Use rsa_compute_root_tr also in rsa_decrypt_tr.

44dfebd3 · Niels Möller · e0935a04 · 44dfebd3 · 44dfebd3 · 44dfebd3
Commit 44dfebd3 authored Nov 15, 2015 by Niels Möller
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 7 deletions

ChangeLog ChangeLog +7 -0

rsa-decrypt-tr.c rsa-decrypt-tr.c +3 -7

testsuite/rsa-encrypt-test.c testsuite/rsa-encrypt-test.c +7 -0

No files found.
--- a/ChangeLog
+++ b/ChangeLog
 2015-09-14  Niels Möller  <nisse@lysator.liu.se>

+	* rsa-decrypt-tr.c (rsa_decrypt_tr): Use rsa_compute_root_tr.
+	Mainly for simplicity and consistency, I'm not aware of any CRT
+	fault attacks on RSA decryption.
+
+	* testsuite/rsa-encrypt-test.c (test_main): Added test with
+	invalid private key.
+
 	* rsa-sign-tr.c (rsa_compute_root_tr): New file and function.
 	* rsa.h: Declare it.
 	* rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Use rsa_compute_root_tr.

--- a/rsa-decrypt-tr.c
+++ b/rsa-decrypt-tr.c
@@ -48,18 +48,14 @@ rsa_decrypt_tr(const struct rsa_public_key *pub,
 	       size_t *length, uint8_t *message,
 	       const mpz_t gibberish)
 {
-  mpz_t m, ri;
+  mpz_t m;
  int res;

  mpz_init_set(m, gibberish);
-  mpz_init (ri);

-  _rsa_blind (pub, random_ctx, random, m, ri);
-  rsa_compute_root(key, m, m);
-  _rsa_unblind (pub, m, ri);
-  mpz_clear (ri);
+  res = (rsa_compute_root_tr (pub, key, random_ctx, random, m, gibberish)
+	 && pkcs1_decrypt (key->size, m, length, message));

-  res = pkcs1_decrypt (key->size, m, length, message);
  mpz_clear(m);
  return res;
 }
--- a/testsuite/rsa-encrypt-test.c
+++ b/testsuite/rsa-encrypt-test.c
@@ -78,6 +78,13 @@ test_main(void)
  ASSERT(MEMEQ(msg_length, msg, decrypted));
  ASSERT(decrypted[msg_length] == after);

+  /* Test invalid key. */
+  mpz_add_ui (key.q, key.q, 2);
+  decrypted_length = key.size;
+  ASSERT(!rsa_decrypt_tr(&pub, &key,
+			 &lfib, (nettle_random_func *) knuth_lfib_random,
+			 &decrypted_length, decrypted, gibberish));
+
  rsa_private_key_clear(&key);
  rsa_public_key_clear(&pub);
  mpz_clear(gibberish);