aboutsummaryrefslogtreecommitdiffstats
path: root/src/pubkey
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-09-22 16:23:56 +0000
committerlloyd <[email protected]>2010-09-22 16:23:56 +0000
commit21865a92ea3ca717f22a84a946e0d71ad7a020f3 (patch)
treefa60ee8797abb9025ac9291a2e1fef89cb12925e /src/pubkey
parent2372f282068857b9a20073f3f27f6faf3f6989ca (diff)
In RSA and RW key generation, if we generate a key that isn't exactly
the requested bitsize, simply repeat instead of failing immediately. The condition could actually occur in practice if a prime that was on the very low end of the specified range was chosen (eg q happened to be chosen as 10000...001).
Diffstat (limited to 'src/pubkey')
-rw-r--r--src/pubkey/rsa/rsa.cpp11
-rw-r--r--src/pubkey/rw/rw.cpp12
2 files changed, 12 insertions, 11 deletions
diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp
index 133164c31..84048fa2e 100644
--- a/src/pubkey/rsa/rsa.cpp
+++ b/src/pubkey/rsa/rsa.cpp
@@ -26,12 +26,13 @@ RSA_PrivateKey::RSA_PrivateKey(RandomNumberGenerator& rng,
throw Invalid_Argument(algo_name() + ": Invalid encryption exponent");
e = exp;
- p = random_prime(rng, (bits + 1) / 2, e);
- q = random_prime(rng, bits - p.bits(), e);
- n = p * q;
- if(n.bits() != bits)
- throw Self_Test_Failure(algo_name() + " private key generation failed");
+ do
+ {
+ p = random_prime(rng, (bits + 1) / 2, e);
+ q = random_prime(rng, bits - p.bits(), e);
+ n = p * q;
+ } while(n.bits() != bits);
d = inverse_mod(e, lcm(p - 1, q - 1));
d1 = d % (p - 1);
diff --git a/src/pubkey/rw/rw.cpp b/src/pubkey/rw/rw.cpp
index 91cebc5a8..a9ca8eae7 100644
--- a/src/pubkey/rw/rw.cpp
+++ b/src/pubkey/rw/rw.cpp
@@ -26,13 +26,13 @@ RW_PrivateKey::RW_PrivateKey(RandomNumberGenerator& rng,
throw Invalid_Argument(algo_name() + ": Invalid encryption exponent");
e = exp;
- p = random_prime(rng, (bits + 1) / 2, e / 2, 3, 4);
- q = random_prime(rng, bits - p.bits(), e / 2, ((p % 8 == 3) ? 7 : 3), 8);
- n = p * q;
-
- if(n.bits() != bits)
- throw Self_Test_Failure(algo_name() + " private key generation failed");
+ do
+ {
+ p = random_prime(rng, (bits + 1) / 2, e / 2, 3, 4);
+ q = random_prime(rng, bits - p.bits(), e / 2, ((p % 8 == 3) ? 7 : 3), 8);
+ n = p * q;
+ } while(n.bits() != bits);
d = inverse_mod(e, lcm(p - 1, q - 1) >> 1);
d1 = d % (p - 1);