crypto/rsa: port PrivateKey.Validate to bigmod, add validations #70236
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch ports the implementation of PrivateKey.Validate to use the
bigmod math library, ensuring that the arithmetic operations happen in
constant time. A few new APIs have been added to bigmod to add
operations which don't explicitly require modulus arithmetic, but do
take the modulus size into account to ensure we don't leak any
non-public information.
In addition to porting this routine to use bigmod this patch also adds a
few more steps to the validation as defined by NIST SP 800-56B REV. 2
Section 6.4.1.4.3.
There is a significant performance hit in validation, mostly due to the
pairwise consistency test
m=(m^e)^d mod n
, however not muchtime has been spent on optimization and this may be able to be
improved.
For #69536