Work in progress.

pss-mgf.c

@@ -42,22 +42,7 @@
 #include "pss.h"
 #include "gmp-glue.h"
 #include "memxor.h"
-
-void _increment_count(uint8_t *c) {
-	c[3]++;
-	if (c[3] != 0) {
-		return;
-	}
-	c[2]++;
-	if (c[2] != 0) {
-		return;
-	}
-	c[1]++;
-	if (c[1] != 0) {
-		return;
-	}
-	c[0]++;
-}
+#include "macros.h"
 
 int
 _nettle_mgf1xor(void* hash_ctx, const struct nettle_hash *hash_func,
@@ -75,22 +60,8 @@ _nettle_mgf1xor(void* hash_ctx, const struct nettle_hash *hash_func,
 
 	// 1. If maskLen > 2^32 hLen, output "mask too long" and stop.
 	// Is this necessary? Is it the most efficient way to perform the check?
-	mpz_t mask_length;
-	mpz_t hash_length;
-	mpz_t max_mask_length;
-
-	mpz_init(mask_length);
-	mpz_init(hash_length);
-	mpz_init(max_mask_length);
-
-	mpz_set_ui(mask_length, db_length);
-	mpz_set_ui(hash_length, m_hash_length);
-	mpz_ui_pow_ui(max_mask_length, 2, 32);
-	mpz_mul(max_mask_length, max_mask_length, hash_length);
-
-	if (mpz_cmp(max_mask_length, mask_length) <= 0)
+	if (db_length > 0 && ((db_length - 1) >> 32) >= m_hash_length)
 	{
-		// max_mask_length < mask_length
 		ret = 0;
 		goto cleanup;
 	}
@@ -106,29 +77,22 @@ _nettle_mgf1xor(void* hash_ctx, const struct nettle_hash *hash_func,
 	      b. Concatenate the hash of the seed mgfSeed and C to the octet
 	         string T:
 	         	 T = T || Hash(mgfSeed || C) . */
-	// We will maintain two counters
-	// One as an octet string and the other (i) as a size_t.
-	uint8_t octetcounter[4];
-	// Initialize the octet counter
-	for (i = 0; i< 4; i++)
-	{
-		octetcounter[i] = 0;
-	}
 
 	// We need an octet string to pass as input to the hash function
 	// hash_input = mgfseed || C
 	memcpy(hash_input, h_seed, m_hash_length);
 
+	uint8_t octetcounter[4];
+
 	for (i = 0; i < (db_length / m_hash_length) -1; i++)
 	{
+		WRITE_UINT32(octetcounter, i);
 		memcpy(hash_input + m_hash_length, octetcounter, 4);
 		hash_func->init(hash_ctx);
 	    hash_func->update(hash_ctx, m_hash_length + 4, hash_input);
 	    hash_func->digest(hash_ctx, m_hash_length, t);
 
 	    memxor(db + (m_hash_length * i), t , m_hash_length);
-		_increment_count(octetcounter);
-
 	}
 
 	/* 4. Output the leading maskLen octets of T as the octet string mask. */
@@ -136,9 +100,6 @@ _nettle_mgf1xor(void* hash_ctx, const struct nettle_hash *hash_func,
 	ret = 1;
 
 cleanup:
-	mpz_clear(mask_length);
-	mpz_clear(hash_length);
-	mpz_clear(max_mask_length);
 	TMP_GMP_FREE(hash_input);
 	TMP_GMP_FREE(t);
 

rsa-emsapss-encode.c

@@ -49,7 +49,6 @@ emsapss_rsa_encode(void* hash_ctx, const struct nettle_hash *hash_func,
                    size_t embits, mpz_t em)
 {
 	int ret;
-    size_t i;
 
 	/* 1.  If the length of M is greater than the input limitation for the
 	       hash function (2^61 - 1 octets for SHA-1), output "message too

rsa-pss-verify.c

@@ -37,6 +37,7 @@
 
 #include "rsa.h"
 #include "pss.h"
+#include "bignum.h"
 
 int
 rsa_pss_verify(const struct rsa_public_key *key,
@@ -47,16 +48,16 @@ rsa_pss_verify(const struct rsa_public_key *key,
 {
   int ret;
   mpz_t m;
-  mpz_init (m);
 
-  if (!_rsa_vp1(key,
-  		          signature,
-  		          m))
+  if (mpz_sgn(signature) <= 0)
   {
 	  ret = 0;
 	  goto cleanup;
   }
 
+  mpz_init (m);
+  mpz_powm(m, signature, key->e, key->n);
+
   size_t embits, emlen;
   embits = key->size*8;
   emlen = (embits + 7) / 8;

rsa-verify.c

@@ -62,16 +62,3 @@ _rsa_verify(const struct rsa_public_key *key,
 
   return res;
 }
-
-int
-_rsa_vp1(const struct rsa_public_key *key,
-		 const mpz_t s,
-		 mpz_t m)
-{
-	if ( (mpz_sgn(s) <= 0)
-	       || (mpz_cmp(s, key->n) >= 0) )
-	    return 0;
-	mpz_powm(m, s, key->e, key->n);
-	return 1;
-}
-

rsa.h

@@ -498,12 +498,6 @@ _rsa_verify(const struct rsa_public_key *key,
 	    const mpz_t m,
 	    const mpz_t s);
 
-/* internal verification primitive for rsa-pss */
-int
-_rsa_vp1(const struct rsa_public_key *key,
-		 const mpz_t s,
-		 mpz_t m);
-
 
 size_t
 _rsa_check_size(mpz_t n);