diff options
author | Legrandin <gooksankoo@hoiptorrow.mailexpire.com> | 2011-09-20 19:41:33 +0200 |
---|---|---|
committer | Legrandin <gooksankoo@hoiptorrow.mailexpire.com> | 2011-09-20 19:41:33 +0200 |
commit | 01f280d0e262a98af5a0b2c3d2a785e1d0879778 (patch) | |
tree | a0a97c8dc5cdf6f345ce0cef7123c40e3c48e9d4 /lib/Crypto/PublicKey | |
parent | 2662ac5c94f00532ddfcd538c7090133e47fad34 (diff) | |
parent | 86c4cf4ea66e926267f53348d22698774a7939a5 (diff) | |
download | pycrypto-01f280d0e262a98af5a0b2c3d2a785e1d0879778.tar.gz |
Merged with upstream.
Diffstat (limited to 'lib/Crypto/PublicKey')
-rw-r--r-- | lib/Crypto/PublicKey/RSA.py | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/lib/Crypto/PublicKey/RSA.py b/lib/Crypto/PublicKey/RSA.py index 49b9908..92600e0 100644 --- a/lib/Crypto/PublicKey/RSA.py +++ b/lib/Crypto/PublicKey/RSA.py @@ -33,6 +33,7 @@ __revision__ = "$Id$" __all__ = ['generate', 'construct', 'error', 'importKey' ] from Crypto.Util.python_compat import * +from Crypto.Util.number import getRandomRange from Crypto.PublicKey import _RSA, _slowmath, pubkey from Crypto import Random @@ -65,9 +66,12 @@ class _RSAobj(pubkey.pubkey): #: - **u**, the CRT coefficient (1/p) mod q. keydata = ['n', 'e', 'd', 'p', 'q', 'u'] - def __init__(self, implementation, key): + def __init__(self, implementation, key, randfunc=None): self.implementation = implementation self.key = key + if randfunc is None: + randfunc = Random.new().read + self._randfunc = randfunc def __getattr__(self, attrname): if attrname in self.keydata: @@ -86,7 +90,16 @@ class _RSAobj(pubkey.pubkey): # instead, but this is more compatible and we're # going to replace the Crypto.PublicKey API soon # anyway. - return self.key._decrypt(ciphertext) + + # Blinded RSA decryption (to prevent timing attacks): + # Step 1: Generate random secret blinding factor r, such that 0 < r < n-1 + r = getRandomRange(1, self.key.n-1, randfunc=self._randfunc) + # Step 2: Compute c' = c * r**e mod n + cp = self.key._blind(ciphertext, r) + # Step 3: Compute m' = c'**d mod n (ordinary RSA decryption) + mp = self.key._decrypt(cp) + # Step 4: Compute m = m**(r-1) mod n + return self.key._unblind(mp, r) def _blind(self, m, r): return self.key._blind(m, r) |