mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2026-01-02 21:25:03 +00:00
bdd39d51a3
Split bn_modexp() into three variants: bn_modexp() for large exponents (as before) bn_modexp_word() for single word public exponents bn_modexp_blinded() for large exponents w/ randomization We randomize bn_modexp_blinded() with: 1) pick 64 bit random R1 and compute R1 ** -1 and R1 ** pubexp, mod N. 2) multiply input by R1 ** pubexp 3) pick 64 bit random R2 and add (e*d*R2 - R2) to private exponent (i.e. a random multiple of phi(N)) 4) exponentiate 5) multiply output w/ R1 ** -1 to obtain expected result Since we enlarge the exponent, bn_modexp_blinded() is slower than bn_modexp(). We only use bn_modexp_blinded() when private exponents are in play and we have phi(N) available. Also refactored the combined p256 and rsa dcrypto binary blob into two parts. And added unique first word to each dcrypto blob to make code caching reliable. The TPM task stack maxes out at 8040/8192 in tcg_test due to increased stack usage of bn_modexp_blinded() but is still within safe bounds, with 88 byte redzone. BRANCH=cr50 BUG=b:35587382,b:35587381 TEST=buildall, tcg_test (200+) Change-Id: Ied1f908418f31f8025363179537aa4ebd2c80420 Reviewed-on: https://chromium-review.googlesource.com/540684 Reviewed-by: Marius Schilder <mschilder@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Marius Schilder <mschilder@chromium.org>