From 2d826efd86f5d5df1af93f29154ce8c9812de95d Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Thu, 9 Jul 2015 14:32:05 +0200
Subject: rsa: clarify the RSA secret parameters

* cipher/rsa.c: Clarify meaning of the 'u' parameter. Fix error in
  comments.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
---
 cipher/rsa.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/cipher/rsa.c b/cipher/rsa.c
index 9a8d235b..25e9d102 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -700,7 +700,12 @@ stronger_key_check ( RSA_secret_key *skey )
  *
  *	m = c^d mod n
  *
- * Or faster:
+ * Or faster using Garner's Algorithm. Note that u is *not* the
+ * coefficient from RFC 3447 (PKCS#1), but the multiplicative inverse of
+ * p, mod q, from RFC 4880 (OpenPGP).
+ *
+ *      (precomputed:)
+ *      u  = p ^ -1 mod q
  *
  *      m1 = c ^ (d mod (p-1)) mod p
  *      m2 = c ^ (d mod (q-1)) mod q
@@ -738,7 +743,7 @@ secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
       if ( mpi_has_sign ( h ) )
         mpi_add ( h, h, skey->q );
       mpi_mulm( h, skey->u, h, skey->q );
-      /* m = m2 + h * p */
+      /* m = m1 + h * p */
       mpi_mul ( h, h, skey->p );
       mpi_add ( output, m1, h );
 
-- 
cgit v1.2.1