[pycrypto] same RSA.construct fails on OSX

Antoine Martin antoine at nagafix.co.uk
Fri Jan 20 09:21:42 EST 2012


On 01/20/2012 08:33 PM, Legrandin wrote:
> Hi Antoine,
> 
>> The following code runs fine on a number of platforms, but fails on OSX
>> (I believe it may have started failing after I added gmp/fastmath)
>>
>> m = 6297666796491112384985580404233259073480862181882692247331293512441057109594629677274269303703414891974879> e = 65537
>> p = 0
>> k = RSA.construct((long(m), long(e), long(p)))
>> print("recreate_key=%s" % k)
>>
>> On OSX I get:
>> ValueError: Unable to compute factors p and q from exponent d.
> 
> This is the correct behavior with current pycrypto version (2.5), no
> matter if you use fast or slow math.
> Your code is trying to reconstruct an RSA private key, but you pass a
> private exponent (which you call p, even if typically is called d)
> with value 0. That is an error, the private exponent must be e^{-1}
> mod phi(m), which clearly cannot be zero.
I am re-constructing only the public part of the RSA key as the private
exponent is not available to this code (which runs on the client)

I've just found that simply removing p (or 'd' as it should be called..)
is enough to fix it, so the code becomes:
if d==0:
  k = RSA.construct((long(m), long(e)))
else:
  k = RSA.construct((long(m), long(e), long(d)))

> API is described here
> https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA-module.html#construct
> .
> 
> With previous version you had to provide at least 5 elements,
> m+e+d+p+q (I don't recall how they complain if you provide only 3).
According to the docs, it's 2 minimum (as above), anyone know if the
code above is going to have problems running on distros with old
versions of pycrypto?

>> What can I do to correct this (and still use fastmath)?
>> Shouldn't this be detected as a problem with fastmath, at build time?
> 
> There is nothing to correct I think.
You are right, I was misled by the fastmath when in fact it was pycrypto
2.5 on osx and 2.4.1 elsewhere..

Thanks
Antoine


More information about the pycrypto mailing list