ltc: Implement mp_rand for mpa_desc

When enabling the flag LTC_RSA_BLINDING the code uses the mp_rand() function, which isn't implemented for the mpa_desc descriptor. Implement it as rand() in mpa_desc and mpa_get_random_digits() in libmpa. Fixes: OP-TEE-2016-0003 which was reported by Applus+ Laboratories. Signed-off-by: Joakim Bech <joakim.bech@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, GP) Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)
OP-TEE · Jun 19, 2017 · 13c9b83 · 13c9b83
1 parent a4036e1
commit 13c9b83
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 0 deletions.
diff --git a/core/lib/libtomcrypt/include/tomcrypt_math.h b/core/lib/libtomcrypt/include/tomcrypt_math.h
@@ -455,6 +455,15 @@ typedef struct {
    int (*rsa_me)(const unsigned char *in,   unsigned long inlen,
                        unsigned char *out,  unsigned long *outlen, int which,
                        rsa_key *key);
+
+/* ---- misc stuff ---- */
+   /** Make a pseudo-random mpanum
+      @param  a     The mpanum to make random
+      @param  size  The amount of random mpanum digits requested
+      @return CRYPT_OK on success
+   */
+   int (*rand)(void *a, int size);
+
 } ltc_math_descriptor;
 
 extern ltc_math_descriptor ltc_mp;
@@ -540,6 +549,8 @@ extern const ltc_math_descriptor gmp_desc;
 
 #define mp_tohex(a, b)               mp_toradix(a, b, 16)
 
+#define mp_rand(a, b)                ltc_mp.rand(a, b)
+
 #endif
 
 /* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_math.h,v $ */

diff --git a/core/lib/libtomcrypt/src/mpa_desc.c b/core/lib/libtomcrypt/src/mpa_desc.c
@@ -602,6 +602,12 @@ static int isprime(void *a, int b, int *c)
 	return CRYPT_OK;
 }
 
+static int rand(void *a, int size)
+{
+	return mpa_get_random_digits(a, size) != size ?
+					CRYPT_ERROR_READPRNG : CRYPT_OK;
+}
+
 ltc_math_descriptor ltc_mp = {
 	.name = "MPA",
 	.bits_per_digit = MPA_WORD_SIZE,
@@ -678,5 +684,6 @@ ltc_math_descriptor ltc_mp = {
 	.rsa_keygen = &rsa_make_key,
 	.rsa_me = &rsa_exptmod,
 #endif
+	.rand = &rand,
 
 };
diff --git a/lib/libmpa/include/mpalib.h b/lib/libmpa/include/mpalib.h
@@ -402,6 +402,19 @@ MPALIB_EXPORT void mpa_set_random_generator(random_generator_cb callback);
 
 MPALIB_EXPORT void mpa_get_random(mpanum dest, mpanum limit);
 
+/*
+ * Clear and stores "size" random digits in dest. If the requested size is
+ * greater than what mpanum dest can hold, then this will return with size zero.
+ * If the caller needs more random data, then he needs to reallocate the mpanum
+ * used.
+ *
+ * @dest	mpanum to store the random data
+ * @size	the number of random digits to get
+ *
+ * @return	the number of successfully generated random digits
+ */
+MPALIB_EXPORT int mpa_get_random_digits(mpanum dest, mpa_usize_t size);
+
 /*
  * From mpa_montgomery.c
  */

diff --git a/lib/libmpa/mpa_random.c b/lib/libmpa/mpa_random.c
@@ -79,3 +79,18 @@ void mpa_get_random(mpanum dest, mpanum limit)
 		}
 	}
 }
+
+int mpa_get_random_digits(mpanum dest, mpa_usize_t size)
+{
+	mpa_wipe(dest);
+
+	if (size > __mpanum_alloced(dest))
+		return 0;
+
+	dest->size = size;
+
+	if (get_rng_array(&dest->d, WORDS_TO_BYTES(__mpanum_size(dest))))
+		return 0;
+
+	return __mpanum_size(dest);
+}