From 79c61dc3b1deda355c84139090746afef50a6195 Mon Sep 17 00:00:00 2001
From: Arthur Gautier <arthur.gautier@arista.com>
Date: Sun, 16 Feb 2025 19:29:19 -0800
Subject: [PATCH] fixup key generation 1/2

---
 dsa/src/generate.rs            | 2 ++
 dsa/src/generate/components.rs | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/dsa/src/generate.rs b/dsa/src/generate.rs
index c6430cf4..6f458310 100644
--- a/dsa/src/generate.rs
+++ b/dsa/src/generate.rs
@@ -17,6 +17,8 @@ pub use self::keypair::keypair;
 fn calculate_bounds(size: u32) -> (BoxedUint, BoxedUint) {
     let lower = two().shl(size - 1);
     let upper = two().shl(size);
+    let lower = BoxedUint::one().widen(size + 1).shl(size - 1);
+    let upper = BoxedUint::one().widen(size + 1).shl(size);
 
     (lower, upper)
 }
diff --git a/dsa/src/generate/components.rs b/dsa/src/generate/components.rs
index 5820d12f..ba69d1f2 100644
--- a/dsa/src/generate/components.rs
+++ b/dsa/src/generate/components.rs
@@ -41,8 +41,10 @@ pub fn common(
                     break 'gen_m m;
                 }
             };
-            let mr = &m % NonZero::new(two() * &*q).unwrap();
+            let rem = NonZero::new((two() * &*q).widen(m.bits_precision())).unwrap();
+            let mr = &m % &rem;
             let p = m - mr + BoxedUint::one();
+            let p = p.shorten(q.bits_precision());
             let p = NonZero::new(p).unwrap();
 
             if crypto_primes::is_prime_with_rng(rng, &*p) {
@@ -54,6 +56,7 @@ pub fn common(
     // Generate g using the unverifiable method as defined by Appendix A.2.1
     let e = (&*p - &BoxedUint::one()) / &q;
     let mut h = BoxedUint::one();
+    let mut h = BoxedUint::one().widen(q.bits_precision());
     let g = loop {
         let params = BoxedMontyParams::new_vartime(Odd::new((*p).clone()).unwrap());
         let form = BoxedMontyForm::new(h.clone(), params);