Merge pull request #466 from tlsfuzzer/rsa-fixes

tomato42 · web-flow · commit de090361cc60 · 2021-05-26T13:59:37.000+02:00
RSA fixes
diff --git a/tlslite/utils/cryptomath.py b/tlslite/utils/cryptomath.py
@@ -387,16 +387,15 @@ def getRandomPrime(bits, display=False):
     #29 % 30 and keep them there
     low = ((2 ** (bits-1)) * 3) // 2
     high = 2 ** bits - 30
-    p = getRandomNumber(low, high)
-    p += 29 - (p % 30)
-    while 1:
-        if display: print(".", end=' ')
-        p += 30
-        if p >= high:
-            p = getRandomNumber(low, high)
-            p += 29 - (p % 30)
-        if isPrime(p, display=display):
-            return p
+    while True:
+        if display:
+            print(".", end=' ')
+        cand_p = getRandomNumber(low, high)
+        # make odd
+        if cand_p % 2 == 0:
+            cand_p += 1
+        if isPrime(cand_p, display=display):
+            return cand_p
 
 
 #Unused at the moment...
diff --git a/tlslite/utils/python_rsakey.py b/tlslite/utils/python_rsakey.py
@@ -113,13 +113,21 @@ def generate(bits, key_type="rsa"):
 
         key_type can be "rsa" for a universal rsaEncryption key or
         "rsa-pss" for a key that can be used only for RSASSA-PSS."""
+        # p, q, and t are standard names for the variables in RSA, so
+        # ignore the fact those are one character long variable names
+        # pylint: disable=invalid-name
         key = Python_RSAKey()
-        p = getRandomPrime(bits//2, False)
-        q = getRandomPrime(bits//2, False)
-        if gmpyLoaded or GMPY2_LOADED:
-            p = mpz(p)
-            q = mpz(q)
-        t = lcm(p-1, q-1)
+        while True:
+            p = getRandomPrime(bits//2, False)
+            q = getRandomPrime(bits//2, False)
+            if gmpyLoaded or GMPY2_LOADED:
+                p = mpz(p)
+                q = mpz(q)
+            t = lcm(p-1, q-1)
+            # since we need to calculate inverse of 65537 mod t, they
+            # must be relatively prime (coprime)
+            if gcd(t, 65537) == 1:
+                break
         key.n = p * q
         if gmpyLoaded or GMPY2_LOADED:
             key.e = mpz(65537)
@@ -132,6 +140,7 @@ def generate(bits, key_type="rsa"):
         key.dQ = key.d % (q-1)
         key.qInv = invMod(q, p)
         key.key_type = key_type
+        # pylint: enable=invalid-name
         return key
 
     @staticmethod
