/src/botan/build/include/internal/botan/internal/blinding.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Blinding for public key operations |
3 | | * (C) 1999-2010,2015 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_BLINDER_H_ |
9 | | #define BOTAN_BLINDER_H_ |
10 | | |
11 | | #include <botan/bigint.h> |
12 | | #include <botan/reducer.h> |
13 | | #include <functional> |
14 | | |
15 | | namespace Botan { |
16 | | |
17 | | class RandomNumberGenerator; |
18 | | |
19 | | /** |
20 | | * Blinding Function Object. |
21 | | */ |
22 | | class Blinder final { |
23 | | public: |
24 | | /** |
25 | | * Normally blinding is performed by choosing a random starting point (plus |
26 | | * its inverse, of a form appropriate to the algorithm being blinded), and |
27 | | * then choosing new blinding operands by successive squaring of both |
28 | | * values. This is much faster than computing a new starting point but |
29 | | * introduces some possible corelation |
30 | | * |
31 | | * To avoid possible leakage problems in long-running processes, the blinder |
32 | | * periodically reinitializes the sequence. This value specifies how often |
33 | | * a new sequence should be started. |
34 | | * |
35 | | * If set to zero, reinitialization is disabled |
36 | | */ |
37 | | static constexpr size_t ReinitInterval = 64; |
38 | | |
39 | | /** |
40 | | * Blind a value. |
41 | | * |
42 | | * The blinding nonce k is freshly generated after ReinitInterval |
43 | | * calls to blind(). |
44 | | * |
45 | | * ReinitInterval = 0 means a fresh nonce is only generated once. |
46 | | * On every other call, the next nonce is derived via modular squaring. |
47 | | * |
48 | | * @param x value to blind |
49 | | * @return blinded value |
50 | | */ |
51 | | BigInt blind(const BigInt& x) const; |
52 | | |
53 | | /** |
54 | | * Unblind a value. |
55 | | * @param x value to unblind |
56 | | * @return unblinded value |
57 | | */ |
58 | | BigInt unblind(const BigInt& x) const; |
59 | | |
60 | | /** |
61 | | * @param reducer precomputed Barrett reduction for the modulus |
62 | | * @param rng the RNG to use for generating the nonce |
63 | | * @param fwd_func a function that calculates the modular |
64 | | * exponentiation of the public exponent and the given value (the nonce) |
65 | | * @param inv_func a function that calculates the modular inverse |
66 | | * of the given value (the nonce) |
67 | | * |
68 | | * @note Lifetime: The rng and reducer arguments are captured by |
69 | | * reference and must live as long as the Blinder does |
70 | | */ |
71 | | Blinder(const Modular_Reducer& reducer, |
72 | | RandomNumberGenerator& rng, |
73 | | std::function<BigInt(const BigInt&)> fwd_func, |
74 | | std::function<BigInt(const BigInt&)> inv_func); |
75 | | |
76 | | Blinder(const Blinder&) = delete; |
77 | | |
78 | | Blinder& operator=(const Blinder&) = delete; |
79 | | |
80 | 0 | RandomNumberGenerator& rng() const { return m_rng; } |
81 | | |
82 | | private: |
83 | | BigInt blinding_nonce() const; |
84 | | |
85 | | const Modular_Reducer& m_reducer; |
86 | | RandomNumberGenerator& m_rng; |
87 | | std::function<BigInt(const BigInt&)> m_fwd_fn; |
88 | | std::function<BigInt(const BigInt&)> m_inv_fn; |
89 | | size_t m_modulus_bits = 0; |
90 | | |
91 | | mutable BigInt m_e, m_d; |
92 | | mutable size_t m_counter = 0; |
93 | | }; |
94 | | |
95 | | } // namespace Botan |
96 | | |
97 | | #endif |