From: Niels Möller Date: Sun, 15 Nov 2015 20:23:42 +0000 (+0100) Subject: Use rsa_compute_root_tr also in rsa_decrypt_tr. X-Git-Tag: nettle_3.2_release_20160128~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44dfebd37113657e0f7ee39eb6af6c418f63bebe;p=thirdparty%2Fnettle.git Use rsa_compute_root_tr also in rsa_decrypt_tr. --- diff --git a/ChangeLog b/ChangeLog index 5c45072f..2ff02f5c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ 2015-09-14 Niels Möller + * rsa-decrypt-tr.c (rsa_decrypt_tr): Use rsa_compute_root_tr. + Mainly for simplicity and consistency, I'm not aware of any CRT + fault attacks on RSA decryption. + + * testsuite/rsa-encrypt-test.c (test_main): Added test with + invalid private key. + * rsa-sign-tr.c (rsa_compute_root_tr): New file and function. * rsa.h: Declare it. * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Use rsa_compute_root_tr. diff --git a/rsa-decrypt-tr.c b/rsa-decrypt-tr.c index e28bee79..e4fbc5fe 100644 --- a/rsa-decrypt-tr.c +++ b/rsa-decrypt-tr.c @@ -48,18 +48,14 @@ rsa_decrypt_tr(const struct rsa_public_key *pub, size_t *length, uint8_t *message, const mpz_t gibberish) { - mpz_t m, ri; + mpz_t m; int res; mpz_init_set(m, gibberish); - mpz_init (ri); - _rsa_blind (pub, random_ctx, random, m, ri); - rsa_compute_root(key, m, m); - _rsa_unblind (pub, m, ri); - mpz_clear (ri); + res = (rsa_compute_root_tr (pub, key, random_ctx, random, m, gibberish) + && pkcs1_decrypt (key->size, m, length, message)); - res = pkcs1_decrypt (key->size, m, length, message); mpz_clear(m); return res; } diff --git a/testsuite/rsa-encrypt-test.c b/testsuite/rsa-encrypt-test.c index 7104e24b..ecdbdb6b 100644 --- a/testsuite/rsa-encrypt-test.c +++ b/testsuite/rsa-encrypt-test.c @@ -78,6 +78,13 @@ test_main(void) ASSERT(MEMEQ(msg_length, msg, decrypted)); ASSERT(decrypted[msg_length] == after); + /* Test invalid key. */ + mpz_add_ui (key.q, key.q, 2); + decrypted_length = key.size; + ASSERT(!rsa_decrypt_tr(&pub, &key, + &lfib, (nettle_random_func *) knuth_lfib_random, + &decrypted_length, decrypted, gibberish)); + rsa_private_key_clear(&key); rsa_public_key_clear(&pub); mpz_clear(gibberish);