/* -*-c-*-
*
- * $Id: rsa-gen.c,v 1.2 2000/06/17 12:05:15 mdw Exp $
+ * $Id: rsa-gen.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* RSA parameter generation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rsa-gen.c,v $
- * Revision 1.2 2000/06/17 12:05:15 mdw
- * Lots of changes:
- *
- * * Apply limits on %$\gcd(p - 1, q - 1)$% to reduce the space of
- * equivalent decryption exponents.
- *
- * * Force %$e = F_4 = 2^{16} + 1$% to avoid small-encryption-exponent
- * attacks.
- *
- * * Ensure that %$p > q$% and that %$p - q$% is large to deter
- * square-root-based factoring methods.
- *
- * * Use %$e d \equiv 1 \pmod{\lambda(n)}$%, where %$\lambda(n)$% is
- * %$\lcm(p - 1, q - 1)$%, as recommended in PKCS#1, rather than the
- * more usual %$\varphi(n) = (p - 1)(q - 1)$%.
- *
- * * Handle aborts from pgen_jump.
- *
- * Revision 1.1 1999/12/22 15:50:45 mdw
- * Initial RSA support.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/dstr.h>
/* --- @rsa_gen@ --- *
*
- * Arguments: @rsa_param *rp@ = pointer to block to be filled in
+ * Arguments: @rsa_priv *rp@ = pointer to block to be filled in
* @unsigned nbits@ = required modulus size in bits
* @grand *r@ = random number source
* @unsigned n@ = number of attempts to make
* possible.
*/
-int rsa_gen(rsa_param *rp, unsigned nbits, grand *r, unsigned n,
+int rsa_gen(rsa_priv *rp, unsigned nbits, grand *r, unsigned n,
pgen_proc *event, void *ectx)
{
pgen_gcdstepctx g;
/* --- Work out the modulus and the CRT coefficient --- */
rp->n = mp_mul(MP_NEW, rp->p, rp->q);
- rp->q_inv = MP_NEW; mp_gcd(0, 0, &rp->q_inv, rp->p, rp->q);
+ rp->q_inv = mp_modinv(MP_NEW, rp->q, rp->p);
/* --- Work out %$\varphi(n) = (p - 1)(q - 1)$% --- *
*
*/
mp_gcd(&g.g, 0, &rp->d, phi, rp->e);
- if (MP_CMP(g.g, !=, MP_ONE) && MP_LEN(rp->d) * 4 > MP_LEN(rp->n) * 3)
+ if (!MP_EQ(g.g, MP_ONE) && MP_LEN(rp->d) * 4 > MP_LEN(rp->n) * 3)
goto fail_e;
/* --- Work out exponent residues --- */