diff options
author | Niels Möller <nisse@lysator.liu.se> | 2015-11-15 21:23:42 +0100 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2015-11-15 21:23:42 +0100 |
commit | 44dfebd37113657e0f7ee39eb6af6c418f63bebe (patch) | |
tree | a36fa812a4911df9d10573970fb9cb988de80eb0 | |
parent | e0935a046effb0a692bafdc8d5e18f5d80dd4a3d (diff) | |
download | nettle-44dfebd37113657e0f7ee39eb6af6c418f63bebe.tar.gz |
Use rsa_compute_root_tr also in rsa_decrypt_tr.
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | rsa-decrypt-tr.c | 10 | ||||
-rw-r--r-- | testsuite/rsa-encrypt-test.c | 7 |
3 files changed, 17 insertions, 7 deletions
@@ -1,5 +1,12 @@ 2015-09-14 Niels Möller <nisse@lysator.liu.se> + * rsa-decrypt-tr.c (rsa_decrypt_tr): Use rsa_compute_root_tr. + Mainly for simplicity and consistency, I'm not aware of any CRT + fault attacks on RSA decryption. + + * testsuite/rsa-encrypt-test.c (test_main): Added test with + invalid private key. + * rsa-sign-tr.c (rsa_compute_root_tr): New file and function. * rsa.h: Declare it. * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Use rsa_compute_root_tr. diff --git a/rsa-decrypt-tr.c b/rsa-decrypt-tr.c index e28bee79..e4fbc5fe 100644 --- a/rsa-decrypt-tr.c +++ b/rsa-decrypt-tr.c @@ -48,18 +48,14 @@ rsa_decrypt_tr(const struct rsa_public_key *pub, size_t *length, uint8_t *message, const mpz_t gibberish) { - mpz_t m, ri; + mpz_t m; int res; mpz_init_set(m, gibberish); - mpz_init (ri); - _rsa_blind (pub, random_ctx, random, m, ri); - rsa_compute_root(key, m, m); - _rsa_unblind (pub, m, ri); - mpz_clear (ri); + res = (rsa_compute_root_tr (pub, key, random_ctx, random, m, gibberish) + && pkcs1_decrypt (key->size, m, length, message)); - res = pkcs1_decrypt (key->size, m, length, message); mpz_clear(m); return res; } diff --git a/testsuite/rsa-encrypt-test.c b/testsuite/rsa-encrypt-test.c index 7104e24b..ecdbdb6b 100644 --- a/testsuite/rsa-encrypt-test.c +++ b/testsuite/rsa-encrypt-test.c @@ -78,6 +78,13 @@ test_main(void) ASSERT(MEMEQ(msg_length, msg, decrypted)); ASSERT(decrypted[msg_length] == after); + /* Test invalid key. */ + mpz_add_ui (key.q, key.q, 2); + decrypted_length = key.size; + ASSERT(!rsa_decrypt_tr(&pub, &key, + &lfib, (nettle_random_func *) knuth_lfib_random, + &decrypted_length, decrypted, gibberish)); + rsa_private_key_clear(&key); rsa_public_key_clear(&pub); mpz_clear(gibberish); |