pike.git / lib / modules / Crypto.pmod / RSA.pike

version» Context lines:

pike.git/lib/modules/Crypto.pmod/RSA.pike:100: Inside #if constant(Crypto.Hash)
   n = [object(Gmp.mpz)](p*q);    size = n->size(256);    }    return this;   }      //   // --- Key generation   //    + #if constant(Nettle.rsa_generate_key) +  + this_program generate_key(int bits, void|int e) + { +  // While a smaller e is possible, and more efficient, using 0x10001 +  // has become standard and is the only value supported by several +  // TLS implementations. +  if(!e) +  e = 0x10001; +  else +  { +  if(!(e&1)) error("e needs to be odd.\n"); +  if(e<3) error("e is too small.\n"); +  if(e->size()>bits) error("e has to be smaller in size than the key.\n"); +  } +  +  if(bits<89) error("Too small key length.\n"); +  +  array(Gmp.mpz) key = Nettle.rsa_generate_keypair(bits, e, +  random); +  if(!key) error("Error generating key.\n"); +  [ n, d, p, q ] = key; +  this_program::e = Gmp.mpz(e); +  size = n->size(256); +  return this; + } +  + #else +    // Generate a prime with @[bits] number of bits using random function   // @[r].   protected Gmp.mpz get_prime(int bits, function(int:string) r)   {    int len = (bits + 7) / 8;    int bit_to_set = 1 << ( (bits - 1) % 8);       Gmp.mpz p;       do {    string s = r(len);    p = Gmp.mpz(sprintf("%c%s", (s[0] & (bit_to_set - 1))    | bit_to_set, s[1..]),    256)->next_prime();    } while (p->size() > bits);       return p;   }    - //! Generate a valid RSA key pair with the size @[bits]. A random - //! function may be provided as arguemnt @[r], otherwise the default - //! random function set in the object will be used. Keys must be at - //! least 128 bits. - this_program generate_key(int(128..) bits, function(int:string)|void r) + //! Generate a valid RSA key pair with the size @[bits] using the + //! random function set with @[set_random()]. The public exponent @[e] + //! will be used, which defaults to 65537. Keys must be at least 89 + //! bits. + this_program generate_key(int(128..) bits, void|int e)   { -  if (!r) r = random; +     if (bits < 128)    error( "Ridiculously small key.\n" );       /* NB: When multiplying two n-bit integers,    * you're most likely to get an (2n - 1)-bit result.    * We therefore add an extra bit to s2.    *    * cf [bug 6620].    */   
pike.git/lib/modules/Crypto.pmod/RSA.pike:147: Inside #if constant(Crypto.Hash)
   int s2 = 1 + bits - s1;       string msg = "This is a valid RSA key pair\n";       do    {    Gmp.mpz p;    Gmp.mpz q;    Gmp.mpz mod;    do { -  p = get_prime(s1, r); -  q = get_prime(s2, r); +  p = get_prime(s1, random); +  q = get_prime(s2, random);    mod = [object(Gmp.mpz)](p * q);    } while (mod->size() != bits);    Gmp.mpz phi = [object(Gmp.mpz)](Gmp.mpz([object(Gmp.mpz)](p-1))*    Gmp.mpz([object(Gmp.mpz)](q-1)));       array(Gmp.mpz) gs; /* gcd(pub, phi), and pub^-1 mod phi */       // For a while it was thought that small exponents were a security    // problem, but turned out was a padding problem. The exponent    // 0x10001 has however become common practice, although a smaller    // value would be more efficient. -  Gmp.mpz pub = Gmp.mpz(0x10001); +  Gmp.mpz pub = Gmp.mpz(e || 0x10001);       // For security reason we need to ensure no common denominator    // between n and phi. We could create a different exponent, but    // some Crypto packages are hard coded for 0x10001, so instead    // we'll just start over.    if ((gs = pub->gcdext2(phi))[0] != 1)    continue;       if (gs[1] < 0)    gs[1] += phi;       set_public_key(mod, pub);    set_private_key(gs[1], ({ p, q }));       } while (!raw_verify(msg, raw_sign(msg)));    return this;   }    -  + #endif +  +    //   // --- PKCS methods   //      #define Sequence Standards.ASN1.Types.Sequence      //! Calls @[Standards.PKCS.RSA.signatue_algorithm_id] with the   //! provided @[hash].   Sequence pkcs_algorithm_id(.Hash hash)   {