Skip to content

Commit

Permalink
Choose blinding factor relatively prime to N
Browse files Browse the repository at this point in the history
This is a requirement for RSA blinding, but wasn't implemented yet.
  • Loading branch information
sybrenstuvel committed Jun 12, 2020
1 parent 4ed79bc commit 3bf7b2e
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 6 deletions.
10 changes: 6 additions & 4 deletions CHANGELOG.txt
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,13 @@ Python-RSA changelog
Version 4.3 - released 2020-06-12
----------------------------------------

Version 4.3 is a re-tagged release of version 4.0. It is the last to support
Python 2.7. This is now made explicit in the `python_requires` argument in
`setup.py`.
Version 4.3 is almost a re-tagged release of version 4.0. It is the last to
support Python 2.7. This is now made explicit in the `python_requires` argument
in `setup.py`.

There are no functional differences.
Two security fixes have also been backported, so 4.3 = 4.0 + these two fixes.

- Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.


Version 4.0 - released 2018-09-16
Expand Down
11 changes: 9 additions & 2 deletions rsa/key.py
Original file line number Diff line number Diff line change
Expand Up @@ -417,6 +417,13 @@ def __ne__(self, other):
def __hash__(self):
return hash((self.n, self.e, self.d, self.p, self.q, self.exp1, self.exp2, self.coef))

def _get_blinding_factor(self):
for _ in range(1000):
blind_r = rsa.randnum.randint(self.n - 1)
if rsa.prime.are_relatively_prime(self.n, blind_r):
return blind_r
raise RuntimeError('unable to find blinding factor')

def blinded_decrypt(self, encrypted):
"""Decrypts the message using blinding to prevent side-channel attacks.
Expand All @@ -427,7 +434,7 @@ def blinded_decrypt(self, encrypted):
:rtype: int
"""

blind_r = rsa.randnum.randint(self.n - 1)
blind_r = self._get_blinding_factor()
blinded = self.blind(encrypted, blind_r) # blind before decrypting
decrypted = rsa.core.decrypt_int(blinded, self.d, self.n)

Expand All @@ -443,7 +450,7 @@ def blinded_encrypt(self, message):
:rtype: int
"""

blind_r = rsa.randnum.randint(self.n - 1)
blind_r = self._get_blinding_factor()
blinded = self.blind(message, blind_r) # blind before encrypting
encrypted = rsa.core.encrypt_int(blinded, self.d, self.n)
return self.unblind(encrypted, blind_r)
Expand Down

0 comments on commit 3bf7b2e

Please sign in to comment.