use a CPRG when using decrypt RSA.
This commit is contained in:
parent
7a03dc1834
commit
bd2883683b
2 changed files with 7 additions and 3 deletions
|
@ -106,8 +106,8 @@ kxEncrypt g (PubRSA pk) b = case RSA.encrypt g pk b of
|
|||
Left e -> (Left $ RSAError e, g)
|
||||
Right (v, g') -> (Right v, g')
|
||||
|
||||
kxDecrypt :: PrivateKey -> ByteString -> Either KxError ByteString
|
||||
kxDecrypt (PrivRSA pk) b = generalizeRSAError $ RSA.decrypt pk b
|
||||
kxDecrypt :: CPRG g => g -> PrivateKey -> ByteString -> (Either KxError ByteString, g)
|
||||
kxDecrypt g (PrivRSA pk) b = (generalizeRSAError $ RSA.decrypt pk b, g)
|
||||
|
||||
-- Verify that the signature matches the given message, using the
|
||||
-- public key.
|
||||
|
|
|
@ -93,9 +93,13 @@ processHandshake hs = do
|
|||
|
||||
decryptRSA :: ByteString -> TLSSt (Either KxError ByteString)
|
||||
decryptRSA econtent = do
|
||||
st <- get
|
||||
ver <- stVersion <$> get
|
||||
rsapriv <- fromJust "rsa private key" . hstRSAPrivateKey . fromJust "handshake" . stHandshake <$> get
|
||||
return $ kxDecrypt rsapriv (if ver < TLS10 then econtent else B.drop 2 econtent)
|
||||
let cipher = if ver < TLS10 then econtent else B.drop 2 econtent
|
||||
let (mmsg,rng') = withTLSRNG (stRandomGen st) (\g -> kxDecrypt g rsapriv cipher)
|
||||
put (st { stRandomGen = rng' })
|
||||
return mmsg
|
||||
|
||||
verifyRSA :: (ByteString -> ByteString, ByteString) -> ByteString -> ByteString -> TLSSt (Either KxError Bool)
|
||||
verifyRSA hsh econtent sign = do
|
||||
|
|
Loading…
Reference in a new issue