diff options
author | Sybren A. Stüvel <sybren@stuvel.eu> | 2016-01-22 14:29:41 +0100 |
---|---|---|
committer | Sybren A. Stüvel <sybren@stuvel.eu> | 2016-01-22 14:29:41 +0100 |
commit | 10bf544b641bba6370b7c503e17ae2442958e53b (patch) | |
tree | b06566429e71150f60b110c41125fe088f2825a2 /rsa/pkcs1.py | |
parent | ca0e4e576450b91f50b2580dd8903071cad973be (diff) | |
download | rsa-git-10bf544b641bba6370b7c503e17ae2442958e53b.tar.gz |
Use random number when blinding, and also blind when verifying signatures.
Diffstat (limited to 'rsa/pkcs1.py')
-rw-r--r-- | rsa/pkcs1.py | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py index 0b7982c..0660a50 100644 --- a/rsa/pkcs1.py +++ b/rsa/pkcs1.py @@ -229,14 +229,8 @@ def decrypt(crypto, priv_key): blocksize = common.byte_size(priv_key.n) encrypted = transform.bytes2int(crypto) - - # Perform blinded decryption to prevent side-channel attacks. - # See https://en.wikipedia.org/wiki/Blinding_%28cryptography%29 - blinded = priv_key.blind(encrypted, 4134431) # blind before decrypting - decrypted = core.decrypt_int(blinded, priv_key.d, priv_key.n) - unblinded = priv_key.unblind(decrypted, 4134431) - - cleartext = transform.int2bytes(unblinded, blocksize) + decrypted = priv_key.blinded_decrypt(encrypted) + cleartext = transform.int2bytes(decrypted, blocksize) # If we can't find the cleartext marker, decryption failed. if cleartext[0:2] != b('\x00\x02'): @@ -305,7 +299,7 @@ def verify(message, signature, pub_key): keylength = common.byte_size(pub_key.n) encrypted = transform.bytes2int(signature) - decrypted = core.decrypt_int(encrypted, pub_key.e, pub_key.n) + decrypted = pub_key.blinded_decrypt(encrypted) clearsig = transform.int2bytes(decrypted, keylength) # Get the hash method |