Use RSA key blinding to protect against timing attacks.
authorAndre Noll <maan@systemlinux.org>
Sat, 5 Sep 2009 11:16:53 +0000 (13:16 +0200)
committerAndre Noll <maan@systemlinux.org>
Sat, 5 Sep 2009 11:16:53 +0000 (13:16 +0200)
Not that it matters much, but it doesn't hurt either.

audiod.c
client.c
crypt.c
error.h

index 0479e1e..e0a455d 100644 (file)
--- a/audiod.c
+++ b/audiod.c
@@ -1203,6 +1203,7 @@ int main(int argc, char *argv[])
        drop_privileges_or_die(conf.user_arg, conf.group_arg);
        parse_config_or_die();
        init_colors_or_die();
+       init_random_seed_or_die();
        daemon_set_flag(DF_LOG_TIME);
        daemon_set_flag(DF_LOG_HOSTNAME);
        daemon_set_flag(DF_LOG_LL);
index b7c1644..ebe3389 100644 (file)
--- a/client.c
+++ b/client.c
@@ -82,6 +82,7 @@ int main(int argc, char *argv[])
        int ret;
        static struct sched s;
 
+       init_random_seed_or_die();
        s.default_timeout.tv_sec = 1;
        s.default_timeout.tv_usec = 0;
        ret = client_open(argc, argv, &ct, &client_loglevel);
diff --git a/crypt.c b/crypt.c
index 352c5b8..1172ddc 100644 (file)
--- a/crypt.c
+++ b/crypt.c
@@ -146,9 +146,20 @@ int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *in
        ret = get_rsa_key(key_file, &rsa, LOAD_PRIVATE_KEY);
        if (ret < 0)
                return ret;
+       /*
+        * RSA is vulnerable to timing attacks. Generate a random blinding
+        * factor to protect against this kind of attack.
+        */
+       ret = -E_BLINDING;
+       if (RSA_blinding_on(rsa, NULL) == 0)
+               goto out;
        ret = RSA_private_decrypt(inlen, inbuf, outbuf, rsa, RSA_PKCS1_OAEP_PADDING);
+       RSA_blinding_off(rsa);
+       if (ret <= 0)
+               ret = -E_DECRYPT;
+out:
        rsa_free(rsa);
-       return (ret > 0)? ret : -E_DECRYPT;
+       return ret;
 }
 
 /**
diff --git a/error.h b/error.h
index 7416be5..4639cf7 100644 (file)
--- a/error.h
+++ b/error.h
@@ -323,6 +323,7 @@ extern const char **para_errlist[];
        PARA_ERROR(ENCRYPT, "encrypt error"), \
        PARA_ERROR(DECRYPT, "decrypt error"), \
        PARA_ERROR(CHALLENGE, "failed to read challenge"), \
+       PARA_ERROR(BLINDING, "failed to activate key blinding"), \
 
 
 #define COMMAND_ERRORS \