Commit 3170f3b4 authored by Niels Möller's avatar Niels Möller

Rewrite pkcs1_decrypt as a wrapper around _pkcs1_sec_decrypt_variable.

* testsuite/rsa-encrypt-test.c (test_main): Fix allocation of
decrypted storage. Update test of rsa_decrypt, to allow clobbering
of all of the passed in message area.
parent 128832dc
2018-11-28 Niels Möller <nisse@lysator.liu.se>
* testsuite/rsa-encrypt-test.c (test_main): Fix allocation of
decrypted storage. Update test of rsa_decrypt, to allow clobbering
of all of the passed in message area.
* pkcs1-decrypt.c (pkcs1_decrypt): Rewrite as a wrapper around
_pkcs1_sec_decrypt_variable. Improves side-channel silence of the
only caller, rsa_decrypt.
* Makefile.in (DISTFILES): Add rsa-internal.h, needed for make
dist. Patch from Simo Sorce.
......
......@@ -41,6 +41,7 @@
#include "bignum.h"
#include "gmp-glue.h"
#include "rsa-internal.h"
int
pkcs1_decrypt (size_t key_size,
......@@ -48,49 +49,13 @@ pkcs1_decrypt (size_t key_size,
size_t *length, uint8_t *message)
{
TMP_GMP_DECL(em, uint8_t);
uint8_t *terminator;
size_t padding;
size_t message_length;
int ret;
TMP_GMP_ALLOC(em, key_size);
nettle_mpz_get_str_256(key_size, em, m);
/* Check format */
if (em[0] || em[1] != 2)
{
ret = 0;
goto cleanup;
}
terminator = memchr(em + 2, 0, key_size - 2);
if (!terminator)
{
ret = 0;
goto cleanup;
}
padding = terminator - (em + 2);
if (padding < 8)
{
ret = 0;
goto cleanup;
}
message_length = key_size - 3 - padding;
if (*length < message_length)
{
ret = 0;
goto cleanup;
}
memcpy(message, terminator + 1, message_length);
*length = message_length;
ret = 1;
cleanup:
ret = _pkcs1_sec_decrypt_variable (length, message, key_size, em);
TMP_GMP_FREE(em);
return ret;
}
......
......@@ -30,6 +30,8 @@ test_main(void)
if (verbose)
fprintf(stderr, "msg: `%s', length = %d\n", msg, (int) msg_length);
ASSERT(msg_length <= key.size);
ASSERT(rsa_encrypt(&pub,
&lfib, (nettle_random_func *) knuth_lfib_random,
......@@ -42,7 +44,7 @@ test_main(void)
mpz_out_str(stderr, 10, gibberish);
}
decrypted = xalloc(msg_length + 1);
decrypted = xalloc(key.size + 1);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
......@@ -56,14 +58,14 @@ test_main(void)
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
knuth_lfib_random (&lfib, key.size + 1, decrypted);
after = decrypted[key.size];
decrypted_length = key.size;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
ASSERT(decrypted[key.size] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment