[PATCH 6/6] rsa: clarify the RSA secret parameters
Peter Wu
peter at lekensteyn.nl
Thu Jul 9 17:11:36 CEST 2015
* cipher/rsa.c: Clarify meaning of the 'u' parameter. Fix error in
comments.
Signed-off-by: Peter Wu <peter at lekensteyn.nl>
---
cipher/rsa.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/cipher/rsa.c b/cipher/rsa.c
index 9a8d235..25e9d10 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -700,7 +700,12 @@ stronger_key_check ( RSA_secret_key *skey )
*
* m = c^d mod n
*
- * Or faster:
+ * Or faster using Garner's Algorithm. Note that u is *not* the
+ * coefficient from RFC 3447 (PKCS#1), but the multiplicative inverse of
+ * p, mod q, from RFC 4880 (OpenPGP).
+ *
+ * (precomputed:)
+ * u = p ^ -1 mod q
*
* m1 = c ^ (d mod (p-1)) mod p
* m2 = c ^ (d mod (q-1)) mod q
@@ -738,7 +743,7 @@ secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
if ( mpi_has_sign ( h ) )
mpi_add ( h, h, skey->q );
mpi_mulm( h, skey->u, h, skey->q );
- /* m = m2 + h * p */
+ /* m = m1 + h * p */
mpi_mul ( h, h, skey->p );
mpi_add ( output, m1, h );
--
2.4.4
More information about the Gcrypt-devel
mailing list