Add a comment on side channels here

author: Jack Lloyd <[email protected]> 2018-04-26 11:57:20 -0400
committer: Jack Lloyd <[email protected]> 2018-04-26 11:58:08 -0400
commit: 0ccee221ca464320f1458aef82c90b1bea163649 (patch)
tree: bb7a451305c5fbf2c1b7fa1e32553a9da6dbd65c /src
parent: 178ddff62cc460be771018f48468e114b723da4e (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
index ca0f414f5..fdc5b63d0 100644
--- a/src/lib/pubkey/rsa/rsa.cpp
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -141,18 +141,19 @@ RSA_PrivateKey::RSA_PrivateKey(RandomNumberGenerator& rng,
 
    m_e = exp;
 
+   const size_t p_bits = (bits + 1) / 2;
+   const size_t q_bits = bits - p_bits;
+
    do
       {
-      const size_t p_bits = (bits + 1) / 2;
-      const size_t q_bits = bits - p_bits;
-
       m_p = generate_rsa_prime(rng, rng, p_bits, m_e);
       m_q = generate_rsa_prime(rng, rng, q_bits, m_e);
       m_n = m_p * m_q;
-
       } while(m_n.bits() != bits);
 
+   // FIXME: lcm calls gcd which is not const time
    const BigInt phi_n = lcm(m_p - 1, m_q - 1);
+   // FIXME: this uses binary ext gcd because phi_n is even
    m_d = inverse_mod(m_e, phi_n);
    m_d1 = m_d % (m_p - 1);
    m_d2 = m_d % (m_q - 1);
author	Jack Lloyd <[email protected]>	2018-04-26 11:57:20 -0400
committer	Jack Lloyd <[email protected]>	2018-04-26 11:58:08 -0400
commit	0ccee221ca464320f1458aef82c90b1bea163649 (patch)
tree	bb7a451305c5fbf2c1b7fa1e32553a9da6dbd65c /src
parent	178ddff62cc460be771018f48468e114b723da4e (diff)