store residue_params

RustCrypto · Nov 29, 2023 · 21b7c81 · 21b7c81
1 parent bc92994
commit 21b7c81
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 5 deletions.
diff --git a/src/algorithms/rsa.rs b/src/algorithms/rsa.rs
@@ -330,6 +330,7 @@ fn blind_new<R: CryptoRngCore, K: PublicKeyParts>(
     rng: &mut R,
     key: &K,
     c: &BoxedUint,
+    n_params: &BoxedResidueParams,
 ) -> (BoxedUint, BoxedUint) {
     let n = NonZero::new(to_uint(key.n().clone())).unwrap();
     let mut r: BoxedUint;
@@ -349,10 +350,9 @@ fn blind_new<R: CryptoRngCore, K: PublicKeyParts>(
         }
     }
 
-    let n_params = BoxedResidueParams::new(n.get()).unwrap();
     let e = to_uint(key.e().clone());
     let c = {
-        let r = reduce(&r, n_params);
+        let r = reduce(&r, n_params.clone());
         let rpowe = r.pow(&e).retrieve();
 
         let c = c.wrapping_mul(&rpowe);
@@ -393,16 +393,20 @@ pub fn rsa_decrypt_new<R: CryptoRngCore + ?Sized>(
 
     let mut ir = None;
 
+    let n_params = priv_key
+        .residue_params()
+        .cloned()
+        .unwrap_or_else(|| BoxedResidueParams::new(n.clone().get()).unwrap());
+
     let c = if let Some(ref mut rng) = rng {
-        let (blinded, unblinder) = blind_new(rng, priv_key, &c);
+        let (blinded, unblinder) = blind_new(rng, priv_key, &c, &n_params);
         ir = Some(unblinder);
         blinded
     } else {
         c
     };
 
     // TODO: fast path with precalculated values;
-    let n_params = BoxedResidueParams::new(n.clone().get()).unwrap();
     let c = reduce(&c, n_params);
     let m = c.pow(&d).retrieve();
 

diff --git a/src/key.rs b/src/key.rs
@@ -109,6 +109,8 @@ pub(crate) struct PrecomputedValues {
     /// differently in PKCS#1 and interoperability is sufficiently
     /// important that we mirror this.
     pub(crate) crt_values: Vec<CrtValueNew>,
+
+    pub(crate) residue_params: BoxedResidueParams,
 }
 
 impl Zeroize for PrecomputedValues {
@@ -393,11 +395,16 @@ impl RsaPrivateKey {
             values
         };
 
+        // TODO: how to handle error?
+        let residue_params =
+            BoxedResidueParams::new(self.pubkey_components.n.clone().get()).unwrap();
+
         self.precomputed = Some(PrecomputedValues {
             dp: to_uint(dp),
             dq: to_uint(dq),
             qinv,
             crt_values,
+            residue_params,
         });
 
         Ok(())
@@ -523,6 +530,10 @@ impl PrivateKeyPartsNew for RsaPrivateKey {
             None
         }
     }
+
+    fn residue_params(&self) -> Option<&BoxedResidueParams> {
+        self.precomputed.as_ref().map(|p| &p.residue_params)
+    }
 }
 
 /// Check that the public key is well formed and has an exponent within acceptable bounds.

diff --git a/src/traits/keys.rs b/src/traits/keys.rs
@@ -2,7 +2,7 @@
 
 use alloc::vec::Vec;
 
-use crypto_bigint::{BoxedUint, NonZero};
+use crypto_bigint::{modular::BoxedResidueParams, BoxedUint, NonZero};
 use num_bigint::{BigInt, BigUint, IntoBigInt};
 use zeroize::Zeroize;
 
@@ -126,6 +126,8 @@ pub trait PrivateKeyPartsNew: PublicKeyPartsNew {
 
     /// Returns an iterator over the CRT Values
     fn crt_values(&self) -> Option<&[CrtValueNew]>;
+
+    fn residue_params(&self) -> Option<&BoxedResidueParams>;
 }
 
 /// Contains the precomputed Chinese remainder theorem values.