diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-02-12 12:02:16 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-02-12 15:12:21 +0100 |
commit | e5d72b7c92d5af171855c8267c57f5e33ff6cc2e (patch) | |
tree | 07c780f8eb954cd98926d52a08914f60522b1c49 /openpgp/src/crypto/asymmetric.rs | |
parent | 567d70df3b889bf862a18be7b17473efddf993c8 (diff) |
openpgp: Add optional plaintext length to Decryptor::decrypt.
- If we know the length of the plaintext, we can reduce the
side-channel leakage of the RSA decryption operation.
Diffstat (limited to 'openpgp/src/crypto/asymmetric.rs')
-rw-r--r-- | openpgp/src/crypto/asymmetric.rs | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/openpgp/src/crypto/asymmetric.rs b/openpgp/src/crypto/asymmetric.rs index f73c83ec..555132d6 100644 --- a/openpgp/src/crypto/asymmetric.rs +++ b/openpgp/src/crypto/asymmetric.rs @@ -47,7 +47,8 @@ pub trait Decryptor { fn public(&self) -> &Key<key::PublicParts, key::UnspecifiedRole>; /// Decrypts `ciphertext`, returning the plain session key. - fn decrypt(&mut self, ciphertext: &mpis::Ciphertext) + fn decrypt(&mut self, ciphertext: &mpis::Ciphertext, + plaintext_len: Option<usize>) -> Result<SessionKey>; } @@ -222,7 +223,8 @@ impl Decryptor for KeyPair { } /// Creates a signature over the `digest` produced by `hash_algo`. - fn decrypt(&mut self, ciphertext: &mpis::Ciphertext) + fn decrypt(&mut self, ciphertext: &mpis::Ciphertext, + plaintext_len: Option<usize>) -> Result<SessionKey> { use crate::PublicKeyAlgorithm::*; @@ -238,9 +240,16 @@ impl Decryptor for KeyPair { let secret = rsa::PrivateKey::new(d.value(), p.value(), q.value(), Option::None)?; let mut rand = Yarrow::default(); - rsa::decrypt_pkcs1_insecure(&public, &secret, &mut rand, - c.value())? + if let Some(l) = plaintext_len { + let mut plaintext: SessionKey = vec![0; l].into(); + rsa::decrypt_pkcs1(&public, &secret, &mut rand, + c.value(), plaintext.as_mut())?; + plaintext + } else { + rsa::decrypt_pkcs1_insecure(&public, &secret, + &mut rand, c.value())? .into() + } } (PublicKey::Elgamal{ .. }, |