Transition from ALG_RSA_CRT to ALG_RSA

[petrs]

• change in basic RSA objects allocation
• change in Algorithm Attributes
• algAttrSign, algAttrDec, algAttrAuth must be updated according to type of generated key

[petrs]

DEF_ALG used for specification of preference between CRT and non-CRT RSA

[martinpaljak]

Why should one use ALG_RSA instead of ALG_RSA_CRT ?

[petrs]

ALG_RSA_CRT mode seems to be more vulnerable to fault injection. Bellcore attack was published in 1996 (https://crypto.stanford.edu/~dabo/abstracts/faults.html) able to obtain private key from RSA with CRT when single one single faulty signature can be obtained. Some improvements were proposed (http://risorse.dei.polimi.it/FDTC04/Yen.pdf, http://joye.site88.net/papers/Joy09rsafaults.pdf), but I do not feel comfortable yet - especially because card manufacturers are not providing information about defense used. But if you are aware about any update to this issue, please let me know.