aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-12-03 06:17:44 -0500
committerJack Lloyd <[email protected]>2018-12-03 06:29:46 -0500
commite8262744f661f5373be7f8bb1ff175dcab3bf339 (patch)
treece91bda06b9379268c6396c142dbddfd489ca92a
parent1af5efd6093d0d6235c18ebf8f3435b1fcbf6a93 (diff)
Use ct_modulo during RSA key generation
-rw-r--r--src/lib/pubkey/rsa/rsa.cpp13
1 files changed, 7 insertions, 6 deletions
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
index d7d6a939e..9334ff4cd 100644
--- a/src/lib/pubkey/rsa/rsa.cpp
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -15,6 +15,7 @@
#include <botan/ber_dec.h>
#include <botan/pow_mod.h>
#include <botan/monty.h>
+#include <botan/divide.h>
#include <botan/internal/monty_exp.h>
#if defined(BOTAN_HAS_OPENSSL)
@@ -125,8 +126,8 @@ RSA_PrivateKey::RSA_PrivateKey(const BigInt& prime1,
m_d = inverse_mod(m_e, phi_n);
}
- m_d1 = m_d % (m_p - 1);
- m_d2 = m_d % (m_q - 1);
+ m_d1 = ct_modulo(m_d, m_p - 1);
+ m_d2 = ct_modulo(m_d, m_q - 1);
}
/*
@@ -157,8 +158,8 @@ RSA_PrivateKey::RSA_PrivateKey(RandomNumberGenerator& rng,
const BigInt phi_n = lcm(m_p - 1, m_q - 1);
// FIXME: this uses binary ext gcd because phi_n is even
m_d = inverse_mod(m_e, phi_n);
- m_d1 = m_d % (m_p - 1);
- m_d2 = m_d % (m_q - 1);
+ m_d1 = ct_modulo(m_d, m_p - 1);
+ m_d2 = ct_modulo(m_d, m_q - 1);
m_c = inverse_mod(m_q, m_p);
}
@@ -173,7 +174,7 @@ bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const
if(m_d < 2 || m_p < 3 || m_q < 3 || m_p*m_q != m_n)
return false;
- if(m_d1 != m_d % (m_p - 1) || m_d2 != m_d % (m_q - 1) || m_c != inverse_mod(m_q, m_p))
+ if(m_d1 != ct_modulo(m_d, m_p - 1) || m_d2 != ct_modulo(m_d, m_q - 1) || m_c != inverse_mod(m_q, m_p))
return false;
const size_t prob = (strong) ? 128 : 12;
@@ -183,7 +184,7 @@ bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const
if(strong)
{
- if((m_e * m_d) % lcm(m_p - 1, m_q - 1) != 1)
+ if(ct_modulo(m_e * m_d, lcm(m_p - 1, m_q - 1)) != 1)
return false;
return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-256)");