Fix #164: Add padding length check as described by PKCS#1 v1.5

According to PKCS#1 v1.5, the padding should be at least 8 bytes long. See https://tools.ietf.org/html/rfc8017#section-7.2.2 step 3 for more info.
author: Sybren A. Stüvel <sybren@stuvel.eu> 2020-11-15 15:48:27 +0100
committer: Sybren A. Stüvel <sybren@stuvel.eu> 2020-11-15 15:50:01 +0100
commit: f878c374086e672e7806fdd18401ec6b71cfa960 (patch)
tree: ccb4393399887e7e2ac338a735b1db90f1a65757 /rsa
parent: dae8ce0d85478e16f2368b2341632775313d41ed (diff)
download: rsa-git-f878c374086e672e7806fdd18401ec6b71cfa960.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py
index 19e24c7..8a85b1c 100644
--- a/rsa/pkcs1.py
+++ b/rsa/pkcs1.py
@@ -262,7 +262,12 @@ def decrypt(crypto: bytes, priv_key: key.PrivateKey) -> bytes:
         sep_idx = cleartext.index(b'\x00', 2)
     except ValueError:
         sep_idx = -1
-    sep_idx_bad = sep_idx < 0
+    # sep_idx indicates the position of the `\x00` separator that separates the
+    # padding from the actual message. The padding should be at least 8 bytes
+    # long (see https://tools.ietf.org/html/rfc8017#section-7.2.2 step 3), which
+    # means the separator should be at least at index 10 (because of the
+    # `\x00\x02` marker that preceeds it).
+    sep_idx_bad = sep_idx < 10
 
     anything_bad = crypto_len_bad | cleartext_marker_bad | sep_idx_bad
     if anything_bad:
author	Sybren A. Stüvel <sybren@stuvel.eu>	2020-11-15 15:48:27 +0100
committer	Sybren A. Stüvel <sybren@stuvel.eu>	2020-11-15 15:50:01 +0100
commit	f878c374086e672e7806fdd18401ec6b71cfa960 (patch)
tree	ccb4393399887e7e2ac338a735b1db90f1a65757 /rsa
parent	dae8ce0d85478e16f2368b2341632775313d41ed (diff)
download	rsa-git-f878c374086e672e7806fdd18401ec6b71cfa960.tar.gz