(rsa_check_size): New function, for computing and checking

the size of the modulo in octets. (rsa_prepare_public_key): Usa rsa_check_size. (rsa_init_private_key): Removed code handling n, e and d. (rsa_clear_private_key): Likewise. (rsa_compute_root): Always use CRT. Rev: src/nettle/rsa.c:1.4

(rsa_check_size): New function, for computing and checking
17c7e236 · Niels Möller · 010df288 · 17c7e236
Commit 17c7e236 authored 23 years ago by Niels Möller
--- a/rsa.c
+++ b/rsa.c
@@ -55,10 +55,14 @@ rsa_clear_public_key(struct rsa_public_key *key)
  mpz_clear(key->e);
 }

-int
-rsa_prepare_public_key(struct rsa_public_key *key)
+/* Computes the size, in octets, of a size BITS modulo.
+ * Returns 0 if the modulo is too small to be useful. */
+
+static unsigned
+rsa_check_size(unsigned bits)
 {
-  unsigned size = (mpz_sizeinbase(key->n, 2) + 7) / 8;
+  /* Round upwards */
+  unsigned size = (bits + 7) / 8;

  /* For PKCS#1 to make sense, the size of the modulo, in octets, must
   * be at least 11 + the length of the DER-encoded Digest Info.
@@ -67,39 +71,43 @@ rsa_prepare_public_key(struct rsa_public_key *key)
   * 46 octets is 368 bits. */
  
  if (size < 46)
-    {
-      /* Make sure the signing and verification functions doesn't
-       * try to use this key. */
-      key->size = 0;
-
    return 0;
+
+  return size;
 }
-  else
+
+int
+rsa_prepare_public_key(struct rsa_public_key *key)
 {
-      key->size = size;
-      return 1;
-    }
+  /* FIXME: Add further sanity checks, like 0 < e < n. */
+#if 0
+  if ( (mpz_sgn(key->e) <= 0)
+       || mpz_cmp(key->e, key->n) >= 0)
+    return 0;
+#endif
+  
+  key->size = rsa_check_size(mpz_sizeinbase(key->n, 2));
+  
+  return (key->size > 0);
 }

 void
 rsa_init_private_key(struct rsa_private_key *key)
 {
-  rsa_init_public_key(&key->pub);
-
-  mpz_init(key->d);
  mpz_init(key->p);
  mpz_init(key->q);
  mpz_init(key->a);
  mpz_init(key->b);
  mpz_init(key->c);
+
+  /* Not really necessary, but it seems cleaner to initialize all the
+   * storage. */
+  key->size = 0;
 }

 void
 rsa_clear_private_key(struct rsa_private_key *key)
 {
-  rsa_clear_public_key(&key->pub);
-
-  mpz_clear(key->d);
  mpz_clear(key->p);
  mpz_clear(key->q);
  mpz_clear(key->a);
@@ -110,23 +118,18 @@ rsa_clear_private_key(struct rsa_private_key *key)
 int
 rsa_prepare_private_key(struct rsa_private_key *key)
 {
-  return rsa_prepare_public_key(&key->pub);
-}
-
+  /* FIXME: Add further sanity checks. */

-#ifndef RSA_CRT
-#define RSA_CRT 1
-#endif
+  /* The size of the product is the sum of the sizes of the factors. */
+  key->size = rsa_check_size(mpz_sizeinbase(key->p, 2)
+			     + mpz_sizeinbase(key->p, 2));

-/* Computing an rsa root.
- *
- * NOTE: We don't really need n not e, so we could drop the public
- * key info from struct rsa_private_key. */
+  return (key->size > 0);
+}

+/* Computing an rsa root. */
 void
 rsa_compute_root(struct rsa_private_key *key, mpz_t x, const mpz_t m)
-{
-#if RSA_CRT
 {
  mpz_t xp; /* modulo p */
  mpz_t xq; /* modulo q */
@@ -181,9 +184,5 @@ rsa_compute_root(struct rsa_private_key *key, mpz_t x, const mpz_t m)

  mpz_clear(xp); mpz_clear(xq);
 }
-#else /* !RSA_CRT */
-  mpz_powm(x, m, key->d, key->pub->n);
-#endif /* !RSA_CRT */
-}

 #endif /* HAVE_LIBGMP */