[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-129-gd90a0ed
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-129-gd90a0ed |
|
Date: |
Tue, 25 May 2010 21:56:43 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=d90a0ed923033eb7106931c2b12b2f4b9e565b6e
The branch, new has been updated
via d90a0ed923033eb7106931c2b12b2f4b9e565b6e (commit)
via 69d938df376914aeac103522622a288ed9f8b308 (commit)
from 65d2a34b3b954e7e4bc0739ba3505f251c0bfdbb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d90a0ed923033eb7106931c2b12b2f4b9e565b6e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue May 25 23:56:05 2010 +0200
Corrected coefficient and exp[12] values in key.
commit 69d938df376914aeac103522622a288ed9f8b308
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue May 25 23:53:25 2010 +0200
Added blinding in RSA. Correct broken private keys on import. Nettle
uses more values than gcrypt does from RSA decryption and it seemed
that some values in our stored private keys were messy (generated by
very old gnutls).
-----------------------------------------------------------------------
Summary of changes:
doc/credentials/x509/key.pem | 32 ++++++------
lib/nettle/pk.c | 112 +++++++++++++++++++++++++++++++++++++-----
2 files changed, 116 insertions(+), 28 deletions(-)
diff --git a/doc/credentials/x509/key.pem b/doc/credentials/x509/key.pem
index 1d8521f..a8d1e65 100644
--- a/doc/credentials/x509/key.pem
+++ b/doc/credentials/x509/key.pem
@@ -1,16 +1,16 @@
------BEGIN PRIVATE KEY-----
-MIICcwIBADALBgkqhkiG9w0BAQEEggJfMIICWwIBAAKBgQDVyFSoD2JvxLkYp3b0
-H13WvCBSdwWEk+7T5EryQ7I6xXeoF211Z4FKIZZKjVEeRyZX0GVtS2a4eKgBSRk9
-KjyC2gTLcmlJ6ZbbbUGyPAhOMZ5nFmxv7gL9TZcdQiU76OoErlVhuk1eQ//ah8yR
-ZYBnIqcj48wh8W+/9wBKwjSTjwIDAQABAoGAAn2Ueua++1Vb4K0mxh5NbhCAAeXw
-EwTULfTFaMAgJe4iADvRoyIDEBWHFjRCQyuKB1DetaDAwBprvqQW3q8MyGYD7P9h
-85Wfu/hpIYKTw9hNeph420aE8WXw2yglTkJz3bzkMrXe/WjdhS1kTt8avCNQR/p0
-jM/UHvNze4oLc1ECQQDfammiczQFtj+Fuf3CNcYwp5XNumF+pubdGb+UHUiHyCuV
-Qxvm+LXgq8wXV/uXFLrp7FQFLCDQf0jiKDB2YQvRAkEA9PY/2AaGsU7j8ePwQbxC
-kwuj3hY6O6aNLIGxKxwZrzbob26c+tQk/++e0IXusIscBvcRV1Kg8Ff6fnw7/Adh
-XwJAG8qVbOuRmGk0BkwuFmPoeW3vNQgRX96O7po0qPBqVdRAU2rvzYtkCFxYqq0i
-lI0ekZtAfKxbeykaQaRkkKPaoQJAcifPyWJ/tu8z4DM7Ka+pFqTMwIllM1U3vFtv
-3LXezDE7AGDCyHKdB7MXcPXqj6nmCLMiswwiLLahAOBnUqk6xwJAJQ4pGcFFlCiI
-iVsq0wYSYmZUcRpSIInEQ0f8/xN6J22ZsiP5vnJM3F7R6ciYTt2gzNci/W9cdZI2
-HxskkO5lbQ==
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDVyFSoD2JvxLkYp3b0H13WvCBSdwWEk+7T5EryQ7I6xXeoF211
+Z4FKIZZKjVEeRyZX0GVtS2a4eKgBSRk9KjyC2gTLcmlJ6ZbbbUGyPAhOMZ5nFmxv
+7gL9TZcdQiU76OoErlVhuk1eQ//ah8yRZYBnIqcj48wh8W+/9wBKwjSTjwIDAQAB
+AoGAAn2Ueua++1Vb4K0mxh5NbhCAAeXwEwTULfTFaMAgJe4iADvRoyIDEBWHFjRC
+QyuKB1DetaDAwBprvqQW3q8MyGYD7P9h85Wfu/hpIYKTw9hNeph420aE8WXw2ygl
+TkJz3bzkMrXe/WjdhS1kTt8avCNQR/p0jM/UHvNze4oLc1ECQQDfammiczQFtj+F
+uf3CNcYwp5XNumF+pubdGb+UHUiHyCuVQxvm+LXgq8wXV/uXFLrp7FQFLCDQf0ji
+KDB2YQvRAkEA9PY/2AaGsU7j8ePwQbxCkwuj3hY6O6aNLIGxKxwZrzbob26c+tQk
+/++e0IXusIscBvcRV1Kg8Ff6fnw7/AdhXwJAG8qVbOuRmGk0BkwuFmPoeW3vNQgR
+X96O7po0qPBqVdRAU2rvzYtkCFxYqq0ilI0ekZtAfKxbeykaQaRkkKPaoQJAcifP
+yWJ/tu8z4DM7Ka+pFqTMwIllM1U3vFtv3LXezDE7AGDCyHKdB7MXcPXqj6nmCLMi
+swwiLLahAOBnUqk6xwJAJQ4pGcFFlCiIiVsq0wYSYmZUcRpSIInEQ0f8/xN6J22Z
+siP5vnJM3F7R6ciYTt2gzNci/W9cdZI2HxskkO5lbQ==
+-----END RSA PRIVATE KEY-----
+
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index e028d9b..e82cac9 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -65,15 +65,13 @@ static void _dsa_params_to_privkey(const
gnutls_pk_params_st * pk_params, struct
static void _rsa_params_to_privkey(const gnutls_pk_params_st * pk_params,
struct rsa_private_key *priv)
{
-mpz_t q_1;
-
