nisse@lysator.liu.se (Niels Möller) writes:
I think it makes some sense to implement rsa_decrypt_tr now, with no advertised internals, and give the signature interface more time.
I've committed an rsa_decrypt_tr now, based on Nikos' code. I reordered the arguments a bit, in an attempt to be more consistent with other rsa functions, so the prototype is now
/* Timing-resistant version, using randomized RSA blinding. */ int rsa_decrypt_tr(const struct rsa_public_key *pub, const struct rsa_private_key *key, void *random_ctx, nettle_random_func *random, unsigned *length, uint8_t *message, const mpz_t gibberish);
Does this make sense? If you are using the rsa encrypt/decrypt functions, and the interface is ok, I guess we should also document them.
Regards, /Niels