mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
dec79cf152
Unlike the ones in mpint.c proper, these are not intended to respect the constant-time guarantees. They're going to be the kind of thing you use in key generation, which is too random to be constant-time in any case. I've arranged several precautions to try to make sure these functions don't accidentally get linked into the main SSH application, only into key generators: - declare them in a separate header with "unsafe" in the name - put "unsafe" in the name of every actual function - don't even link the mpunsafe.c translation unit into PuTTY proper - in fact, define global symbols of the same name in that file and the SSH client code, so that there will be a link failure if we ever try to do it by accident The initial contents of the new source file consist of the subroutine mp_mod_short() that previously lived in sshprime.c (and was not in mpint.c proper precisely because it was unsafe). While I'm here, I've turned it into mp_unsafe_mod_integer() and let it take a modulus of up to 32 bits instead of 16. Also added some obviously useful functions to shrink an mpint to the smallest physical size that can hold the contained number (rather like bn_restore_invariant in the old Bignum system), which I expect to be using shortly.
47 lines
1.7 KiB
C
47 lines
1.7 KiB
C
/*
|
|
* mpunsafe.h: functions that deal with mp_ints in ways that are *not*
|
|
* expected to be constant-time. Used during key generation, in which
|
|
* constant run time is a lost cause anyway.
|
|
*
|
|
* These functions are in a separate header, so that you can easily
|
|
* check that you're not calling them in the wrong context. They're
|
|
* also defined in a separate source file, which is only linked in to
|
|
* the key generation tools. Furthermore, that source file also
|
|
* defines a global symbol that intentionally conflicts with one
|
|
* defined in the SSH client code, so that any attempt to put these
|
|
* functions into the same binary as the live SSH client
|
|
* implementation will cause a link-time failure. They should only be
|
|
* linked into PuTTYgen and auxiliary test programs.
|
|
*
|
|
* Also, just in case those precautions aren't enough, all the unsafe
|
|
* functions have 'unsafe' in the name.
|
|
*/
|
|
|
|
#ifndef PUTTY_MPINT_UNSAFE_H
|
|
#define PUTTY_MPINT_UNSAFE_H
|
|
|
|
/*
|
|
* The most obvious unsafe thing you want to do with an mp_int is to
|
|
* get rid of leading zero words in its representation, so that its
|
|
* nominal size is as close as possible to its true size, and you
|
|
* don't waste any time processing it.
|
|
*
|
|
* mp_unsafe_shrink performs this operation in place, mutating the
|
|
* size field of the mp_int it's given. It returns the same pointer it
|
|
* was given.
|
|
*
|
|
* mp_unsafe_copy leaves the original mp_int alone and makes a new one
|
|
* with the minimal size.
|
|
*/
|
|
mp_int *mp_unsafe_shrink(mp_int *m);
|
|
mp_int *mp_unsafe_copy(mp_int *m);
|
|
|
|
/*
|
|
* Compute the residue of x mod m. This is implemented in the most
|
|
* obvious way using the C % operator, which won't be constant-time on
|
|
* many C implementations.
|
|
*/
|
|
uint32_t mp_unsafe_mod_integer(mp_int *x, uint32_t m);
|
|
|
|
#endif /* PUTTY_MPINT_UNSAFE_H */
|