memcpy(&priv->d, pk_params->params[2], sizeof(mpz_t));
memcpy(&priv->p, pk_params->params[3], sizeof(mpz_t));
memcpy(&priv->q, pk_params->params[4], sizeof(mpz_t));
memcpy(&priv->c, pk_params->params[5], sizeof(mpz_t));
-
memcpy(&priv->a, pk_params->params[6], sizeof(mpz_t));
memcpy(&priv->b, pk_params->params[7], sizeof(mpz_t));
+
}
static int
@@ -119,6 +117,65 @@ cleanup:
return ret;
}
+/* returns the blinded c and the inverse of a random
+ * number r;
+ */
+static bigint_t rsa_blind(bigint_t c, bigint_t e, bigint_t n, bigint_t *_ri)
+{
+bigint_t nc = NULL, r = NULL, ri = NULL;
+
+ /* nc = c*(r^e)
+ * ri = r^(-1)
+ */
+ nc = _gnutls_mpi_alloc_like(n);
+ if (nc == NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ri = _gnutls_mpi_alloc_like(n);
+ if (nc == NULL) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ r = _gnutls_mpi_randomize (NULL, _gnutls_mpi_get_nbits(n),
+ GNUTLS_RND_NONCE);
+ if (r == NULL) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ /* invert r */
+ if (mpz_invert(ri, r, n)==0) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ /* r = r^e */
+
+ _gnutls_mpi_powm(r, r, e, n);
+
+ _gnutls_mpi_mulm(nc, c, r, n);
+
+ *_ri = ri;
+
+ _gnutls_mpi_release(&r);
+
+ return nc;
+fail:
+ _gnutls_mpi_release(&nc);
+ _gnutls_mpi_release(&r);
+ return NULL;
+}
+
+/* c = c*ri mod n
+ */
+static inline void rsa_unblind(bigint_t c, bigint_t ri, bigint_t n)
+{
+ _gnutls_mpi_mulm(c, c, ri, n);
+}
+
static int
_wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
gnutls_datum_t * plaintext,
@@ -131,24 +188,32 @@ _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
switch (algo) {
case GNUTLS_PK_RSA: {
struct rsa_private_key priv;
- bigint_t c;
+ bigint_t c, ri, nc;
if (_gnutls_mpi_scan_nz(&c, ciphertext->data, ciphertext->size)
!= 0) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- /* FIXME: implement blinding */
+ nc = rsa_blind(c, pk_params->params[1]/*e*/,
+ pk_params->params[0]/*m*/, &ri);
+ _gnutls_mpi_release(&c);
+ if (nc == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
rsa_private_key_init(&priv);
_rsa_params_to_privkey(pk_params, &priv);
- rsa_compute_root(&priv, TOMPZ(c), TOMPZ(c));
+ rsa_compute_root(&priv, TOMPZ(nc), TOMPZ(nc));
- ret = _gnutls_mpi_dprint(c, plaintext);
- _gnutls_mpi_release(&c);
- mpz_clear(priv.a);
- mpz_clear(priv.b);
+ rsa_unblind(nc, ri, pk_params->params[0]/*m*/);
+
+ ret = _gnutls_mpi_dprint_size(nc, plaintext, ciphertext->size);
+
+ _gnutls_mpi_release(&nc);
+ _gnutls_mpi_release(&ri);
if (ret < 0) {
gnutls_assert();
@@ -224,8 +289,6 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
ret = _gnutls_mpi_dprint(hash, signature);
_gnutls_mpi_release(&hash);
- mpz_clear(priv.a);
- mpz_clear(priv.b);
if (ret < 0) {
gnutls_assert();
@@ -446,6 +509,31 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
gnutls_direction_t direction,
gnutls_pk_params_st * params)
{
+
+ if (direction == GNUTLS_IMPORT) {
+ /* do not trust the generated values. Some old private keys
+ * generated by us have mess on the values. Those were very
+ * old but it seemed some of the shipped example private
+ * keys were as old.
+ */
+ mpz_t q_1;
+
+ mpz_invert(TOMPZ(params->params[5]), TOMPZ(params->params[4]),
TOMPZ(params->params[3]));
+
+ mpz_init(q_1);
+
+ /* a = d % p-1 */
+ mpz_sub_ui(q_1, TOMPZ(params->params[3])/*p*/, 1);
+ mpz_fdiv_r(TOMPZ(params->params[6]),
TOMPZ(params->params[2])/*d*/, q_1);
+
+ /* b = d % q-1 */
+ mpz_sub_ui(q_1, TOMPZ(params->params[4])/*p*/, 1);
+
+ mpz_fdiv_r(TOMPZ(params->params[7]),
TOMPZ(params->params[2])/*d*/, q_1);
+
+ mpz_clear(q_1);
+ }
+
return 0;
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-129-gd90a0ed,
Nikos Mavrogiannopoulos <=