Constant time decryption
Always try to decrypt with all keys.
This commit is contained in:
parent
4c2ce7208c
commit
9239813ebb
|
@ -335,11 +335,13 @@ class objectProcessor(threading.Thread):
|
||||||
|
|
||||||
for key, cryptorObject in shared.myECCryptorObjects.items():
|
for key, cryptorObject in shared.myECCryptorObjects.items():
|
||||||
try:
|
try:
|
||||||
|
if initialDecryptionSuccessful: # continue decryption attempts to avoid timing attacks
|
||||||
|
cryptorObject.decrypt(data[readPosition:])
|
||||||
|
else:
|
||||||
decryptedData = cryptorObject.decrypt(data[readPosition:])
|
decryptedData = cryptorObject.decrypt(data[readPosition:])
|
||||||
toRipe = key # This is the RIPE hash of my pubkeys. We need this below to compare to the destination_ripe included in the encrypted data.
|
toRipe = key # This is the RIPE hash of my pubkeys. We need this below to compare to the destination_ripe included in the encrypted data.
|
||||||
initialDecryptionSuccessful = True
|
initialDecryptionSuccessful = True
|
||||||
logger.info('EC decryption successful using key associated with ripe hash: %s.' % key.encode('hex'))
|
logger.info('EC decryption successful using key associated with ripe hash: %s.' % key.encode('hex'))
|
||||||
break
|
|
||||||
except Exception as err:
|
except Exception as err:
|
||||||
pass
|
pass
|
||||||
if not initialDecryptionSuccessful:
|
if not initialDecryptionSuccessful:
|
||||||
|
@ -615,11 +617,13 @@ class objectProcessor(threading.Thread):
|
||||||
initialDecryptionSuccessful = False
|
initialDecryptionSuccessful = False
|
||||||
for key, cryptorObject in shared.MyECSubscriptionCryptorObjects.items():
|
for key, cryptorObject in shared.MyECSubscriptionCryptorObjects.items():
|
||||||
try:
|
try:
|
||||||
|
if initialDecryptionSuccessful: # continue decryption attempts to avoid timing attacks
|
||||||
|
cryptorObject.decrypt(data[readPosition:])
|
||||||
|
else:
|
||||||
decryptedData = cryptorObject.decrypt(data[readPosition:])
|
decryptedData = cryptorObject.decrypt(data[readPosition:])
|
||||||
toRipe = key # This is the RIPE hash of the sender's pubkey. We need this below to compare to the RIPE hash of the sender's address to verify that it was encrypted by with their key rather than some other key.
|
toRipe = key # This is the RIPE hash of the sender's pubkey. We need this below to compare to the RIPE hash of the sender's address to verify that it was encrypted by with their key rather than some other key.
|
||||||
initialDecryptionSuccessful = True
|
initialDecryptionSuccessful = True
|
||||||
logger.info('EC decryption successful using key associated with ripe hash: %s' % key.encode('hex'))
|
logger.info('EC decryption successful using key associated with ripe hash: %s' % key.encode('hex'))
|
||||||
break
|
|
||||||
except Exception as err:
|
except Exception as err:
|
||||||
pass
|
pass
|
||||||
# print 'cryptorObject.decrypt Exception:', err
|
# print 'cryptorObject.decrypt Exception:', err
|
||||||
|
|
Reference in New Issue
Block a user