Permalink
Browse files

ltc: Implement mp_rand for mpa_desc

When enabling the flag LTC_RSA_BLINDING the code uses the mp_rand()
function, which isn't implemented for the mpa_desc descriptor. Implement
it as rand() in mpa_desc and mpa_get_random_digits() in libmpa.

Fixes: OP-TEE-2016-0003 which was reported by Applus+ Laboratories.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)
  • Loading branch information...
jbech-linaro authored and jforissier committed Feb 13, 2017
1 parent a4036e1 commit 13c9b83130e08ddd53fb3a456a678c7e3040deb9
@@ -455,6 +455,15 @@ typedef struct {
int (*rsa_me)(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen, int which,
rsa_key *key);
/* ---- misc stuff ---- */
/** Make a pseudo-random mpanum
@param a The mpanum to make random
@param size The amount of random mpanum digits requested
@return CRYPT_OK on success
*/
int (*rand)(void *a, int size);
} ltc_math_descriptor;
extern ltc_math_descriptor ltc_mp;
@@ -540,6 +549,8 @@ extern const ltc_math_descriptor gmp_desc;
#define mp_tohex(a, b) mp_toradix(a, b, 16)
#define mp_rand(a, b) ltc_mp.rand(a, b)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_math.h,v $ */
@@ -602,6 +602,12 @@ static int isprime(void *a, int b, int *c)
return CRYPT_OK;
}
static int rand(void *a, int size)
{
return mpa_get_random_digits(a, size) != size ?
CRYPT_ERROR_READPRNG : CRYPT_OK;
}
ltc_math_descriptor ltc_mp = {
.name = "MPA",
.bits_per_digit = MPA_WORD_SIZE,
@@ -678,5 +684,6 @@ ltc_math_descriptor ltc_mp = {
.rsa_keygen = &rsa_make_key,
.rsa_me = &rsa_exptmod,
#endif
.rand = &rand,
};
@@ -402,6 +402,19 @@ MPALIB_EXPORT void mpa_set_random_generator(random_generator_cb callback);
MPALIB_EXPORT void mpa_get_random(mpanum dest, mpanum limit);
/*
* Clear and stores "size" random digits in dest. If the requested size is
* greater than what mpanum dest can hold, then this will return with size zero.
* If the caller needs more random data, then he needs to reallocate the mpanum
* used.
*
* @dest mpanum to store the random data
* @size the number of random digits to get
*
* @return the number of successfully generated random digits
*/
MPALIB_EXPORT int mpa_get_random_digits(mpanum dest, mpa_usize_t size);
/*
* From mpa_montgomery.c
*/
@@ -79,3 +79,18 @@ void mpa_get_random(mpanum dest, mpanum limit)
}
}
}
int mpa_get_random_digits(mpanum dest, mpa_usize_t size)
{
mpa_wipe(dest);
if (size > __mpanum_alloced(dest))
return 0;
dest->size = size;
if (get_rng_array(&dest->d, WORDS_TO_BYTES(__mpanum_size(dest))))
return 0;
return __mpanum_size(dest);
}

0 comments on commit 13c9b83

Please sign in to comment.