|
|
@ -120,9 +120,7 @@ object Rsa { |
|
|
|
val plaintext = (blindPlaintext * rInv).mod(m) |
|
|
|
val plaintext = (blindPlaintext * rInv).mod(m) |
|
|
|
|
|
|
|
|
|
|
|
// defend against CRT faults (see https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf) |
|
|
|
// defend against CRT faults (see https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf) |
|
|
|
if (plaintext.modPow(e, m) != ciphertext) { |
|
|
|
check(plaintext.modPow(e, m) == ciphertext) |
|
|
|
throw IllegalStateException() |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return plaintext |
|
|
|
return plaintext |
|
|
|
} else { |
|
|
|
} else { |
|
|
|