Commit 44dfebd3 authored by Niels Möller's avatar Niels Möller
Browse files

Use rsa_compute_root_tr also in rsa_decrypt_tr.

parent e0935a04
2015-09-14 Niels Möller <> 2015-09-14 Niels Möller <>
* rsa-decrypt-tr.c (rsa_decrypt_tr): Use rsa_compute_root_tr.
Mainly for simplicity and consistency, I'm not aware of any CRT
fault attacks on RSA decryption.
* testsuite/rsa-encrypt-test.c (test_main): Added test with
invalid private key.
* rsa-sign-tr.c (rsa_compute_root_tr): New file and function. * rsa-sign-tr.c (rsa_compute_root_tr): New file and function.
* rsa.h: Declare it. * rsa.h: Declare it.
* rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Use rsa_compute_root_tr. * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Use rsa_compute_root_tr.
...@@ -48,18 +48,14 @@ rsa_decrypt_tr(const struct rsa_public_key *pub, ...@@ -48,18 +48,14 @@ rsa_decrypt_tr(const struct rsa_public_key *pub,
size_t *length, uint8_t *message, size_t *length, uint8_t *message,
const mpz_t gibberish) const mpz_t gibberish)
{ {
mpz_t m, ri; mpz_t m;
int res; int res;
mpz_init_set(m, gibberish); mpz_init_set(m, gibberish);
mpz_init (ri);
_rsa_blind (pub, random_ctx, random, m, ri); res = (rsa_compute_root_tr (pub, key, random_ctx, random, m, gibberish)
rsa_compute_root(key, m, m); && pkcs1_decrypt (key->size, m, length, message));
_rsa_unblind (pub, m, ri);
mpz_clear (ri);
res = pkcs1_decrypt (key->size, m, length, message);
mpz_clear(m); mpz_clear(m);
return res; return res;
} }
...@@ -78,6 +78,13 @@ test_main(void) ...@@ -78,6 +78,13 @@ test_main(void)
ASSERT(MEMEQ(msg_length, msg, decrypted)); ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after); ASSERT(decrypted[msg_length] == after);
/* Test invalid key. */
mpz_add_ui (key.q, key.q, 2);
decrypted_length = key.size;
ASSERT(!rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
rsa_private_key_clear(&key); rsa_private_key_clear(&key);
rsa_public_key_clear(&pub); rsa_public_key_clear(&pub);
mpz_clear(gibberish); mpz_clear(gibberish);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment