mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 02:05:39 +01:00
Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q but many libraries guarantee P>Q and mbed TLS did so too in earlier versions. This commit restores this behaviour.
This commit is contained in:
parent
f6e3b9e8b2
commit
ef44178474
@ -40,6 +40,7 @@ Bugfix
|
||||
by inestlerode. #559.
|
||||
* Fix documentation and implementation missmatch for function arguments of
|
||||
mbedtls_gcm_finish(). Found by cmiatpaar. #602
|
||||
* Guarantee that P>Q at RSA key generation. #558
|
||||
|
||||
Changes
|
||||
* Extended test coverage of special cases, and added new timing test suite.
|
||||
|
@ -102,6 +102,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
||||
if( f_rng == NULL || nbits < 128 || exponent < 3 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
if( nbits % 2 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
|
||||
mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
|
||||
|
||||
@ -116,16 +119,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
|
||||
f_rng, p_rng ) );
|
||||
|
||||
if( nbits % 2 )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0,
|
||||
f_rng, p_rng ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
|
||||
f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
|
||||
continue;
|
||||
@ -134,6 +129,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
|
||||
if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
|
||||
continue;
|
||||
|
||||
if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
|
||||
mbedtls_mpi_swap( &ctx->P, &ctx->Q );
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );
|
||||
|
@ -361,7 +361,7 @@ RSA Generate Key - 2048 bit key
|
||||
mbedtls_rsa_gen_key:2048:3:0
|
||||
|
||||
RSA Generate Key - 1025 bit key
|
||||
mbedtls_rsa_gen_key:1025:3:0
|
||||
mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA PKCS1 Encrypt Bad RNG
|
||||
depends_on:MBEDTLS_PKCS1_V15
|
||||
|
@ -678,6 +678,7 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result)
|
||||
if( result == 0 )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
|
||||
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 );
|
||||
}
|
||||
|
||||
exit:
|
||||
|
Loading…
Reference in New Issue
Block a user