Commit 44dfebd3 authored by Niels Möller's avatar Niels Möller
Browse files

Use rsa_compute_root_tr also in rsa_decrypt_tr.

parent e0935a04
2015-09-14 Niels Möller <>
* rsa-decrypt-tr.c (rsa_decrypt_tr): Use rsa_compute_root_tr.
Mainly for simplicity and consistency, I'm not aware of any CRT
fault attacks on RSA decryption.
* testsuite/rsa-encrypt-test.c (test_main): Added test with
invalid private key.
* rsa-sign-tr.c (rsa_compute_root_tr): New file and function.
* rsa.h: Declare it.
* rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Use rsa_compute_root_tr.
......@@ -48,18 +48,14 @@ rsa_decrypt_tr(const struct rsa_public_key *pub,
size_t *length, uint8_t *message,
const mpz_t gibberish)
mpz_t m, ri;
mpz_t m;
int res;
mpz_init_set(m, gibberish);
mpz_init (ri);
_rsa_blind (pub, random_ctx, random, m, ri);
rsa_compute_root(key, m, m);
_rsa_unblind (pub, m, ri);
mpz_clear (ri);
res = (rsa_compute_root_tr (pub, key, random_ctx, random, m, gibberish)
&& pkcs1_decrypt (key->size, m, length, message));
res = pkcs1_decrypt (key->size, m, length, message);
return res;
......@@ -78,6 +78,13 @@ test_main(void)
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
/* Test invalid key. */
mpz_add_ui (key.q, key.q, 2);
decrypted_length = key.size;
ASSERT(!rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment