I think there is a bug in rsakpMake!

Help
WangYu
2003-10-01
2003-11-29
  • WangYu
    WangYu
    2003-10-01

    I think there is a bug in this function:rsakpMake!

    int rsakpMake(rsakp* kp, randomGeneratorContext* rgc, int nsize):
    {
        /*
         * Generates an RSA Keypair for use with the Chinese Remainder Theorem
         */

        register size_t pqsize = (nsize+1) >> 1;
        register mpw* temp = (mpw*) malloc((16*pqsize+6)*sizeof(mpw));
        register int newn = 1;

        if (temp)
        {
            mpbarrett r, psubone, qsubone;
            mpnumber phi;

            nsize = pqsize << 1;

            /* set e */
            mpnsetw(&kp->e, 65535);

            /* generate a random prime p and q */
            mpprnd_w(&kp->p, rgc, pqsize, mpptrials(MP_WORDS_TO_BITS(pqsize)), &kp->e, temp);
            mpprnd_w(&kp->q, rgc, pqsize, mpptrials(MP_WORDS_TO_BITS(pqsize)), &kp->e, temp);

            /* if p <= q, perform a swap to make p larger than q */
            if (mple(pqsize, kp->p.modl, kp->q.modl))
            {
                memcpy(&r, &kp->q, sizeof(mpbarrett));
                memcpy(&kp->q, &kp->p, sizeof(mpbarrett));
                memcpy(&kp->p, &r, sizeof(mpbarrett));
            }

            mpbzero(&r);
            mpbzero(&psubone);
            mpbzero(&qsubone);
            mpnzero(&phi);

            while (1)
            {
                mpmul(temp, pqsize, kp->p.modl, pqsize, kp->q.modl);

                if (newn && mpmsbset(nsize, temp))
                    break;

                /* product of p and q doesn't have the required size (one bit short) */

                mpprnd_w(&r, rgc, pqsize, mpptrials(MP_WORDS_TO_BITS(pqsize)), &kp->e, temp);

    .
    .
    .
    .
    .
    }

    I think that the "nsize" is number of WORDs, so the "pqsize" is number of WORDs too.
    The function mpprnd_w's parameter: "bits" is number of bits.
    void mpprnd_w(mpbarrett* p, randomGeneratorContext* rc, size_t bits, int t, const mpnumber* f, mpw* wksp)

    But when calling mpprnd_w, the "pqsize" is not convert to number of bits.
    This bug is exist in version both 3.0.0 and 3.1.0.
    But it is not exist in version 2.1.0 and before.

    Another question about value of e(rsakp.e):
    I read Bruce Schneier's <<Applied Cryptography-second edition>>, in it Bruce suggest the value of e (rsakp.e) should choose one of 3 or 17 or 65537, but you choose 65535, why??

    Thank you!

    My English is very poor! Sorry!!

     
    • Bob Deblier
      Bob Deblier
      2003-11-29

      Your English is very good - this were indeed  two bugs, for which a fix has been committed to the CVS archive.

      Thanks for pointing this out.