From 6e0c5d8e9872a059eaed2afd7ef22fbcfd9f545d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Wed, 9 Jan 2002 16:14:39 +0100
Subject: [PATCH] * rsa_md5.c: Represent a signature as an mpz_t, not a string.
 Updated calls of md5 functions. * rsa_sha1.c: Likewise.

* rsa.c (rsa_prepare_public_key): Renamed function, was
rsa_init_public_key.
(rsa_prepare_private_key): Renamed function, was
rsa_init_private_key.

Rev: src/nettle/rsa.c:1.2
Rev: src/nettle/rsa.h:1.3
Rev: src/nettle/rsa_md5.c:1.2
Rev: src/nettle/rsa_sha1.c:1.2
---
 rsa.c      | 15 +++++++--------
 rsa.h      | 24 +++++++++++++-----------
 rsa_md5.c  | 40 +++++++++++++++++-----------------------
 rsa_sha1.c | 38 ++++++++++++++++----------------------
 4 files changed, 53 insertions(+), 64 deletions(-)

diff --git a/rsa.c b/rsa.c
index 2e360fb9..6c69eb02 100644
--- a/rsa.c
+++ b/rsa.c
@@ -38,7 +38,7 @@
  * verify functions. */
 
 int
-rsa_init_public_key(struct rsa_public_key *key)
+rsa_prepare_public_key(struct rsa_public_key *key)
 {
   unsigned size = (mpz_sizeinbase(key->n, 2) + 7) / 8;
 
@@ -64,23 +64,22 @@ rsa_init_public_key(struct rsa_public_key *key)
 }
 
 int
-rsa_init_private_key(struct rsa_private_key *key)
+rsa_prepare_private_key(struct rsa_private_key *key)
 {
-  return rsa_init_public_key(&key->pub);
+  return rsa_prepare_public_key(&key->pub);
 }
 
 #ifndef RSA_CRT
 #define RSA_CRT 1
 #endif
 
-/* Internal function for computing an rsa root.
+/* Computing an rsa root.
  *
- * NOTE: We don't really need n not e, so we could delete the public
- * key info from struct rsa_private_key. We do need the size,
- * though. */
+ * NOTE: We don't really need n not e, so we could drop the public
+ * key info from struct rsa_private_key. */
 
 void
-rsa_compute_root(struct rsa_private_key *key, mpz_t x, mpz_t m)
+rsa_compute_root(struct rsa_private_key *key, mpz_t x, const mpz_t m)
 {
 #if RSA_CRT
   {
diff --git a/rsa.h b/rsa.h
index 52c6d94c..47c56185 100644
--- a/rsa.h
+++ b/rsa.h
@@ -69,7 +69,7 @@ struct rsa_private_key
  *
  * Store the private key in a rsa_private_key struct.
  *
- * Call rsa_init_private_key. This initializes the size attribute
+ * Call rsa_prepare_private_key. This initializes the size attribute
  * to the length of a signature.
  *
  * Initialize a hashing context, by callling
@@ -78,44 +78,46 @@ struct rsa_private_key
  * Hash the message by calling
  *   md5_update
  *
- * Finally, call
+ * Create the signature by calling
  *   rsa_md5_sign
  *
- * The final call stores the signature, of length size, in the supplied buffer,
- * and resets the hashing context.
+ * The signature is represented as a mpz_t bignum. This call also
+ * resets the hashing context.
+ *
+ * When done with the key, don't forget to call mpz_clear.
  */
 
 int
-rsa_init_public_key(struct rsa_public_key *key);
+rsa_prepare_public_key(struct rsa_public_key *key);
 
 int
-rsa_init_private_key(struct rsa_private_key *key);
+rsa_prepare_private_key(struct rsa_private_key *key);
 
 /* PKCS#1 style signatures */
 void
 rsa_md5_sign(struct rsa_private_key *key,
              struct md5_ctx *hash,
-             uint8_t *signature);
+             mpz_t signature);
 
 
 int
 rsa_md5_verify(struct rsa_public_key *key,
                struct md5_ctx *hash,
-               const uint8_t *signature);
+	       const mpz_t signature);
 
 void
 rsa_sha1_sign(struct rsa_private_key *key,
               struct sha1_ctx *hash,
-              uint8_t *signature);
+              mpz_t signature);
 
 int
 rsa_sha1_verify(struct rsa_public_key *key,
                 struct sha1_ctx *hash,
-                const uint8_t *signature);
+		const mpz_t signature);
 
 /* Compute x, the d:th root of m. Calling it with x == m is allowed. */
 void
-rsa_compute_root(struct rsa_private_key *key, mpz_t x, mpz_t m);
+rsa_compute_root(struct rsa_private_key *key, mpz_t x, const mpz_t m);
 
