Fix #19: Implemented blinding when decrypting.

This prevents side-channel (such as timing) attacks, see: https://en.wikipedia.org/wiki/Blinding_%28cryptography%29
author: Sybren A. Stüvel <sybren@stuvel.eu> 2016-01-22 13:11:22 +0100
committer: Sybren A. Stüvel <sybren@stuvel.eu> 2016-01-22 13:14:40 +0100
commit: 2310b34bdb530e0bad793d42f589c9f848ff181b (patch)
tree: 7add9af08619ac491dadef6c0a9620794e5b68bd /rsa/pkcs1.py
parent: 15b69b38568cfe883180c397d408207b456e0e06 (diff)
download: rsa-git-2310b34bdb530e0bad793d42f589c9f848ff181b.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py
index 7d6814c..0b7982c 100644
--- a/rsa/pkcs1.py
+++ b/rsa/pkcs1.py
@@ -229,8 +229,14 @@ def decrypt(crypto, priv_key):
 
     blocksize = common.byte_size(priv_key.n)
     encrypted = transform.bytes2int(crypto)
-    decrypted = core.decrypt_int(encrypted, priv_key.d, priv_key.n)
-    cleartext = transform.int2bytes(decrypted, blocksize)
+
+    # Perform blinded decryption to prevent side-channel attacks.
+    # See https://en.wikipedia.org/wiki/Blinding_%28cryptography%29
+    blinded = priv_key.blind(encrypted, 4134431)  # blind before decrypting
+    decrypted = core.decrypt_int(blinded, priv_key.d, priv_key.n)
+    unblinded = priv_key.unblind(decrypted, 4134431)
+
+    cleartext = transform.int2bytes(unblinded, blocksize)
 
     # If we can't find the cleartext marker, decryption failed.
     if cleartext[0:2] != b('\x00\x02'):
author	Sybren A. Stüvel <sybren@stuvel.eu>	2016-01-22 13:11:22 +0100
committer	Sybren A. Stüvel <sybren@stuvel.eu>	2016-01-22 13:14:40 +0100
commit	2310b34bdb530e0bad793d42f589c9f848ff181b (patch)
tree	7add9af08619ac491dadef6c0a9620794e5b68bd /rsa/pkcs1.py
parent	15b69b38568cfe883180c397d408207b456e0e06 (diff)
download	rsa-git-2310b34bdb530e0bad793d42f589c9f848ff181b.tar.gz