void-packages/srcpkgs/botan/patches/CVE-2018-12435_part1.patch
2018-10-03 19:07:50 -03:00

132 lines
5.3 KiB
Diff

From 2cfa191a940b7b884f24d23d94227ff382c672b4 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Tue, 17 Apr 2018 18:06:34 -0400
Subject: [PATCH] Add EC_Group::inverse_mod_order
Centralizing this logic allows curve specific implementations such
as using a precomputed ladder for exponentiating by p - 2
GH #1479
---
src/lib/pubkey/ec_group/ec_group.cpp | 10 ++++++++++
src/lib/pubkey/ec_group/ec_group.h | 5 +++++
src/lib/pubkey/ecdh/ecdh.cpp | 2 +-
src/lib/pubkey/ecdsa/ecdsa.cpp | 4 ++--
src/lib/pubkey/ecgdsa/ecgdsa.cpp | 2 +-
src/lib/pubkey/sm2/sm2.cpp | 4 ++--
6 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
index fc512b7332..ac23aa151e 100644
--- src/lib/pubkey/ec_group/ec_group.cpp
+++ src/lib/pubkey/ec_group/ec_group.cpp
@@ -87,6 +87,11 @@ class EC_Group_Data final
return m_mod_order.multiply(x, y);
}
+ BigInt inverse_mod_order(const BigInt& x) const
+ {
+ return inverse_mod(x, m_order);
+ }
+
PointGFp blinded_base_point_multiply(const BigInt& k,
RandomNumberGenerator& rng,
std::vector<BigInt>& ws) const
@@ -469,6 +476,11 @@ BigInt EC_Group::multiply_mod_order(const BigInt& x, const BigInt& y) const
return data().multiply_mod_order(x, y);
}
+BigInt EC_Group::inverse_mod_order(const BigInt& x) const
+ {
+ return data().inverse_mod_order(x);
+ }
+
const OID& EC_Group::get_curve_oid() const
{
return data().oid();
diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h
index 8bb1a30448..f273108d2b 100644
--- src/lib/pubkey/ec_group/ec_group.h
+++ src/lib/pubkey/ec_group/ec_group.h
@@ -193,6 +193,11 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final
*/
BigInt mod_order(const BigInt& x) const;
+ /*
+ * Return inverse of x modulo the order
+ */
+ BigInt inverse_mod_order(const BigInt& x) const;
+
/*
* Reduce (x*y) modulo the order
*/
diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp
index adadb27036..59f245a00c 100644
--- src/lib/pubkey/ecdh/ecdh.cpp
+++ src/lib/pubkey/ecdh/ecdh.cpp
@@ -31,7 +31,7 @@ class ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF
m_group(key.domain()),
m_rng(rng)
{
- m_l_times_priv = inverse_mod(m_group.get_cofactor(), m_group.get_order()) * key.private_value();
+ m_l_times_priv = m_group.inverse_mod_order(m_group.get_cofactor()) * key.private_value();
}
secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) override
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp
index 03f5e57ab6..6e104f1641 100644
--- src/lib/pubkey/ecdsa/ecdsa.cpp
+++ src/lib/pubkey/ecdsa/ecdsa.cpp
@@ -89,7 +89,7 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len,
const BigInt k = m_group.random_scalar(rng);
#endif
- const BigInt k_inv = inverse_mod(k, m_group.get_order());
+ const BigInt k_inv = m_group.inverse_mod_order(k);
const BigInt r = m_group.mod_order(
m_group.blinded_base_point_multiply_x(k, rng, m_ws));
@@ -142,7 +142,7 @@ bool ECDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len,
if(r <= 0 || r >= m_group.get_order() || s <= 0 || s >= m_group.get_order())
return false;
- const BigInt w = inverse_mod(s, m_group.get_order());
+ const BigInt w = m_group.inverse_mod_order(s);
const BigInt u1 = m_group.multiply_mod_order(e, w);
const BigInt u2 = m_group.multiply_mod_order(r, w);
diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp
index 192d999a8e..61b7ae0558 100644
--- src/lib/pubkey/ecgdsa/ecgdsa.cpp
+++ src/lib/pubkey/ecgdsa/ecgdsa.cpp
@@ -115,7 +115,7 @@ bool ECGDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len,
if(r <= 0 || r >= m_group.get_order() || s <= 0 || s >= m_group.get_order())
return false;
- const BigInt w = inverse_mod(r, m_group.get_order());
+ const BigInt w = m_group.inverse_mod_order(r);
const BigInt u1 = m_group.multiply_mod_order(e, w);
const BigInt u2 = m_group.multiply_mod_order(s, w);
diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp
index 95fe28f147..1096ea99f5 100644
--- src/lib/pubkey/sm2/sm2.cpp
+++ src/lib/pubkey/sm2/sm2.cpp
@@ -30,7 +30,7 @@ SM2_Signature_PrivateKey::SM2_Signature_PrivateKey(const AlgorithmIdentifier& al
const secure_vector<uint8_t>& key_bits) :
EC_PrivateKey(alg_id, key_bits)
{
- m_da_inv = inverse_mod(m_private_key + 1, domain().get_order());
+ m_da_inv = domain().inverse_mod_order(m_private_key + 1);
}
SM2_Signature_PrivateKey::SM2_Signature_PrivateKey(RandomNumberGenerator& rng,
@@ -38,7 +38,7 @@ SM2_Signature_PrivateKey::SM2_Signature_PrivateKey(RandomNumberGenerator& rng,
const BigInt& x) :
EC_PrivateKey(rng, domain, x)
{
- m_da_inv = inverse_mod(m_private_key + 1, domain.get_order());
+ m_da_inv = domain.inverse_mod_order(m_private_key + 1);
}
std::vector<uint8_t> sm2_compute_za(HashFunction& hash,