Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / b8fc1b02eed3fc0f9b43387250e961b11fd83470^! / .
commitb8fc1b02eed3fc0f9b43387250e961b11fd83470[log] [tgz]
authorJanos Follath <janos.follath@arm.com>Mon Sep 03 15:37:01 2018 +0100
committerDarryl Green <darryl.green@arm.com>Tue Oct 09 16:33:27 2018 +0100
treeb8a305b7ddcf869dc6d070e1bf07a7952ad93d9e
parenta3cb7eb8ad6882f76fc8747c0809e1062f2f9545 [diff]
RSA: Use MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR

diff --git a/library/rsa.c b/library/rsa.c
index 88c1cf1..f225c50 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -502,6 +502,7 @@
 {
     int ret;
     mbedtls_mpi H, G, L;
+    int prime_quality = 0;
 
     if( f_rng == NULL || nbits < 128 || exponent < 3 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -509,6 +510,14 @@
     if( nbits % 2 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
+    /*
+     * If the modulus is 1024 bit long or shorter, then the security strength of
+     * the RSA algorithm is less than or equal to 80 bits and therefore an error
+     * rate of 2^-80 is sufficient.
+     */
+    if( nbits > 1024 )
+        prime_quality = MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR;
+
     mbedtls_mpi_init( &H );
     mbedtls_mpi_init( &G );
     mbedtls_mpi_init( &L );
@@ -523,11 +532,11 @@
 
     do
     {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
-                                                f_rng, p_rng ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1,
+                                                prime_quality, f_rng, p_rng ) );
 
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
-                                                f_rng, p_rng ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1,
+                                                prime_quality, f_rng, p_rng ) );
 
         /* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */
         MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) );