Commit dc03f267 authored by Niels Möller's avatar Niels Möller
Browse files

Additional rsa signature functions using crt-har.

parent 58b6701c
2015-09-17 Niels Möller <nisse@lysator.liu.se>
* rsa-md5-sign-tr.c (rsa_md5_sign_tr, rsa_md5_sign_digest_tr): New
file, new functions.
* rsa-sha1-sign-tr.c (rsa_sha1_sign_tr, rsa_sha1_sign_digest_tr):
Likewise.
* rsa-sha256-sign-tr.c (rsa_sha256_sign_tr)
(rsa_sha256_sign_digest_tr): Likewise.
* rsa-sha512-sign-tr.c (rsa_sha512_sign_tr)
(rsa_sha512_sign_digest_tr): Likewise.
* rsa.h: Added corresponding prototypes.
* Makefile.in (hogweed_SOURCES): Added new files.
* testsuite/testutils.c (SIGN): Extend macro to test new
functions, and the rsa_*_sign_digest functions. Updated callers.
2015-09-14 Niels Möller <nisse@lysator.liu.se>
* rsa-sign-tr.c (rsa_blind, rsa_unblind): Moved here, made static,
......
......@@ -146,10 +146,10 @@ hogweed_SOURCES = sexp.c sexp-format.c \
pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \
rsa.c rsa-sign.c rsa-sign-tr.c rsa-verify.c \
rsa-pkcs1-sign.c rsa-pkcs1-sign-tr.c rsa-pkcs1-verify.c \
rsa-md5-sign.c rsa-md5-verify.c \
rsa-sha1-sign.c rsa-sha1-verify.c \
rsa-sha256-sign.c rsa-sha256-verify.c \
rsa-sha512-sign.c rsa-sha512-verify.c \
rsa-md5-sign.c rsa-md5-sign-tr.c rsa-md5-verify.c \
rsa-sha1-sign.c rsa-sha1-sign-tr.c rsa-sha1-verify.c \
rsa-sha256-sign.c rsa-sha256-sign-tr.c rsa-sha256-verify.c \
rsa-sha512-sign.c rsa-sha512-sign-tr.c rsa-sha512-verify.c \
rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \
rsa-keygen.c \
rsa2sexp.c sexp2rsa.c \
......
/* rsa-md5-sign-tr.c
Signatures using RSA and MD5.
Copyright (C) 2001, 2003, 2015 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "rsa.h"
#include "bignum.h"
#include "pkcs1.h"
int
rsa_md5_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct md5_ctx *hash, mpz_t s)
{
mpz_t m;
int res;
mpz_init (m);
res = (pkcs1_rsa_md5_encode(m, key->size, hash)
&& rsa_compute_root_tr (pub, key,
random_ctx, random,
s, m));
mpz_clear (m);
return res;
}
int
rsa_md5_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest, mpz_t s)
{
mpz_t m;
int res;
mpz_init (m);
res = (pkcs1_rsa_md5_encode_digest(m, key->size, digest)
&& rsa_compute_root_tr (pub, key,
random_ctx, random,
s, m));
mpz_clear (m);
return res;
}
/* rsa-sha1-sign-tr.c
Signatures using RSA and SHA1.
Copyright (C) 2001, 2003, 2015 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "rsa.h"
#include "bignum.h"
#include "pkcs1.h"
int
rsa_sha1_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct sha1_ctx *hash,
mpz_t s)
{
mpz_t m;
int res;
mpz_init (m);
res = (pkcs1_rsa_sha1_encode(m, key->size, hash)
&& rsa_compute_root_tr (pub, key,
random_ctx, random,
s, m));
mpz_clear (m);
return res;
}
int
rsa_sha1_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
mpz_t s)
{
mpz_t m;
int res;
mpz_init (m);
res = (pkcs1_rsa_sha1_encode_digest(m, key->size, digest)
&& rsa_compute_root_tr (pub, key,
random_ctx, random,
s, m));
mpz_clear (m);
return res;
}
/* rsa-sha256-sign-tr.c
Signatures using RSA and SHA256.
Copyright (C) 2001, 2003, 2015 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "rsa.h"
#include "bignum.h"
#include "pkcs1.h"
int
rsa_sha256_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct sha256_ctx *hash,
mpz_t s)
{
mpz_t m;
int res;
mpz_init (m);
res = (pkcs1_rsa_sha256_encode(m, key->size, hash)
&& rsa_compute_root_tr (pub, key,
random_ctx, random,
s, m));
mpz_clear (m);
return res;
}
int
rsa_sha256_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
mpz_t s)
{
mpz_t m;
int res;
mpz_init (m);
res = (pkcs1_rsa_sha256_encode_digest(m, key->size, digest)
&& rsa_compute_root_tr (pub, key,
random_ctx, random,
s, m));
mpz_clear (m);
return res;
}
/* rsa-sha512-sign-tr.c
Signatures using RSA and SHA512.
