From cbfafc112557cc22e667b1c924c4c27695083b8c Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@strongswan.org>
Date: Mon, 17 Aug 2009 15:30:20 +0200
Subject: [PATCH] enforce RSA_PRIME1 > RSA_PRIME2 (p > q) in PGP

---
 src/libstrongswan/credentials/builder.h     | 4 ++--
 src/libstrongswan/plugins/pgp/pgp_builder.c | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 1854740e63..ed3862c5aa 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -96,9 +96,9 @@ enum builder_part_t {
 	BUILD_RSA_PUB_EXP,
 	/** private exponent (d) of a RSA key, chunk_t */
 	BUILD_RSA_PRIV_EXP,
-	/** prime 1 (p) of a RSA key, chunk_t */
+	/** prime 1 (p) of a RSA key (p < q), chunk_t */
 	BUILD_RSA_PRIME1,
-	/** prime 2 (q) of a RSA key, chunk_t */
+	/** prime 2 (q) of a RSA key (p < q), chunk_t */
 	BUILD_RSA_PRIME2,
 	/** exponent 1 (exp1) of a RSA key, chunk_t */
 	BUILD_RSA_EXP1,
diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c
index 8a6fc76b8a..e3b370eee8 100644
--- a/src/libstrongswan/plugins/pgp/pgp_builder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_builder.c
@@ -202,10 +202,11 @@ static private_key_t *parse_rsa_private_key(chunk_t blob)
 			return NULL;
 		}
 	}
+	/* PGP has uses p < q, but we use p > q */
 	return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, 
 						BUILD_RSA_MODULUS, mpi[0], BUILD_RSA_PUB_EXP, mpi[1],
-						BUILD_RSA_PRIV_EXP, mpi[2], BUILD_RSA_PRIME1, mpi[3],
-						BUILD_RSA_PRIME2, mpi[4], BUILD_RSA_COEFF, mpi[5],
+						BUILD_RSA_PRIV_EXP, mpi[2], BUILD_RSA_PRIME2, mpi[3],
+						BUILD_RSA_PRIME1, mpi[4], BUILD_RSA_COEFF, mpi[5],
 						BUILD_END);
 }