2015-09-14 Niels Möller <nisse@lysator.liu.se>
+ * rsa-decrypt-tr.c (rsa_decrypt_tr): Use rsa_compute_root_tr.
+ Mainly for simplicity and consistency, I'm not aware of any CRT
+ fault attacks on RSA decryption.
+
+ * testsuite/rsa-encrypt-test.c (test_main): Added test with
+ invalid private key.
+
* rsa-sign-tr.c (rsa_compute_root_tr): New file and function.
* rsa.h: Declare it.
* rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Use rsa_compute_root_tr.
size_t *length, uint8_t *message,
const mpz_t gibberish)
{
- mpz_t m, ri;
+ mpz_t m;
int res;
mpz_init_set(m, gibberish);
- mpz_init (ri);
- _rsa_blind (pub, random_ctx, random, m, ri);
- rsa_compute_root(key, m, m);
- _rsa_unblind (pub, m, ri);
- mpz_clear (ri);
+ res = (rsa_compute_root_tr (pub, key, random_ctx, random, m, gibberish)
+ && pkcs1_decrypt (key->size, m, length, message));
- res = pkcs1_decrypt (key->size, m, length, message);
mpz_clear(m);
return res;
}
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
+ /* Test invalid key. */
+ mpz_add_ui (key.q, key.q, 2);
+ decrypted_length = key.size;
+ ASSERT(!rsa_decrypt_tr(&pub, &key,
+ &lfib, (nettle_random_func *) knuth_lfib_random,
+ &decrypted_length, decrypted, gibberish));
+
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(gibberish);
projects / thirdparty / nettle.git / commitdiff
