Skip to content

Commit 3bf7b2e

Browse files
sybrenstuvelsybrenstuvel
committed
Choose blinding factor relatively prime to N
This is a requirement for RSA blinding, but wasn't implemented yet.
1 parent 4ed79bc commit 3bf7b2e

File tree

2 files changed

+15
-6
lines changed

2 files changed

+15
-6
lines changed

CHANGELOG.txt

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,13 @@ Python-RSA changelog
44
Version 4.3 - released 2020-06-12
55
----------------------------------------
66

7-
Version 4.3 is a re-tagged release of version 4.0. It is the last to support
8-
Python 2.7. This is now made explicit in the `python_requires` argument in
9-
`setup.py`.
7+
Version 4.3 is almost a re-tagged release of version 4.0. It is the last to
8+
support Python 2.7. This is now made explicit in the `python_requires` argument
9+
in `setup.py`.
1010

11-
There are no functional differences.
11+
Two security fixes have also been backported, so 4.3 = 4.0 + these two fixes.
12+
13+
- Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.
1214

1315

1416
Version 4.0 - released 2018-09-16

rsa/key.py

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -417,6 +417,13 @@ def __ne__(self, other):
417417
def __hash__(self):
418418
return hash((self.n, self.e, self.d, self.p, self.q, self.exp1, self.exp2, self.coef))
419419

420+
def _get_blinding_factor(self):
421+
for _ in range(1000):
422+
blind_r = rsa.randnum.randint(self.n - 1)
423+
if rsa.prime.are_relatively_prime(self.n, blind_r):
424+
return blind_r
425+
raise RuntimeError('unable to find blinding factor')
426+
420427
def blinded_decrypt(self, encrypted):
421428
"""Decrypts the message using blinding to prevent side-channel attacks.
422429
@@ -427,7 +434,7 @@ def blinded_decrypt(self, encrypted):
427434
:rtype: int
428435
"""
429436

430-
blind_r = rsa.randnum.randint(self.n - 1)
437+
blind_r = self._get_blinding_factor()
431438
blinded = self.blind(encrypted, blind_r) # blind before decrypting
432439
decrypted = rsa.core.decrypt_int(blinded, self.d, self.n)
433440

@@ -443,7 +450,7 @@ def blinded_encrypt(self, message):
443450
:rtype: int
444451
"""
445452

446-
blind_r = rsa.randnum.randint(self.n - 1)
453+
blind_r = self._get_blinding_factor()
447454
blinded = self.blind(message, blind_r) # blind before encrypting
448455
encrypted = rsa.core.encrypt_int(blinded, self.d, self.n)
449456
return self.unblind(encrypted, blind_r)

0 commit comments

Comments
 (0)