diff options
author | Anders Sundman <anders@4zm.org> | 2011-05-19 19:55:12 +0200 |
---|---|---|
committer | Anders Sundman <anders@4zm.org> | 2011-05-19 19:55:12 +0200 |
commit | e226cd7f963d2c21c839071d10ed3102b758fdf6 (patch) | |
tree | e3b0c6ade1c88dacb0406dfc23870667868a3c28 /lib/Crypto/PublicKey | |
parent | 606b17789c1869597466c714134f138c51b938f5 (diff) | |
parent | 4669b04c6f9e4cb895abd227dffc7f6718425a70 (diff) | |
download | pycrypto-e226cd7f963d2c21c839071d10ed3102b758fdf6.tar.gz |
Merge from dlitz/master
Diffstat (limited to 'lib/Crypto/PublicKey')
-rw-r--r-- | lib/Crypto/PublicKey/RSA.py | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/lib/Crypto/PublicKey/RSA.py b/lib/Crypto/PublicKey/RSA.py index d95f2cf..0e0f2a1 100644 --- a/lib/Crypto/PublicKey/RSA.py +++ b/lib/Crypto/PublicKey/RSA.py @@ -33,6 +33,9 @@ if sys.version_info[0] == 2 and sys.version_info[1] == 1: from Crypto.Util.py21compat import * from Crypto.Util.py3compat import * + +from Crypto.Util.number import getRandomRange + from Crypto.PublicKey import _RSA, _slowmath, pubkey from Crypto import Random @@ -47,9 +50,12 @@ except ImportError: class _RSAobj(pubkey.pubkey): keydata = ['n', 'e', 'd', 'p', 'q', 'u'] - def __init__(self, implementation, key): + def __init__(self, implementation, key, randfunc=None): self.implementation = implementation self.key = key + if randfunc is None: + randfunc = Random.new().read + self._randfunc = randfunc def __getattr__(self, attrname): if attrname in self.keydata: @@ -68,7 +74,16 @@ class _RSAobj(pubkey.pubkey): # instead, but this is more compatible and we're # going to replace the Crypto.PublicKey API soon # anyway. - return self.key._decrypt(ciphertext) + + # Blinded RSA decryption (to prevent timing attacks): + # Step 1: Generate random secret blinding factor r, such that 0 < r < n-1 + r = getRandomRange(1, self.key.n-1, randfunc=self._randfunc) + # Step 2: Compute c' = c * r**e mod n + cp = self.key._blind(ciphertext, r) + # Step 3: Compute m' = c'**d mod n (ordinary RSA decryption) + mp = self.key._decrypt(cp) + # Step 4: Compute m = m**(r-1) mod n + return self.key._unblind(mp, r) def _blind(self, m, r): return self.key._blind(m, r) |