Copyright (C) 2001, 2003, 2015 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "rsa.h"
#include "bignum.h"
#include "pkcs1.h"
int
rsa_sha512_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct sha512_ctx *hash,
mpz_t s)
{
mpz_t m;
int res;
mpz_init (m);
res = (pkcs1_rsa_sha512_encode(m, key->size, hash)
&& rsa_compute_root_tr (pub, key,
random_ctx, random,
s, m));
mpz_clear (m);
return res;
}
int
rsa_sha512_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
mpz_t s)
{
mpz_t m;
int res;
mpz_init (m);
res = (pkcs1_rsa_sha512_encode_digest(m, key->size, digest)
&& rsa_compute_root_tr (pub, key,
random_ctx, random,
s, m));
mpz_clear (m);
return res;
}
......@@ -56,20 +56,28 @@ extern "C" {
#define rsa_pkcs1_sign nettle_rsa_pkcs1_sign
#define rsa_pkcs1_sign_tr nettle_rsa_pkcs1_sign_tr
#define rsa_md5_sign nettle_rsa_md5_sign
#define rsa_md5_sign_tr nettle_rsa_md5_sign_tr
#define rsa_md5_verify nettle_rsa_md5_verify
#define rsa_sha1_sign nettle_rsa_sha1_sign
#define rsa_sha1_sign_tr nettle_rsa_sha1_sign_tr
#define rsa_sha1_verify nettle_rsa_sha1_verify
#define rsa_sha256_sign nettle_rsa_sha256_sign
#define rsa_sha256_sign_tr nettle_rsa_sha256_sign_tr
#define rsa_sha256_verify nettle_rsa_sha256_verify
#define rsa_sha512_sign nettle_rsa_sha512_sign
#define rsa_sha512_sign_tr nettle_rsa_sha512_sign_tr
#define rsa_sha512_verify nettle_rsa_sha512_verify
#define rsa_md5_sign_digest nettle_rsa_md5_sign_digest
#define rsa_md5_sign_digest_tr nettle_rsa_md5_sign_digest_tr
#define rsa_md5_verify_digest nettle_rsa_md5_verify_digest
#define rsa_sha1_sign_digest nettle_rsa_sha1_sign_digest
#define rsa_sha1_sign_digest_tr nettle_rsa_sha1_sign_digest_tr
#define rsa_sha1_verify_digest nettle_rsa_sha1_verify_digest
#define rsa_sha256_sign_digest nettle_rsa_sha256_sign_digest
#define rsa_sha256_sign_digest_tr nettle_rsa_sha256_sign_digest_tr
#define rsa_sha256_verify_digest nettle_rsa_sha256_verify_digest
#define rsa_sha512_sign_digest nettle_rsa_sha512_sign_digest
#define rsa_sha512_sign_digest_tr nettle_rsa_sha512_sign_digest_tr
#define rsa_sha512_verify_digest nettle_rsa_sha512_verify_digest
#define rsa_encrypt nettle_rsa_encrypt
#define rsa_decrypt nettle_rsa_decrypt
......@@ -200,6 +208,12 @@ rsa_md5_sign(const struct rsa_private_key *key,
struct md5_ctx *hash,
mpz_t signature);
int
rsa_md5_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct md5_ctx *hash, mpz_t s);
int
rsa_md5_verify(const struct rsa_public_key *key,
......@@ -211,6 +225,13 @@ rsa_sha1_sign(const struct rsa_private_key *key,
struct sha1_ctx *hash,
mpz_t signature);
int
rsa_sha1_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct sha1_ctx *hash,
mpz_t s);
int
rsa_sha1_verify(const struct rsa_public_key *key,
struct sha1_ctx *hash,
......@@ -221,6 +242,13 @@ rsa_sha256_sign(const struct rsa_private_key *key,
struct sha256_ctx *hash,
mpz_t signature);
int
rsa_sha256_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct sha256_ctx *hash,
mpz_t s);
int
rsa_sha256_verify(const struct rsa_public_key *key,
struct sha256_ctx *hash,
......@@ -231,6 +259,13 @@ rsa_sha512_sign(const struct rsa_private_key *key,
struct sha512_ctx *hash,
mpz_t signature);
int
rsa_sha512_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct sha512_ctx *hash,
mpz_t s);
int
rsa_sha512_verify(const struct rsa_public_key *key,
struct sha512_ctx *hash,
......@@ -242,6 +277,12 @@ rsa_md5_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
int
rsa_md5_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest, mpz_t s);
int
rsa_md5_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
......@@ -252,6 +293,13 @@ rsa_sha1_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
int
rsa_sha1_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
mpz_t s);
int
rsa_sha1_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
......@@ -262,6 +310,13 @@ rsa_sha256_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
int
rsa_sha256_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
mpz_t s);
int
rsa_sha256_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
......@@ -272,6 +327,13 @@ rsa_sha512_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
int
rsa_sha512_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
mpz_t s);
int
rsa_sha512_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
......