 
 #endif /* NETTLE_RSA_H_INCLUDED */
diff --git a/rsa_md5.c b/rsa_md5.c
index 41e5c712..a0a0109c 100644
--- a/rsa_md5.c
+++ b/rsa_md5.c
@@ -44,42 +44,38 @@ pkcs1_encode_md5(mpz_t m, unsigned length, struct md5_ctx *hash);
 void
 rsa_md5_sign(struct rsa_private_key *key,
              struct md5_ctx *hash,
-             uint8_t *signature)
+             mpz_t s)
 {
-  mpz_t m;
-  mpz_init(m);
-
   assert(key->pub.size >= 45);
 
-  pkcs1_encode_md5(m, key->pub.size - 1, hash);
-
-  rsa_compute_root(key, m, m);
-
-  nettle_mpz_get_str_256(key->pub.size, signature, m);
+  pkcs1_encode_md5(s, key->pub.size - 1, hash);
 
-  mpz_clear(m);
+  rsa_compute_root(key, s, s);
 }
 
 int
 rsa_md5_verify(struct rsa_public_key *key,
                struct md5_ctx *hash,
-               const uint8_t *signature)
+               const mpz_t s)
 {
   int res;
   
-  mpz_t m;
-  mpz_t s;
-
-  mpz_init(m);
+  mpz_t m1;
+  mpz_t m2;
+  
+  if ( (mpz_sgn(s) <= 0)
+       || (mpz_cmp(s, key->n) >= 0) )
+    return 0;
+       
+  mpz_init(m1); mpz_init(m2);
   
-  nettle_mpz_init_set_str_256(s, key->size, signature);
-  mpz_powm(s, s, key->e, key->n);
+  mpz_powm(m1, s, key->e, key->n);
 
-  /* FIXME: Is it cheaper to convert s to a string and check that? */
-  pkcs1_encode_md5(m, key->size - 1, hash);
-  res = !mpz_cmp(m, s);
+  /* FIXME: Is it cheaper to convert m1 to a string and check that? */
+  pkcs1_encode_md5(m2, key->size - 1, hash);
+  res = !mpz_cmp(m1, m2);
 
-  mpz_clear(m); mpz_clear(s);
+  mpz_clear(m1); mpz_clear(m2);
 
   return res;
 }
@@ -116,9 +112,7 @@ pkcs1_encode_md5(mpz_t m, unsigned length, struct md5_ctx *hash)
 
   i = length - MD5_DIGEST_SIZE;
   
-  md5_final(hash);
   md5_digest(hash, MD5_DIGEST_SIZE, em + i);
-  md5_init(hash);
 
   assert(i >= sizeof(md5_prefix));
 
diff --git a/rsa_sha1.c b/rsa_sha1.c
index be69399b..21c70f29 100644
--- a/rsa_sha1.c
+++ b/rsa_sha1.c
@@ -44,43 +44,39 @@ pkcs1_encode_sha1(mpz_t m, unsigned length, struct sha1_ctx *hash);
 void
 rsa_sha1_sign(struct rsa_private_key *key,
               struct sha1_ctx *hash,
-              uint8_t *signature)
+              mpz_t s)
 {
-  mpz_t m;
-  mpz_init(m);
-
   assert(key->pub.size >= 45);
 
-  pkcs1_encode_sha1(m, key->pub.size - 1, hash);
-
-  rsa_compute_root(key, m, m);
-
-  nettle_mpz_get_str_256(key->pub.size, signature, m);
+  pkcs1_encode_sha1(s, key->pub.size - 1, hash);
 
-  mpz_clear(m);
+  rsa_compute_root(key, s, s);
 }
 
 int
 rsa_sha1_verify(struct rsa_public_key *key,
                 struct sha1_ctx *hash,
-                const uint8_t *signature)
+                const mpz_t s)
 {
   int res;
   
-  mpz_t m;
-  mpz_t s;
+  mpz_t m1;
+  mpz_t m2;
 
-  mpz_init(m);
+  if ( (mpz_sgn(s) <= 0)
+       || (mpz_cmp(s, key->n) >= 0) )
+    return 0;
+
+  mpz_init(m1); mpz_init(m2);
   
-  nettle_mpz_init_set_str_256(s, key->size, signature);
-  mpz_powm(s, s, key->e, key->n);
+  mpz_powm(m1, s, key->e, key->n);
 
   /* FIXME: Is it cheaper to convert s to a string and check that? */
-  pkcs1_encode_sha1(m, key->size - 1, hash);
-  res = !mpz_cmp(m, s);
-
-  mpz_clear(m); mpz_clear(s);
+  pkcs1_encode_sha1(m2, key->size - 1, hash);
+  res = !mpz_cmp(m1, m2);
 
+  mpz_clear(m1); mpz_clear(m2);
+  
   return res;
 }
 
@@ -118,9 +114,7 @@ pkcs1_encode_sha1(mpz_t m, unsigned length, struct sha1_ctx *hash)
 
   i = length - SHA1_DIGEST_SIZE;
   
-  sha1_final(hash);
   sha1_digest(hash, SHA1_DIGEST_SIZE, em + i);
-  sha1_init(hash);
 
   assert(i >= sizeof(sha1_prefix));
 
-- 
GitLab