Added define LTC_RSA_BLINDING to be able to disable rsa blinding

src/headers/tomcrypt_custom.h

@@ -289,10 +289,10 @@
 #ifndef LTC_NO_MATH
 
 /* LibTomMath */
-/* #define LTM_LTC_DESC */
+/* #define LTM_DESC */
 
 /* TomsFastMath */
-/* #define TFM_LTC_DESC */
+/* #define TFM_DESC */
 
 #endif /* LTC_NO_MATH */
 
@@ -302,6 +302,9 @@
 /* Include RSA support */
 #define LTC_MRSA
 
+/* Enable RSA blinding when doing private key operations? */
+/* #define LTC_RSA_BLINDING */
+
 /* Include Diffie-Hellman support */
 #ifndef GPM_DESC
 /* is_prime fails for GPM */
@@ -382,6 +385,11 @@
    #define LTC_PKCS_1
 #endif   
 
+#if defined(TFM_DESC) && defined(LTC_RSA_BLINDING)
+    #warning RSA blinding currently not supported in combination with TFM
+    #undef LTC_RSA_BLINDING
+#endif
+
 #if defined(LTC_DER) && !defined(MPI) 
    #error ASN.1 DER requires MPI functionality
 #endif

src/headers/tomcrypt_math.h

@@ -431,6 +431,15 @@ typedef struct {
       @return CRYPT_OK on success
    */
    int (*submod)(void *a, void *b, void *c, void *d);
+
+/* ---- misc stuff ---- */
+   /** Make a pseudo-random mpi
+      @param  a     The mpi to make random
+      @param  size  The desired length
+      @return CRYPT_OK on success
+   */
+   int (*rand)(void *a, int size);
+
 } ltc_math_descriptor;
 
 extern ltc_math_descriptor ltc_mp;
@@ -515,6 +524,8 @@ extern const ltc_math_descriptor gmp_desc;
 
 #define mp_tohex(a, b)               mp_toradix(a, b, 16)
 
+#define mp_rand(a, b)                ltc_mp.rand(a, b)
+
 #endif
 
 /* $Source$ */

src/math/gmp_desc.c

@@ -409,6 +409,13 @@ static int isprime(void *a, int *b)
    return CRYPT_OK;
 }
 
+static int set_rand(void *a, int size)
+{
+   LTC_ARGCHK(a != NULL);
+   mpz_random(a, size);
+   return CRYPT_OK;
+}
+
 const ltc_math_descriptor gmp_desc = {
    "GNU MP",
    sizeof(mp_limb_t) * CHAR_BIT - GMP_NAIL_BITS,
@@ -492,6 +499,8 @@ const ltc_math_descriptor gmp_desc = {
    &addmod,
    &submod,
    
+   &set_rand,
+
 };
 
 

src/math/ltm_desc.c

@@ -408,7 +408,13 @@ static int isprime(void *a, int *b)
    err = mpi_to_ltc_error(mp_prime_is_prime(a, 8, b));
    *b = (*b == MP_YES) ? LTC_MP_YES : LTC_MP_NO;
    return err;
-}   
+}
+
+static int set_rand(void *a, int size)
+{
+   LTC_ARGCHK(a != NULL);
+   return mpi_to_ltc_error(mp_rand(a, size));
+}
 
 const ltc_math_descriptor ltm_desc = {
 
@@ -494,6 +500,8 @@ const ltc_math_descriptor ltm_desc = {
    &addmod,
    &submod,
    
+   &set_rand,
+
 };
 
 

src/math/tfm_desc.c

@@ -787,6 +787,8 @@ const ltc_math_descriptor tfm_desc = {
    &addmod,
    &submod,
    
+   NULL,
+
 };
 
 

src/pk/rsa/rsa_exptmod.c

@@ -15,25 +15,28 @@
 /**
   @file rsa_exptmod.c
   RSA LTC_PKCS exptmod, Tom St Denis
-*/  
+*/
 
