Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport 2.7: Parse RSA parameters DP, DQ and QP from PKCS1 private keys #3017

Merged

Conversation

jack-fortanix
Copy link
Contributor

Otherwise these values are recomputed in mbedtls_rsa_deduce_crt, which
currently suffers from side channel issues in the computation of QP
(see https://eprint.iacr.org/2020/055). By loading the pre-computed
values not only is the side channel avoided, but runtime overhead of
loading RSA keys is reduced.

Discussion in ARMmbed/mbed-crypto#347

Backport of ARMmbed/mbed-crypto#352

Otherwise these values are recomputed in mbedtls_rsa_deduce_crt, which
currently suffers from side channel issues in the computation of QP
(see https://eprint.iacr.org/2020/055). By loading the pre-computed
values not only is the side channel avoided, but runtime overhead of
loading RSA keys is reduced.

Discussion in ARMmbed/mbed-crypto#347

Backport of ARMmbed/mbed-crypto#352
Copy link
Contributor

@yanesca yanesca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a faithful backport of the original.

Could you please add an entry for this change in the security section of the ChangeLog, mentioning that it was reported and fixed by yourself?

@gilles-peskine-arm gilles-peskine-arm changed the title Parse RSA parameters DP, DQ and QP from PKCS1 private keys [2.7 backport] Backport 2.7: Parse RSA parameters DP, DQ and QP from PKCS1 private keys Jan 30, 2020
@gilles-peskine-arm gilles-peskine-arm added CLA valid component-crypto Crypto primitives and low-level interfaces needs-work labels Jan 31, 2020
@gilles-peskine-arm gilles-peskine-arm added needs-review Every commit must be reviewed by at least two team members, and removed needs-work labels Jan 31, 2020
@gilles-peskine-arm gilles-peskine-arm added approved Design and code approved - may be waiting for CI or backports and removed needs-review Every commit must be reviewed by at least two team members, labels Jan 31, 2020
@gilles-peskine-arm gilles-peskine-arm merged commit 419f915 into Mbed-TLS:mbedtls-2.7 Jan 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Design and code approved - may be waiting for CI or backports component-crypto Crypto primitives and low-level interfaces
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants