diff options
| author | Sybren A. Stüvel <sybren@stuvel.eu> | 2020-11-15 16:25:51 +0100 |
|---|---|---|
| committer | Sybren A. Stüvel <sybren@stuvel.eu> | 2020-11-15 16:27:29 +0100 |
| commit | 06ec1ea1cc7be6034144bd06f07c35eb9d1b4953 (patch) | |
| tree | 40334f927f89e702bb3e02f43a2733ff13680d86 /tests | |
| parent | 341e5c4f939988bd472530441b6a02b625a30806 (diff) | |
| download | rsa-git-06ec1ea1cc7be6034144bd06f07c35eb9d1b4953.tar.gz | |
Fix #162: Blinding uses slow algorithm
Store blinding factor + its inverse, so that they can be reused & updated
on every blinding operation. This avoids expensive computations.
The reuse of the previous blinding factor is done via squaring (mod n), as
per section 9 of 'A Timing Attack against RSA with the Chinese Remainder
Theorem' by Werner Schindler, https://tls.mbed.org/public/WSchindler-RSA_Timing_Attack.pdf
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_key.py | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/tests/test_key.py b/tests/test_key.py index 9db30ce..b00e26d 100644 --- a/tests/test_key.py +++ b/tests/test_key.py @@ -21,11 +21,20 @@ class BlindingTest(unittest.TestCase): message = 12345 encrypted = rsa.core.encrypt_int(message, pk.e, pk.n) - blinded = pk.blind(encrypted, 4134431) # blind before decrypting - decrypted = rsa.core.decrypt_int(blinded, pk.d, pk.n) - unblinded = pk.unblind(decrypted, 4134431) + blinded_1 = pk.blind(encrypted) # blind before decrypting + decrypted = rsa.core.decrypt_int(blinded_1, pk.d, pk.n) + unblinded_1 = pk.unblind(decrypted) - self.assertEqual(unblinded, message) + self.assertEqual(unblinded_1, message) + + # Re-blinding should use a different blinding factor. + blinded_2 = pk.blind(encrypted) # blind before decrypting + self.assertNotEqual(blinded_1, blinded_2) + + # The unblinding should still work, though. + decrypted = rsa.core.decrypt_int(blinded_2, pk.d, pk.n) + unblinded_2 = pk.unblind(decrypted) + self.assertEqual(unblinded_2, message) class KeyGenTest(unittest.TestCase): |