diff options
author | lloyd <[email protected]> | 2010-09-22 16:23:56 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-09-22 16:23:56 +0000 |
commit | 21865a92ea3ca717f22a84a946e0d71ad7a020f3 (patch) | |
tree | fa60ee8797abb9025ac9291a2e1fef89cb12925e /src/pubkey/rsa | |
parent | 2372f282068857b9a20073f3f27f6faf3f6989ca (diff) |
In RSA and RW key generation, if we generate a key that isn't exactly
the requested bitsize, simply repeat instead of failing
immediately. The condition could actually occur in practice if a prime
that was on the very low end of the specified range was chosen (eg q
happened to be chosen as 10000...001).
Diffstat (limited to 'src/pubkey/rsa')
-rw-r--r-- | src/pubkey/rsa/rsa.cpp | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp index 133164c31..84048fa2e 100644 --- a/src/pubkey/rsa/rsa.cpp +++ b/src/pubkey/rsa/rsa.cpp @@ -26,12 +26,13 @@ RSA_PrivateKey::RSA_PrivateKey(RandomNumberGenerator& rng, throw Invalid_Argument(algo_name() + ": Invalid encryption exponent"); e = exp; - p = random_prime(rng, (bits + 1) / 2, e); - q = random_prime(rng, bits - p.bits(), e); - n = p * q; - if(n.bits() != bits) - throw Self_Test_Failure(algo_name() + " private key generation failed"); + do + { + p = random_prime(rng, (bits + 1) / 2, e); + q = random_prime(rng, bits - p.bits(), e); + n = p * q; + } while(n.bits() != bits); d = inverse_mod(e, lcm(p - 1, q - 1)); d1 = d % (p - 1); |