diff options
| author | Niels Möller <nisse@lysator.liu.se> | 2018-11-28 22:01:29 +0100 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2018-11-28 22:01:29 +0100 |
| commit | 3170f3b4a14494bbc375a1567fa316a84beaa6f0 (patch) | |
| tree | a74478d0f30fcf4fc5a569222be75125c1dde5d2 | |
| parent | 128832dcb623fed9b13561e7b88a20c36ddea25f (diff) | |
| download | nettle-3170f3b4a14494bbc375a1567fa316a84beaa6f0.tar.gz | |
Rewrite pkcs1_decrypt as a wrapper around _pkcs1_sec_decrypt_variable.
* testsuite/rsa-encrypt-test.c (test_main): Fix allocation of
decrypted storage. Update test of rsa_decrypt, to allow clobbering
of all of the passed in message area.
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | pkcs1-decrypt.c | 41 | ||||
| -rw-r--r-- | testsuite/rsa-encrypt-test.c | 10 |
3 files changed, 17 insertions, 42 deletions
@@ -1,5 +1,13 @@ 2018-11-28 Niels Möller <nisse@lysator.liu.se> + * testsuite/rsa-encrypt-test.c (test_main): Fix allocation of + decrypted storage. Update test of rsa_decrypt, to allow clobbering + of all of the passed in message area. + + * pkcs1-decrypt.c (pkcs1_decrypt): Rewrite as a wrapper around + _pkcs1_sec_decrypt_variable. Improves side-channel silence of the + only caller, rsa_decrypt. + * Makefile.in (DISTFILES): Add rsa-internal.h, needed for make dist. Patch from Simo Sorce. diff --git a/pkcs1-decrypt.c b/pkcs1-decrypt.c index 7acd2d57..1a02c706 100644 --- a/pkcs1-decrypt.c +++ b/pkcs1-decrypt.c @@ -41,6 +41,7 @@ #include "bignum.h" #include "gmp-glue.h" +#include "rsa-internal.h" int pkcs1_decrypt (size_t key_size, @@ -48,49 +49,13 @@ pkcs1_decrypt (size_t key_size, size_t *length, uint8_t *message) { TMP_GMP_DECL(em, uint8_t); - uint8_t *terminator; - size_t padding; - size_t message_length; int ret; TMP_GMP_ALLOC(em, key_size); nettle_mpz_get_str_256(key_size, em, m); - /* Check format */ - if (em[0] || em[1] != 2) - { - ret = 0; - goto cleanup; - } - - terminator = memchr(em + 2, 0, key_size - 2); - - if (!terminator) - { - ret = 0; - goto cleanup; - } - - padding = terminator - (em + 2); - if (padding < 8) - { - ret = 0; - goto cleanup; - } - - message_length = key_size - 3 - padding; - - if (*length < message_length) - { - ret = 0; - goto cleanup; - } - - memcpy(message, terminator + 1, message_length); - *length = message_length; - - ret = 1; -cleanup: + ret = _pkcs1_sec_decrypt_variable (length, message, key_size, em); + TMP_GMP_FREE(em); return ret; } diff --git a/testsuite/rsa-encrypt-test.c b/testsuite/rsa-encrypt-test.c index a7397b54..87525f78 100644 --- a/testsuite/rsa-encrypt-test.c +++ b/testsuite/rsa-encrypt-test.c @@ -30,6 +30,8 @@ test_main(void) if (verbose) fprintf(stderr, "msg: `%s', length = %d\n", msg, (int) msg_length); + + ASSERT(msg_length <= key.size); ASSERT(rsa_encrypt(&pub, &lfib, (nettle_random_func *) knuth_lfib_random, @@ -42,7 +44,7 @@ test_main(void) mpz_out_str(stderr, 10, gibberish); } - decrypted = xalloc(msg_length + 1); + decrypted = xalloc(key.size + 1); knuth_lfib_random (&lfib, msg_length + 1, decrypted); after = decrypted[msg_length]; @@ -56,14 +58,14 @@ test_main(void) ASSERT(MEMEQ(msg_length, msg, decrypted)); ASSERT(decrypted[msg_length] == after); - knuth_lfib_random (&lfib, msg_length + 1, decrypted); - after = decrypted[msg_length]; + knuth_lfib_random (&lfib, key.size + 1, decrypted); + after = decrypted[key.size]; decrypted_length = key.size; ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish)); ASSERT(decrypted_length == msg_length); ASSERT(MEMEQ(msg_length, msg, decrypted)); - ASSERT(decrypted[msg_length] == after); + ASSERT(decrypted[key.size] == after); knuth_lfib_random (&lfib, msg_length + 1, decrypted); after = decrypted[msg_length]; |