From e8262744f661f5373be7f8bb1ff175dcab3bf339 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 3 Dec 2018 06:17:44 -0500 Subject: Use ct_modulo during RSA key generation --- src/lib/pubkey/rsa/rsa.cpp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index d7d6a939e..9334ff4cd 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -15,6 +15,7 @@ #include #include #include +#include #include #if defined(BOTAN_HAS_OPENSSL) @@ -125,8 +126,8 @@ RSA_PrivateKey::RSA_PrivateKey(const BigInt& prime1, m_d = inverse_mod(m_e, phi_n); } - m_d1 = m_d % (m_p - 1); - m_d2 = m_d % (m_q - 1); + m_d1 = ct_modulo(m_d, m_p - 1); + m_d2 = ct_modulo(m_d, m_q - 1); } /* @@ -157,8 +158,8 @@ RSA_PrivateKey::RSA_PrivateKey(RandomNumberGenerator& rng, const BigInt phi_n = lcm(m_p - 1, m_q - 1); // FIXME: this uses binary ext gcd because phi_n is even m_d = inverse_mod(m_e, phi_n); - m_d1 = m_d % (m_p - 1); - m_d2 = m_d % (m_q - 1); + m_d1 = ct_modulo(m_d, m_p - 1); + m_d2 = ct_modulo(m_d, m_q - 1); m_c = inverse_mod(m_q, m_p); } @@ -173,7 +174,7 @@ bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const if(m_d < 2 || m_p < 3 || m_q < 3 || m_p*m_q != m_n) return false; - if(m_d1 != m_d % (m_p - 1) || m_d2 != m_d % (m_q - 1) || m_c != inverse_mod(m_q, m_p)) + if(m_d1 != ct_modulo(m_d, m_p - 1) || m_d2 != ct_modulo(m_d, m_q - 1) || m_c != inverse_mod(m_q, m_p)) return false; const size_t prob = (strong) ? 128 : 12; @@ -183,7 +184,7 @@ bool RSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const if(strong) { - if((m_e * m_d) % lcm(m_p - 1, m_q - 1) != 1) + if(ct_modulo(m_e * m_d, lcm(m_p - 1, m_q - 1)) != 1) return false; return KeyPair::signature_consistency_check(rng, *this, "EMSA4(SHA-256)"); -- cgit v1.2.3