diff options
author | Peter Wu <peter@lekensteyn.nl> | 2015-07-09 14:32:05 +0200 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2015-07-09 14:33:48 +0200 |
commit | 2d826efd86f5d5df1af93f29154ce8c9812de95d (patch) | |
tree | e5db4b32bb3f7e4216a677cc73f4d21bdbd02e02 | |
parent | b7da5beda46b52a8016900bc8078eaff60844b54 (diff) | |
download | libgcrypt-2d826efd86f5d5df1af93f29154ce8c9812de95d.tar.gz |
rsa: clarify the RSA secret parametersfixes
* cipher/rsa.c: Clarify meaning of the 'u' parameter. Fix error in
comments.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
-rw-r--r-- | cipher/rsa.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/cipher/rsa.c b/cipher/rsa.c index 9a8d235b..25e9d102 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -700,7 +700,12 @@ stronger_key_check ( RSA_secret_key *skey ) * * m = c^d mod n * - * Or faster: + * Or faster using Garner's Algorithm. Note that u is *not* the + * coefficient from RFC 3447 (PKCS#1), but the multiplicative inverse of + * p, mod q, from RFC 4880 (OpenPGP). + * + * (precomputed:) + * u = p ^ -1 mod q * * m1 = c ^ (d mod (p-1)) mod p * m2 = c ^ (d mod (q-1)) mod q @@ -738,7 +743,7 @@ secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey ) if ( mpi_has_sign ( h ) ) mpi_add ( h, h, skey->q ); mpi_mulm( h, skey->u, h, skey->q ); - /* m = m2 + h * p */ + /* m = m1 + h * p */ mpi_mul ( h, h, skey->p ); mpi_add ( output, m1, h ); |