feat: allow for custom public exponent value in keygen

kubkon · web-flow · commit a649ce16e0c3 · 2020-07-29T12:33:45.000+02:00
This commit adds a function to `rsa::algorithms` called
`generate_multi_prime_key_with_exp` which allows the caller
to specify a custom value for the public key exponent.

This commit also adds a convenience routine to `rsa::RSAPrivateKey`
called `new_with_exp` which allows the caller to specify the
custom value for the public key exponent as part of `rsa::RSAPrivateKey`
constructor.

Exposing the public key exponent matches an OpenSSL call
`openssl::rsa::generate_with_e` which is useful in certain
settings such when generating the signing keys for SGX enclaves.
diff --git a/src/algorithms.rs b/src/algorithms.rs
@@ -10,21 +10,46 @@ use crate::key::RSAPrivateKey;
 /// Default exponent for RSA keys.
 const EXP: u64 = 65537;
 
-// Generates a multi-prime RSA keypair of the given bit
-// size and the given random source, as suggested in [1]. Although the public
-// keys are compatible (actually, indistinguishable) from the 2-prime case,
-// the private keys are not. Thus it may not be possible to export multi-prime
-// private keys in certain formats or to subsequently import them into other
-// code.
-//
-// Table 1 in [2] suggests maximum numbers of primes for a given size.
-//
-// [1] US patent 4405829 (1972, expired)
-// [2] http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf
+/// Generates a multi-prime RSA keypair of the given bit size,
+/// and the given random source, as suggested in [1]. Although the public
+/// keys are compatible (actually, indistinguishable) from the 2-prime case,
+/// the private keys are not. Thus it may not be possible to export multi-prime
+/// private keys in certain formats or to subsequently import them into other
+/// code.
+///
+/// Uses default public key exponent of `65537`. If you want to use a custom
+/// public key exponent value, use `algorithms::generate_multi_prime_key_with_exp`
+/// instead.
+///
+/// Table 1 in [2] suggests maximum numbers of primes for a given size.
+///
+/// [1] US patent 4405829 (1972, expired)
+/// [2] http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf
 pub fn generate_multi_prime_key<R: Rng>(
     rng: &mut R,
     nprimes: usize,
     bit_size: usize,
+) -> Result<RSAPrivateKey> {
+    let exp = BigUint::from_u64(EXP).expect("invalid static exponent");
+    generate_multi_prime_key_with_exp(rng, nprimes, bit_size, &exp)
+}
+
+/// Generates a multi-prime RSA keypair of the given bit size, public exponent,
+/// and the given random source, as suggested in [1]. Although the public
+/// keys are compatible (actually, indistinguishable) from the 2-prime case,
+/// the private keys are not. Thus it may not be possible to export multi-prime
+/// private keys in certain formats or to subsequently import them into other
+/// code.
+///
+/// Table 1 in [2] suggests maximum numbers of primes for a given size.
+///
+/// [1] US patent 4405829 (1972, expired)
+/// [2] http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf
+pub fn generate_multi_prime_key_with_exp<R: Rng>(
+    rng: &mut R,
+    nprimes: usize,
+    bit_size: usize,
+    exp: &BigUint,
 ) -> Result<RSAPrivateKey> {
     if nprimes < 2 {
         return Err(Error::NprimesTooSmall);
@@ -96,7 +121,6 @@ pub fn generate_multi_prime_key<R: Rng>(
             continue 'next;
         }
 
-        let exp = BigUint::from_u64(EXP).expect("invalid static exponent");
         if let Some(d) = exp.mod_inverse(totient) {
             n_final = n;
             d_final = d.to_biguint().unwrap();
@@ -106,7 +130,7 @@ pub fn generate_multi_prime_key<R: Rng>(
 
     Ok(RSAPrivateKey::from_components(
         n_final,
-        BigUint::from_u64(EXP).expect("invalid static exponent"),
+        exp.clone(),
         d_final,
         primes,
     ))
diff --git a/src/key.rs b/src/key.rs
@@ -8,7 +8,7 @@ use serde_crate::{Deserialize, Serialize};
 use std::ops::Deref;
 use zeroize::Zeroize;
 
-use crate::algorithms::generate_multi_prime_key;
+use crate::algorithms::{generate_multi_prime_key, generate_multi_prime_key_with_exp};
 use crate::errors::{Error, Result};
 
 use crate::padding::PaddingScheme;
@@ -338,6 +338,18 @@ impl RSAPrivateKey {
         generate_multi_prime_key(rng, 2, bit_size)
     }
 
+    /// Generate a new RSA key pair of the given bit size and the public exponent
+    /// using the passed in `rng`.
+    ///
+    /// Unless you have specific needs, you should use `RSAPrivateKey::new` instead.
+    pub fn new_with_exp<R: Rng>(
+        rng: &mut R,
+        bit_size: usize,
+        exp: &BigUint,
+    ) -> Result<RSAPrivateKey> {
+        generate_multi_prime_key_with_exp(rng, 2, bit_size, exp)
+    }
+
     /// Constructs an RSA key pair from the individual components.
     pub fn from_components(
         n: BigUint,
