I think there is a bug in this function:rsakpMake!
int rsakpMake(rsakp* kp, randomGeneratorContext* rgc, int nsize):
* Generates an RSA Keypair for use with the Chinese Remainder Theorem
register size_t pqsize = (nsize+1) >> 1;
register mpw* temp = (mpw*) malloc((16*pqsize+6)*sizeof(mpw));
register int newn = 1;
mpbarrett r, psubone, qsubone;
nsize = pqsize << 1;
/* set e */
/* generate a random prime p and q */
mpprnd_w(&kp->p, rgc, pqsize, mpptrials(MP_WORDS_TO_BITS(pqsize)), &kp->e, temp);
mpprnd_w(&kp->q, rgc, pqsize, mpptrials(MP_WORDS_TO_BITS(pqsize)), &kp->e, temp);
/* if p <= q, perform a swap to make p larger than q */
if (mple(pqsize, kp->p.modl, kp->q.modl))
memcpy(&r, &kp->q, sizeof(mpbarrett));
memcpy(&kp->q, &kp->p, sizeof(mpbarrett));
memcpy(&kp->p, &r, sizeof(mpbarrett));
mpmul(temp, pqsize, kp->p.modl, pqsize, kp->q.modl);
if (newn && mpmsbset(nsize, temp))
/* product of p and q doesn't have the required size (one bit short) */
mpprnd_w(&r, rgc, pqsize, mpptrials(MP_WORDS_TO_BITS(pqsize)), &kp->e, temp);
I think that the "nsize" is number of WORDs, so the "pqsize" is number of WORDs too.
The function mpprnd_w's parameter: "bits" is number of bits.
void mpprnd_w(mpbarrett* p, randomGeneratorContext* rc, size_t bits, int t, const mpnumber* f, mpw* wksp)
But when calling mpprnd_w, the "pqsize" is not convert to number of bits.
This bug is exist in version both 3.0.0 and 3.1.0.
But it is not exist in version 2.1.0 and before.
Another question about value of e(rsakp.e):
I read Bruce Schneier's <<Applied Cryptography-second edition>>, in it Bruce suggest the value of e (rsakp.e) should choose one of 3 or 17 or 65537, but you choose 65535, why??
My English is very poor! Sorry!!
Your English is very good - this were indeed two bugs, for which a fix has been committed to the CVS archive.
Thanks for pointing this out.