 #ifdef LTC_MRSA
 
-/** 
-   Compute an RSA modular exponentiation 
+/**
+   Compute an RSA modular exponentiation
    @param in         The input data to send into RSA
    @param inlen      The length of the input (octets)
-   @param out        [out] The destination 
+   @param out        [out] The destination
    @param outlen     [in/out] The max size and resulting size of the output
    @param which      Which exponent to use, e.g. PK_PRIVATE or PK_PUBLIC
-   @param key        The RSA key to use 
+   @param key        The RSA key to use
    @return CRYPT_OK if successful
-*/   
+*/
 int rsa_exptmod(const unsigned char *in,   unsigned long inlen,
                       unsigned char *out,  unsigned long *outlen, int which,
                       rsa_key *key)
 {
-   void        *tmp, *tmpa, *tmpb, *rnd, *rndi /* inverse of rnd */;
+   void        *tmp, *tmpa, *tmpb;
+   #ifdef LTC_RSA_BLINDING
+   void        *rnd = NULL, *rndi = NULL /* inverse of rnd */;
+   #endif
    unsigned long x;
    int           err;
 
@@ -41,7 +44,7 @@ int rsa_exptmod(const unsigned char *in,   unsigned long inlen,
    LTC_ARGCHK(out    != NULL);
    LTC_ARGCHK(outlen != NULL);
    LTC_ARGCHK(key    != NULL);
-  
+
    /* is the key of the right type for the operation? */
    if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) {
       return CRYPT_PK_NOT_PRIVATE;
@@ -53,7 +56,7 @@ int rsa_exptmod(const unsigned char *in,   unsigned long inlen,
    }
 
    /* init and copy into tmp */
-   if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, &rnd, &rndi, NULL)) != CRYPT_OK)
+   if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != CRYPT_OK)
         { return err; }
    if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK)
         { goto error; }
@@ -67,49 +70,55 @@ int rsa_exptmod(const unsigned char *in,   unsigned long inlen,
 
    /* are we using the private exponent and is the key optimized? */
    if (which == PK_PRIVATE) {
+      #ifdef LTC_RSA_BLINDING
+      if ((err = mp_init_multi(&rnd, &rndi, NULL)) != CRYPT_OK)
+            { goto error; }
       /* do blinding */
       err = mp_rand(rnd, mp_count_bits(key->N));
       if (err != CRYPT_OK) {
-             goto error;
+             goto error_blind;
       }
 
       /* rndi = 1/rnd mod N */
       err = mp_invmod(rnd, key->N, rndi);
       if (err != CRYPT_OK) {
-             goto error;
+             goto error_blind;
       }
 
       /* rnd = rnd^e */
       err = mp_exptmod( rnd, key->e, key->N, rnd);
       if (err != CRYPT_OK) {
-             goto error;
+             goto error_blind;
       }
 
       /* tmp = tmp*rnd mod N */
       err = mp_mulmod( tmp, rnd, key->N, tmp);
       if (err != CRYPT_OK) {
-             goto error;
+             goto error_blind;
       }
+      #endif /* LTC_RSA_BLINDING */
 
       /* tmpa = tmp^dP mod p */
-      if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK)                               { goto error; }
+      if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK)                               { goto error_blind; }
 
       /* tmpb = tmp^dQ mod q */
-      if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK)                               { goto error; }
+      if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK)                               { goto error_blind; }
 
       /* tmp = (tmpa - tmpb) * qInv (mod p) */
-      if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK)                                              { goto error; }
-      if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK)                                { goto error; }
+      if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK)                                              { goto error_blind; }
+      if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK)                                { goto error_blind; }
 
       /* tmp = tmpb + q * tmp */
-      if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK)                                             { goto error; }
-      if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK)                                               { goto error; }
+      if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK)                                             { goto error_blind; }
+      if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK)                                               { goto error_blind; }
 
+      #ifdef LTC_RSA_BLINDING
       /* unblind */
       err = mp_mulmod( tmp, rndi, key->N, tmp);
       if (err != CRYPT_OK) {
-             goto error;
+             goto error_blind;
       }
+      #endif
    } else {
       /* exptmod it */
       if ((err = mp_exptmod(tmp, key->e, key->N, tmp)) != CRYPT_OK)                                { goto error; }
@@ -136,8 +145,12 @@ int rsa_exptmod(const unsigned char *in,   unsigned long inlen,
 
    /* clean up and return */
    err = CRYPT_OK;
+error_blind:
+   #ifdef LTC_RSA_BLINDING
+   mp_clear_multi(rnd, rndi, NULL);
+   #endif
 error:
-   mp_clear_multi(tmp, tmpa, tmpb, rnd, rndi, NULL);
+   mp_clear_multi(tmp, tmpa, tmpb, NULL);
    return err;
 }