author | Rich Burridge <rich.burridge@oracle.com> |
Thu, 08 Sep 2016 09:15:40 -0700 | |
changeset 6861 | 6110892450ff |
parent 5781 | ecbdf40c0a37 |
permissions | -rw-r--r-- |
5781
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
1 |
From 5b874ee8b72a0c76c990041d2ed8b53a38e2dfde Mon Sep 17 00:00:00 2001 |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
2 |
From: Brad Fitzpatrick <[email protected]> |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
3 |
Date: Tue, 5 Apr 2016 20:40:40 +0000 |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
4 |
Subject: [PATCH 75/79] crypto/rsa, crypto/ecdsa: fail earlier on zero |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
5 |
parameters |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
6 |
|
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
7 |
Change-Id: Ia6ed49d5ef3a256a55e6d4eaa1b4d9f0fc447013 |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
8 |
Reviewed-on: https://go-review.googlesource.com/21560 |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
9 |
Reviewed-by: Robert Griesemer <[email protected]> |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
10 |
Reviewed-on: https://go-review.googlesource.com/21638 |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
11 |
Reviewed-by: Brad Fitzpatrick <[email protected]> |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
12 |
Run-TryBot: Andrew Gerrand <[email protected]> |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
13 |
--- |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
14 |
src/crypto/ecdsa/ecdsa.go | 11 ++++++++--- |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
15 |
src/crypto/rsa/rsa.go | 5 ++++- |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
16 |
2 files changed, 12 insertions(+), 4 deletions(-) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
17 |
|
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
18 |
diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
19 |
index 8d66477..a01e18c 100644 |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
20 |
--- a/src/crypto/ecdsa/ecdsa.go |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
21 |
+++ b/src/crypto/ecdsa/ecdsa.go |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
22 |
@@ -23,6 +23,7 @@ import ( |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
23 |
"crypto/elliptic" |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
24 |
"crypto/sha512" |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
25 |
"encoding/asn1" |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
26 |
+ "errors" |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
27 |
"io" |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
28 |
"math/big" |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
29 |
) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
30 |
@@ -129,6 +130,8 @@ func fermatInverse(k, N *big.Int) *big.Int { |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
31 |
return new(big.Int).Exp(k, nMinus2, N) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
32 |
} |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
33 |
|
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
34 |
+var errZeroParam = errors.New("zero parameter") |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
35 |
+ |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
36 |
// Sign signs an arbitrary length hash (which should be the result of hashing a |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
37 |
// larger message) using the private key, priv. It returns the signature as a |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
38 |
// pair of integers. The security of the private key depends on the entropy of |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
39 |
@@ -169,7 +172,9 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
40 |
// See [NSA] 3.4.1 |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
41 |
c := priv.PublicKey.Curve |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
42 |
N := c.Params().N |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
43 |
- |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
44 |
+ if N.Sign() == 0 { |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
45 |
+ return nil, nil, errZeroParam |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
46 |
+ } |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
47 |
var k, kInv *big.Int |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
48 |
for { |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
49 |
for { |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
50 |
@@ -179,7 +184,7 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
51 |
return |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
52 |
} |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
53 |
|
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
54 |
- kInv = fermatInverse(k, N) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
55 |
+ kInv = fermatInverse(k, N) // N != 0 |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
56 |
r, _ = priv.Curve.ScalarBaseMult(k.Bytes()) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
57 |
r.Mod(r, N) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
58 |
if r.Sign() != 0 { |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
59 |
@@ -191,7 +196,7 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
60 |
s = new(big.Int).Mul(priv.D, r) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
61 |
s.Add(s, e) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
62 |
s.Mul(s, kInv) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
63 |
- s.Mod(s, N) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
64 |
+ s.Mod(s, N) // N != 0 |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
65 |
if s.Sign() != 0 { |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
66 |
break |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
67 |
} |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
68 |
diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
69 |
index 1293b78..031de0e 100644 |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
70 |
--- a/src/crypto/rsa/rsa.go |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
71 |
+++ b/src/crypto/rsa/rsa.go |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
72 |
@@ -436,6 +436,9 @@ func decrypt(random io.Reader, priv *PrivateKey, c *big.Int) (m *big.Int, err er |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
73 |
err = ErrDecryption |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
74 |
return |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
75 |
} |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
76 |
+ if priv.N.Sign() == 0 { |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
77 |
+ return nil, ErrDecryption |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
78 |
+ } |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
79 |
|
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
80 |
var ir *big.Int |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
81 |
if random != nil { |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
82 |
@@ -461,7 +464,7 @@ func decrypt(random io.Reader, priv *PrivateKey, c *big.Int) (m *big.Int, err er |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
83 |
} |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
84 |
} |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
85 |
bigE := big.NewInt(int64(priv.E)) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
86 |
- rpowe := new(big.Int).Exp(r, bigE, priv.N) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
87 |
+ rpowe := new(big.Int).Exp(r, bigE, priv.N) // N != 0 |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
88 |
cCopy := new(big.Int).Set(c) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
89 |
cCopy.Mul(cCopy, rpowe) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
90 |
cCopy.Mod(cCopy, priv.N) |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
91 |
-- |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
92 |
2.7.4 |
ecbdf40c0a37
23108116 problem in UTILITY/GOLANG
Shawn Walker-Salas <shawn.walker@oracle.com>
parents:
diff
changeset
|
93 |