Use side-channel secured mpz_powm_sec of libgmp 5, if available

2010-02-18 17:38:59 +01:00 · 2010-02-18 17:38:59 +01:00 · 3e35a6e7a1
parent 7d3a830a71
commit 3e35a6e7a1
4 changed files with 30 additions and 1 deletions
--- a/configure.in
+++ b/configure.in
@ -41,6 +41,7 @@ ARG_WITH_SUBST([routing-table],      [220], [set routing table to use for IPsec
 ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table])

 ARG_WITH_SET([capabilities],         [no], [set capability dropping library. Currently only the value "libcap" is supported])
+ARG_WITH_SET([mpz_powm_sec],         [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])

 AC_ARG_WITH(
 	[xauth-module],
@ -432,7 +433,21 @@ if test x$vstr = xtrue; then
 fi

 if test x$gmp = xtrue; then
-	AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])
+	saved_LIBS=$LIBS
+	AC_HAVE_LIBRARY([gmp],,[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])
+	AC_MSG_CHECKING([mpz_powm_sec])
+	if test x$mpz_powm_sec = xyes; then
+		AC_TRY_COMPILE(
+			[#include "gmp.h"],
+			[
+				void *x = mpz_powm_sec;
+			],
+			[AC_MSG_RESULT([yes]); AC_DEFINE(HAVE_MPZ_POWM_SEC)], [AC_MSG_RESULT([no])]
+		)
+	else
+		AC_MSG_RESULT([disabled])
+	fi
+	LIBS=$saved_LIBS
 	AC_MSG_CHECKING([gmp.h version >= 4.1.4])
 	AC_TRY_COMPILE(
 		[#include "gmp.h"],
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
@ -22,6 +22,10 @@

 #include <debug.h>

+#ifdef HAVE_MPZ_POWM_SEC
+# undef mpz_powm
+# define mpz_powm mpz_powm_sec
+#endif

 /**
 * Modulus of Group 1 (MODP_768_BIT).
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@ -27,6 +27,11 @@
 #include <asn1/asn1.h>
 #include <asn1/asn1_parser.h>

+#ifdef HAVE_MPZ_POWM_SEC
+# undef mpz_powm
+# define mpz_powm mpz_powm_sec
+#endif
+
 /**
 *  Public exponent to use for key generation.
 */
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@ -28,6 +28,11 @@
 #include <asn1/asn1_parser.h>
 #include <crypto/hashers/hasher.h>

+#ifdef HAVE_MPZ_POWM_SEC
+# undef mpz_powm
+# define mpz_powm mpz_powm_sec
+#endif
+
 typedef struct private_gmp_rsa_public_key_t private_gmp_rsa_public_key_t;

 /**