summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Wu <peter@lekensteyn.nl>2015-07-09 14:32:05 +0200
committerPeter Wu <peter@lekensteyn.nl>2015-07-09 14:33:48 +0200
commit2d826efd86f5d5df1af93f29154ce8c9812de95d (patch)
treee5db4b32bb3f7e4216a677cc73f4d21bdbd02e02
parentb7da5beda46b52a8016900bc8078eaff60844b54 (diff)
downloadlibgcrypt-2d826efd86f5d5df1af93f29154ce8c9812de95d.tar.gz
rsa: clarify the RSA secret parametersfixes
* cipher/rsa.c: Clarify meaning of the 'u' parameter. Fix error in comments. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-rw-r--r--cipher/rsa.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/cipher/rsa.c b/cipher/rsa.c
index 9a8d235b..25e9d102 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -700,7 +700,12 @@ stronger_key_check ( RSA_secret_key *skey )
*
* m = c^d mod n
*
- * Or faster:
+ * Or faster using Garner's Algorithm. Note that u is *not* the
+ * coefficient from RFC 3447 (PKCS#1), but the multiplicative inverse of
+ * p, mod q, from RFC 4880 (OpenPGP).
+ *
+ * (precomputed:)
+ * u = p ^ -1 mod q
*
* m1 = c ^ (d mod (p-1)) mod p
* m2 = c ^ (d mod (q-1)) mod q
@@ -738,7 +743,7 @@ secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
if ( mpi_has_sign ( h ) )
mpi_add ( h, h, skey->q );
mpi_mulm( h, skey->u, h, skey->q );
- /* m = m2 + h * p */
+ /* m = m1 + h * p */
mpi_mul ( h, h, skey->p );
mpi_add ( output, m1, h );