\n", key->q);
|
||||||
gmp_printf("%Zu\n", key->n);
|
gmp_printf("%Zx\n", key->n);
|
||||||
gmp_printf("%Zu\n", key->e);
|
gmp_printf("%Zx\n", key->e);
|
||||||
gmp_printf("%Zu\n", key->d);
|
gmp_printf("%Zx\n", key->d);
|
||||||
|
}
|
||||||
|
|
||||||
|
void rsa_public_print(const rsa_public_key *pk) {
|
||||||
|
gmp_printf("%Zx\n", pk->e);
|
||||||
|
gmp_printf("%Zx\n", pk->n);
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,12 +26,16 @@ typedef struct {
|
||||||
mpz_t n;
|
mpz_t n;
|
||||||
} rsa_public_key;
|
} rsa_public_key;
|
||||||
|
|
||||||
void rsa_print(rsa_key *key);
|
void rsa_print(const rsa_key *key);
|
||||||
|
void rsa_public_print(const rsa_public_key *pk);
|
||||||
|
|
||||||
int rsa_init(rsa_key *key);
|
int rsa_init(rsa_key *key);
|
||||||
void rsa_free(rsa_key *key);
|
void rsa_free(rsa_key *key);
|
||||||
|
|
||||||
int rsa_sign(u8 *sig, const u8 *sha256, const rsa_key *key);
|
int rsa_public_init(rsa_public_key *key);
|
||||||
int rsa_verify(const u8 *sig, const size_t sig_length, u8 *sha256, rsa_public_key *pk);
|
void rsa_public_free(rsa_public_key *key);
|
||||||
|
|
||||||
|
size_t rsa_sign(u8 *sig, const u8 *sha256, const rsa_key *key);
|
||||||
|
int rsa_verify(const u8 *sig, const size_t sig_length, const u8 *sha256, const rsa_public_key *pk);
|
||||||
|
|
||||||
#endif
|
#endif
|
Loading…
Reference in a new issue