suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OP-01-024 Random Range Bias in DSA/Elgamal (Low). Fix ranges, add TWO constant to BigInteger.

Browse Source
This commit is contained in:
Thomas Oberndörfer 2014-03-21 17:12:02 +01:00
parent 04680a67cd
commit 3f626f4bfb
4 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/crypto/public_key/dsa.js
View File

@ -49,7 +49,7 @@ function DSA() {
// or s = 0 if signatures are generated properly. // or s = 0 if signatures are generated properly.
var k, s1, s2; var k, s1, s2;
while (true) { while (true) {
k = random.getRandomBigIntegerInRange(BigInteger.ONE.add(BigInteger.ONE), q.subtract(BigInteger.ONE)); k = random.getRandomBigIntegerInRange(BigInteger.ONE, q.subtract(BigInteger.ONE));
s1 = (g.modPow(k, p)).mod(q); s1 = (g.modPow(k, p)).mod(q);
s2 = (k.modInverse(q).multiply(hash.add(x.multiply(s1)))).mod(q); s2 = (k.modInverse(q).multiply(hash.add(x.multiply(s1)))).mod(q);
if (s1 != 0 && s2 != 0) { if (s1 != 0 && s2 != 0) {

5
src/crypto/public_key/elgamal.js
View File

@ -32,9 +32,8 @@ function Elgamal() {
function encrypt(m, g, p, y) { function encrypt(m, g, p, y) {
// choose k in {2,...,p-2} // choose k in {2,...,p-2}
var two = BigInteger.ONE.add(BigInteger.ONE); var pMinus2 = p.subtract(BigInteger.TWO);
var pMinus2 = p.subtract(two); var k = random.getRandomBigIntegerInRange(BigInteger.ONE, pMinus2);
var k = random.getRandomBigIntegerInRange(two, pMinus2);
k = k.mod(pMinus2).add(BigInteger.ONE); k = k.mod(pMinus2).add(BigInteger.ONE);
var c = []; var c = [];
c[0] = g.modPow(k, p); c[0] = g.modPow(k, p);

1
src/crypto/public_key/jsbn.js
View File

@ -730,6 +730,7 @@ BigInteger.prototype.modPowInt = bnModPowInt;
// "constants" // "constants"
BigInteger.ZERO = nbv(0); BigInteger.ZERO = nbv(0);
BigInteger.ONE = nbv(1); BigInteger.ONE = nbv(1);
BigInteger.TWO = nbv(2);
module.exports = BigInteger; module.exports = BigInteger;

3
src/crypto/public_key/rsa.js
View File

@ -40,13 +40,12 @@ function SecureRandom() {
var blinder = BigInteger.ZERO; var blinder = BigInteger.ZERO;
var unblinder = BigInteger.ZERO; var unblinder = BigInteger.ZERO;
var TWO = BigInteger.ONE.add(BigInteger.ONE);
function blind(m, n, e) { function blind(m, n, e) {
if (unblinder.bitLength() === n.bitLength()) { if (unblinder.bitLength() === n.bitLength()) {
unblinder = unblinder.square().mod(n); unblinder = unblinder.square().mod(n);
} else { } else {
unblinder = random.getRandomBigIntegerInRange(TWO, n); unblinder = random.getRandomBigIntegerInRange(BigInteger.TWO, n);
} }
blinder = unblinder.modInverse(n).modPow(e, n); blinder = unblinder.modInverse(n).modPow(e, n);
return m.multiply(blinder).mod(n); return m.multiply(blinder).mod(n);