/src/nettle/rsa-decrypt-tr.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* rsa-decrypt-tr.c |
2 | | |
3 | | RSA decryption, using randomized RSA blinding to be more resistant |
4 | | to timing attacks. |
5 | | |
6 | | Copyright (C) 2001, 2012 Niels Möller, Nikos Mavrogiannopoulos |
7 | | |
8 | | This file is part of GNU Nettle. |
9 | | |
10 | | GNU Nettle is free software: you can redistribute it and/or |
11 | | modify it under the terms of either: |
12 | | |
13 | | * the GNU Lesser General Public License as published by the Free |
14 | | Software Foundation; either version 3 of the License, or (at your |
15 | | option) any later version. |
16 | | |
17 | | or |
18 | | |
19 | | * the GNU General Public License as published by the Free |
20 | | Software Foundation; either version 2 of the License, or (at your |
21 | | option) any later version. |
22 | | |
23 | | or both in parallel, as here. |
24 | | |
25 | | GNU Nettle is distributed in the hope that it will be useful, |
26 | | but WITHOUT ANY WARRANTY; without even the implied warranty of |
27 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
28 | | General Public License for more details. |
29 | | |
30 | | You should have received copies of the GNU General Public License and |
31 | | the GNU Lesser General Public License along with this program. If |
32 | | not, see http://www.gnu.org/licenses/. |
33 | | */ |
34 | | |
35 | | #if HAVE_CONFIG_H |
36 | | # include "config.h" |
37 | | #endif |
38 | | |
39 | | #include "rsa-internal.h" |
40 | | #include "pkcs1-internal.h" |
41 | | #include "gmp-glue.h" |
42 | | |
43 | | int |
44 | | rsa_decrypt_tr(const struct rsa_public_key *pub, |
45 | | const struct rsa_private_key *key, |
46 | | void *random_ctx, nettle_random_func *random, |
47 | | size_t *length, uint8_t *message, |
48 | | const mpz_t gibberish) |
49 | 0 | { |
50 | 0 | TMP_GMP_DECL (m, mp_limb_t); |
51 | 0 | TMP_GMP_DECL (em, uint8_t); |
52 | 0 | mp_size_t key_limb_size; |
53 | 0 | int res; |
54 | | |
55 | | /* First check that input is in range. */ |
56 | 0 | if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, pub->n) >= 0) |
57 | 0 | return 0; |
58 | | |
59 | 0 | key_limb_size = mpz_size(pub->n); |
60 | |
|
61 | 0 | TMP_GMP_ALLOC (m, key_limb_size); |
62 | 0 | TMP_GMP_ALLOC (em, key->size); |
63 | 0 | mpz_limbs_copy(m, gibberish, key_limb_size); |
64 | |
|
65 | 0 | res = _rsa_sec_compute_root_tr (pub, key, random_ctx, random, m, m); |
66 | |
|
67 | 0 | mpn_get_base256 (em, key->size, m, key_limb_size); |
68 | |
|
69 | 0 | res &= _pkcs1_sec_decrypt_variable (length, message, key->size, em); |
70 | |
|
71 | 0 | TMP_GMP_FREE (em); |
72 | 0 | TMP_GMP_FREE (m); |
73 | 0 | return res; |
74 | 0 | } |