This repository was archived by the owner on Apr 20, 2025. It is now read-only.
Description
the current code:
|
blocksize = common.byte_size(priv_key.n) |
|
encrypted = transform.bytes2int(crypto) |
|
decrypted = priv_key.blinded_decrypt(encrypted) |
|
cleartext = transform.int2bytes(decrypted, blocksize) |
|
|
|
# Detect leading zeroes in the crypto. These are not reflected in the |
|
# encrypted value (as leading zeroes do not influence the value of an |
|
# integer). This fixes CVE-2020-13757. |
|
if len(crypto) > blocksize: |
|
raise DecryptionError('Decryption failed') |
|
|
|
# If we can't find the cleartext marker, decryption failed. |
|
if cleartext[0:2] != b'\x00\x02': |
|
raise DecryptionError('Decryption failed') |
|
|
|
# Find the 00 separator between the padding and the message |
|
try: |
|
sep_idx = cleartext.index(b'\x00', 2) |
|
except ValueError: |
|
raise DecryptionError('Decryption failed') |
|
|
|
return cleartext[sep_idx + 1:] |
doesn't check that the length of the padding is at least 8 bytes.
See https://tools.ietf.org/html/rfc8017#section-7.2.2 step 3
