diff options
| author | Bodo Möller <bodo@openssl.org> | 2005-05-16 03:43:31 +0200 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2005-05-16 03:43:31 +0200 |
| commit | 46a643763de6d8e39ecf6f76fa79b4d04885aa59 (patch) | |
| tree | e1f3cfc98bddba797b5300977dbf3223f008fc4a /crypto/bn/bntest.c | |
| parent | rebuild to synchronize with additions to 0.9.7 branch (diff) | |
| download | openssl-46a643763de6d8e39ecf6f76fa79b4d04885aa59.tar.xz openssl-46a643763de6d8e39ecf6f76fa79b4d04885aa59.zip | |
Implement fixed-window exponentiation to mitigate hyper-threading
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
Diffstat (limited to 'crypto/bn/bntest.c')
| -rw-r--r-- | crypto/bn/bntest.c | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index 9169cc8813..c885300a66 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -106,6 +106,7 @@ int test_mont(BIO *bp,BN_CTX *ctx); int test_mod(BIO *bp,BN_CTX *ctx); int test_mod_mul(BIO *bp,BN_CTX *ctx); int test_mod_exp(BIO *bp,BN_CTX *ctx); +int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx); int test_exp(BIO *bp,BN_CTX *ctx); int test_gf2m_add(BIO *bp); int test_gf2m_mod(BIO *bp); @@ -246,6 +247,10 @@ int main(int argc, char *argv[]) if (!test_mod_exp(out,ctx)) goto err; BIO_flush(out); + message(out,"BN_mod_exp_mont_consttime"); + if (!test_mod_exp_mont_consttime(out,ctx)) goto err; + BIO_flush(out); + message(out,"BN_exp"); if (!test_exp(out,ctx)) goto err; BIO_flush(out); @@ -954,6 +959,57 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx) return(1); } +int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx) + { + BIGNUM *a,*b,*c,*d,*e; + int i; + + a=BN_new(); + b=BN_new(); + c=BN_new(); + d=BN_new(); + e=BN_new(); + + BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */ + for (i=0; i<num2; i++) + { + BN_bntest_rand(a,20+i*5,0,0); /**/ + BN_bntest_rand(b,2+i,0,0); /**/ + + if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL)) + return(00); + + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," ^ "); + BN_print(bp,b); + BIO_puts(bp," % "); + BN_print(bp,c); + BIO_puts(bp," - "); + } + BN_print(bp,d); + BIO_puts(bp,"\n"); + } + BN_exp(e,a,b,ctx); + BN_sub(e,e,d); + BN_div(a,b,e,c,ctx); + if(!BN_is_zero(b)) + { + fprintf(stderr,"Modulo exponentiation test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return(1); + } + int test_exp(BIO *bp, BN_CTX *ctx) { BIGNUM *a,*b,*d,*e,*one; |