pike.git / lib / modules / Crypto.pmod / RSA.pike

version» Context lines:

pike.git/lib/modules/Crypto.pmod/RSA.pike:155: Inside #if constant(Crypto.Hash)
   Gmp.mpz mod;    do {    p = get_prime(s1, r);    q = get_prime(s2, r);    mod = [object(Gmp.mpz)](p * q);    } while (mod->size() != bits);    Gmp.mpz phi = [object(Gmp.mpz)](Gmp.mpz([object(Gmp.mpz)](p-1))*    Gmp.mpz([object(Gmp.mpz)](q-1)));       array(Gmp.mpz) gs; /* gcd(pub, phi), and pub^-1 mod phi */ -  Gmp.mpz pub = Gmp.mpz( - #ifdef SSL3_32BIT_PUBLIC_EXPONENT -  random(1 << 30) | - #endif /* SSL3_32BIT_PUBLIC_EXPONENT */ -  0x10001); +     -  while ((gs = pub->gcdext2(phi))[0] != 1) -  pub += 1; +  // For a while it was thought that small exponents were a security +  // problem, but turned out was a padding problem. The exponent +  // 0x10001 has however become common practice, although a smaller +  // value would be more efficient. +  Gmp.mpz pub = Gmp.mpz(0x10001);    -  +  // For security reason we need to ensure no common denominator +  // between n and phi. We could create a different exponent, but +  // some Crypto packages are hard coded for 0x10001, so instead +  // we'll just start over. +  if ((gs = pub->gcdext2(phi))[0] != 1) +  continue; +     if (gs[1] < 0)    gs[1] += phi;       set_public_key(mod, pub);    set_private_key(gs[1], ({ p, q }));       } while (!raw_verify(msg, raw_sign(msg)));    return this;   }