chore: rsa pss - optimize size of arrays

noir-lang · Sep 11, 2024 · 88a109a · 88a109a
1 parent 7a41f2f
commit 88a109a
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/lib/src/rsa.nr b/lib/src/rsa.nr
@@ -169,12 +169,13 @@ impl<BN, BNInstance, let NumBytes: u32> RSA<BN, BNInstance, NumBytes>  where BN:
         // In this case, we'll have a leading zero byte in em that we need to ignore
         // c.f. https://github.com/RustCrypto/RSA/blob/aeedb5adf5297892fcb9e11f7c0f6c0157005c58/src/algorithms/pss.rs#L242
         let offset = key_len - em_len;
-        // 512 - 32 - 1 = 479
-        // As hash is 32 bytes and we also remove the 0xBC at the end, we have up to 479 bytes left for DB
-        // 512 accounts for key sizes up to 4096 bits (generally the maximum used)
-        // Hopefully one day we can be a bit more flexible like so:
+        // As hash is 32 bytes and we also remove the 0xBC at the end, we have up to NumBytes - 33 bytes left for DB
+        // For example, for 2048 bit RSA, we have 256 - 32 - 1 = 223 bytes left for DB
+        // and for 1024 bit RSA, we have 128 - 32 - 1 = 95 bytes left for DB
+        // So we should do something like this:
         // let masked_db: [u8; NumBytes - 32 - 1] = get_array_slice(em, offset, db_mask_len + offset);
-        let masked_db: [u8; 479] = get_array_slice(em, offset, db_mask_len + offset);
+        // But for now we can't so we'll just use NumBytes and have 33 trailing 0s
+        let masked_db: [u8; NumBytes] = get_array_slice(em, offset, db_mask_len + offset);
         let h = get_array_slice(em, db_mask_len + offset, em.len() - 1);
 
         // Make sure the 8 * em_len - em_bits leftmost bits are 0
@@ -185,10 +186,10 @@ impl<BN, BNInstance, let NumBytes: u32> RSA<BN, BNInstance, NumBytes>  where BN:
         assert(masked_db[0] as u32 <= max_allowed_value);
 
         // Generate dbMask using MGF1
-        let db_mask:[u8; 479] = mgf1_sha256(h);
+        let db_mask:[u8; NumBytes] = mgf1_sha256(h);
 
         // Compute DB = maskedDB xor dbMask
-        let mut db = [0 as u8; 479];
+        let mut db = [0 as u8; NumBytes];
         for i in 0..db_mask_len {
             db[i] = masked_db[i] ^ db_mask[i];
         }