Skip to content

Fix RSAPBSSA modulus length#58

Open
thibmeu wants to merge 2 commits into
cloudflare:mainfrom
thibmeu:fix-rsapbssa-modulus-length
Open

Fix RSAPBSSA modulus length#58
thibmeu wants to merge 2 commits into
cloudflare:mainfrom
thibmeu:fix-rsapbssa-modulus-length

Conversation

@thibmeu

@thibmeu thibmeu commented Jun 4, 2026

Copy link
Copy Markdown
Member

Closes #56

@thibmeu thibmeu self-assigned this Jun 4, 2026
@thibmeu thibmeu added the bug Something isn't working label Jun 4, 2026
Comment thread src/partially_blindrsa.ts

// 1. p = SafePrime(bits / 2)
// 2. q = SafePrime(bits / 2)
// 3. while p == q, go to step 2.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These comments are now out-of-date with the implementation.

Haven't looked into detail yet, but:

I don't think this is the right place for a fix, generateSafePrime should be changed if we want to enforce a lower bound.

And if the concern is that we get more bits than requested, then that's also a problem in generateSafePrime I think?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the comments are still matching the spec: the loop still performs KeyGen steps 1-3. The extra check only retries when the final modulus is one bit short, which is needed to enforce the requested modulusLength.

Also, enforcing modulus length at the start seems ok as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

PartiallyBlindRSA.generateKey() does not enforce the requested RSA modulus length

2 participants