......@@ -663,9 +663,33 @@ xalloc_limbs (mp_size_t n)
return xalloc (n * sizeof (mp_limb_t));
}
#define SIGN(key, hash, msg, signature) do { \
hash##_update(&hash, LDATA(msg)); \
ASSERT(rsa_##hash##_sign(key, &hash, signature)); \
/* Expects local variables pub, key, rstate, digest, signature */
#define SIGN(hash, msg, expected) do { \
hash##_update(&hash, LDATA(msg)); \
ASSERT(rsa_##hash##_sign(key, &hash, signature)); \
if (verbose) \
{ \
fprintf(stderr, "rsa-%s signature: ", #hash); \
mpz_out_str(stderr, 16, signature); \
fprintf(stderr, "\n"); \
} \
ASSERT(mpz_cmp (signature, expected) == 0); \
\
hash##_update(&hash, LDATA(msg)); \
ASSERT(rsa_##hash##_sign_tr(pub, key, &rstate, \
(nettle_random_func *) knuth_lfib_random, \
&hash, signature)); \
ASSERT(mpz_cmp (signature, expected) == 0); \
\
hash##_update(&hash, LDATA(msg)); \
hash##_digest(&hash, sizeof(digest), digest); \
ASSERT(rsa_##hash##_sign_digest(key, digest, signature)); \
ASSERT(mpz_cmp (signature, expected) == 0); \
\
ASSERT(rsa_##hash##_sign_digest_tr(pub, key, &rstate, \
(nettle_random_func *)knuth_lfib_random, \
digest, signature)); \
ASSERT(mpz_cmp (signature, expected) == 0); \
} while(0)
#define VERIFY(key, hash, msg, signature) ( \
......@@ -770,22 +794,16 @@ test_rsa_md5(struct rsa_public_key *pub,
mpz_t expected)
{
struct md5_ctx md5;
struct knuth_lfib_ctx rstate;
uint8_t digest[MD5_DIGEST_SIZE];
mpz_t signature;
md5_init(&md5);
mpz_init(signature);
SIGN(key, md5, "The magic words are squeamish ossifrage", signature);
knuth_lfib_init (&rstate, 15);
if (verbose)
{
fprintf(stderr, "rsa-md5 signature: ");
mpz_out_str(stderr, 16, signature);
fprintf(stderr, "\n");
}
SIGN(md5, "The magic words are squeamish ossifrage", expected);
ASSERT (mpz_cmp(signature, expected) == 0);
/* Try bad data */
ASSERT (!VERIFY(pub, md5,
"The magick words are squeamish ossifrage", signature));
......@@ -808,22 +826,16 @@ test_rsa_sha1(struct rsa_public_key *pub,
mpz_t expected)
{
struct sha1_ctx sha1;
struct knuth_lfib_ctx rstate;
uint8_t digest[SHA1_DIGEST_SIZE];
mpz_t signature;
sha1_init(&sha1);
mpz_init(signature);
knuth_lfib_init (&rstate, 16);
SIGN(key, sha1, "The magic words are squeamish ossifrage", signature);
SIGN(sha1, "The magic words are squeamish ossifrage", expected);
if (verbose)
{
fprintf(stderr, "rsa-sha1 signature: ");
mpz_out_str(stderr, 16, signature);
fprintf(stderr, "\n");
}
ASSERT (mpz_cmp(signature, expected) == 0);
/* Try bad data */
ASSERT (!VERIFY(pub, sha1,
"The magick words are squeamish ossifrage", signature));
......@@ -846,22 +858,16 @@ test_rsa_sha256(struct rsa_public_key *pub,
mpz_t expected)
{
struct sha256_ctx sha256;
struct knuth_lfib_ctx rstate;
uint8_t digest[SHA256_DIGEST_SIZE];
mpz_t signature;
sha256_init(&sha256);
mpz_init(signature);
knuth_lfib_init (&rstate, 17);
SIGN(key, sha256, "The magic words are squeamish ossifrage", signature);
SIGN(sha256, "The magic words are squeamish ossifrage", expected);
if (verbose)
{
fprintf(stderr, "rsa-sha256 signature: ");
mpz_out_str(stderr, 16, signature);
fprintf(stderr, "\n");
}
ASSERT (mpz_cmp(signature, expected) == 0);
/* Try bad data */
ASSERT (!VERIFY(pub, sha256,
"The magick words are squeamish ossifrage", signature));
......@@ -884,22 +890,16 @@ test_rsa_sha512(struct rsa_public_key *pub,
mpz_t expected)
{
struct sha512_ctx sha512;
struct knuth_lfib_ctx rstate;
uint8_t digest[SHA512_DIGEST_SIZE];
mpz_t signature;
sha512_init(&sha512);
mpz_init(signature);
knuth_lfib_init (&rstate, 18);
SIGN(key, sha512, "The magic words are squeamish ossifrage", signature);
SIGN(sha512, "The magic words are squeamish ossifrage", expected);
if (verbose)
{
fprintf(stderr, "rsa-sha512 signature: ");
mpz_out_str(stderr, 16, signature);
fprintf(stderr, "\n");
}