From 7c42a01b78da4b38d8c69daee34b0700265423fb Mon Sep 17 00:00:00 2001 From: Daniel DE ALMEIDA BRAGA Date: Wed, 27 Jan 2021 11:01:04 +0100 Subject: [PATCH 1/2] Makes modular exponentiation constant time by default. --- bignum.cc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bignum.cc b/bignum.cc index d057baf..7fa655f 100644 --- a/bignum.cc +++ b/bignum.cc @@ -682,6 +682,8 @@ NAN_METHOD(BigNum::Bpowm) BigNum *bn1 = Nan::ObjectWrap::Unwrap(info[0]->ToObject(info.GetIsolate()->GetCurrentContext()).ToLocalChecked()); BigNum *bn2 = Nan::ObjectWrap::Unwrap(info[1]->ToObject(info.GetIsolate()->GetCurrentContext()).ToLocalChecked()); BigNum *res = new BigNum(); + + BN_set_flags(bn1->bignum_, BN_FLG_CONSTTIME); BN_mod_exp(res->bignum_, bignum->bignum_, bn1->bignum_, bn2->bignum_, ctx); WRAP_RESULT(res, result); @@ -699,6 +701,8 @@ NAN_METHOD(BigNum::Upowm) BigNum *exp = new BigNum(x); BigNum *res = new BigNum(); + + BN_set_flags(exp->bignum_, BN_FLG_CONSTTIME); BN_mod_exp(res->bignum_, bignum->bignum_, exp->bignum_, bn->bignum_, ctx); WRAP_RESULT(res, result); From d434bf6f2c31395d41d8ab891c5d61e8c118ce79 Mon Sep 17 00:00:00 2001 From: Daniel DE ALMEIDA BRAGA Date: Wed, 27 Jan 2021 14:07:06 +0100 Subject: [PATCH 2/2] Fix issue with even modulus (constant time is only supproted for odd modulus) --- bignum.cc | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/bignum.cc b/bignum.cc index 7fa655f..e4ed325 100644 --- a/bignum.cc +++ b/bignum.cc @@ -682,8 +682,9 @@ NAN_METHOD(BigNum::Bpowm) BigNum *bn1 = Nan::ObjectWrap::Unwrap(info[0]->ToObject(info.GetIsolate()->GetCurrentContext()).ToLocalChecked()); BigNum *bn2 = Nan::ObjectWrap::Unwrap(info[1]->ToObject(info.GetIsolate()->GetCurrentContext()).ToLocalChecked()); BigNum *res = new BigNum(); - - BN_set_flags(bn1->bignum_, BN_FLG_CONSTTIME); + // Constant-time flag only supported for odd modulus + if (BN_is_odd(bn2->bignum_)) + BN_set_flags(bn1->bignum_, BN_FLG_CONSTTIME); BN_mod_exp(res->bignum_, bignum->bignum_, bn1->bignum_, bn2->bignum_, ctx); WRAP_RESULT(res, result); @@ -701,8 +702,9 @@ NAN_METHOD(BigNum::Upowm) BigNum *exp = new BigNum(x); BigNum *res = new BigNum(); - - BN_set_flags(exp->bignum_, BN_FLG_CONSTTIME); + // Constant-time flag only supported for odd modulus + if (BN_is_odd(bn->bignum_)) + BN_set_flags(exp->bignum_, BN_FLG_CONSTTIME); BN_mod_exp(res->bignum_, bignum->bignum_, exp->bignum_, bn->bignum_, ctx); WRAP_RESULT(res, result);