From 3eebb3fd42b8122565a6b675c1f0d04d901cef94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Tue, 23 Mar 2010 16:40:24 +0100
Subject: [PATCH] * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-sha512.c,
rsa-sha512-sign.c and rsa-sha512-verify.c.
* rsa.h: Added prototypes for sha512-related functions.
(RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased.
* pkcs1.h: Added prototypes for sha512-related functions.
* rsa-sha512-verify.c: New file.
* rsa-sha512-sign.c: New file.
* pkcs1-rsa-sha512.c: New file.
Rev: nettle/ChangeLog:1.52
Rev: nettle/Makefile.in:1.16
Rev: nettle/pkcs1-rsa-sha512.c:1.1
Rev: nettle/pkcs1.h:1.2
Rev: nettle/rsa-sha512-sign.c:1.1
Rev: nettle/rsa-sha512-verify.c:1.1
Rev: nettle/rsa.h:1.3
---
ChangeLog | 31 +++++++++++-----
Makefile.in | 4 +-
pkcs1-rsa-sha512.c | 90 +++++++++++++++++++++++++++++++++++++++++++++
pkcs1.h | 9 +++++
rsa-sha512-sign.c | 59 +++++++++++++++++++++++++++++
rsa-sha512-verify.c | 73 ++++++++++++++++++++++++++++++++++++
rsa.h | 35 +++++++++++++++---
7 files changed, 286 insertions(+), 15 deletions(-)
create mode 100644 pkcs1-rsa-sha512.c
create mode 100644 rsa-sha512-sign.c
create mode 100644 rsa-sha512-verify.c
diff --git a/ChangeLog b/ChangeLog
index df5e53a0..485194db 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2010-03-23 Niels M�ller <nisse@lysator.liu.se>
+
+ * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-sha512.c,
+ rsa-sha512-sign.c and rsa-sha512-verify.c.
+
+ * rsa.h: Added prototypes for sha512-related functions.
+ (RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased.
+ * pkcs1.h: Added prototypes for sha512-related functions.
+
+ * rsa-sha512-verify.c: New file.
+ * rsa-sha512-sign.c: New file.
+ * pkcs1-rsa-sha512.c: New file.
+
2010-03-22 Niels M�ller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added hmac-sha512.c.
@@ -5,17 +18,17 @@
* testsuite/hmac-test.c (test_main): Added test cases for
hmac-sha512.
- * hmac.h: Declare functions SHA-512-related functions.
+ * hmac.h: Declare functions sha512-related functions.
* hmac-sha512.c (hmac_sha512_set_key): New file.
- Basic SHA 512 support.
+ Basic sha512 support.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha512-test.c.
* testsuite/sha512-test.c: New file.
* macros.h (READ_UINT64, WRITE_UINT64): New macros.
* Makefile.in (nettle_SOURCES): Added sha512.c and sha512-meta.c.
- * sha.h: Added SHA-512-related declarations.
+ * sha.h: Added sha512-related declarations.
* nettle-meta.h: Likewise.
* sha512-meta.c: New file.
* sha512.c: New file.
@@ -402,7 +415,7 @@
* C source files: Don't use WITH_PUBLIC_KEY / WITH_HOGWEED, the
Makefile sorts out which files should be compiled.
-
+
* pgp.h: Include bignum.h, don't pretend to work without bignums.
* pgp-encode.c (pgp_put_mpi, pgp_put_public_rsa_key)
@@ -4132,16 +4145,16 @@
* yarrow256.c: New file, implementing Yarrow. Work in progress.
- * sha256.c: New file, implementing SHA-256.
+ * sha256.c: New file, implementing sha256.
* testsuite/Makefile.am (CFLAGS): Added sha256-test.
- * testsuite/sha256-test.m4: New testcases for SHA-256.
+ * testsuite/sha256-test.m4: New testcases for sha256.
- * shadata.c: New file, for generating SHA-256 constants.
+ * shadata.c: New file, for generating sha256 constants.
* sha.h: Renamed sha1.h to sha.h, and added declarations for
- SHA-256.
+ sha256.
2001-10-05 Niels M�ller <nisse@ehand.com>
@@ -4404,7 +4417,7 @@
* testsuite/des-test.m4: New file.
- * Added SHA1 files.
+ * Added sha1 files.
* Added desCore files.
diff --git a/Makefile.in b/Makefile.in
index 823aab27..ed364d27 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -75,11 +75,13 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
hogweed_SOURCES = sexp.c sexp-format.c \
sexp-transport.c sexp-transport-format.c \
bignum.c bignum-next-prime.c bignum-random.c sexp2bignum.c \
- pkcs1.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c pkcs1-rsa-sha256.c \
+ pkcs1.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
+ pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \
rsa.c rsa-sign.c rsa-verify.c \
rsa-md5-sign.c rsa-md5-verify.c \
rsa-sha1-sign.c rsa-sha1-verify.c \
rsa-sha256-sign.c rsa-sha256-verify.c \
+ rsa-sha512-sign.c rsa-sha512-verify.c \
rsa-encrypt.c rsa-decrypt.c \
rsa-keygen.c rsa-compat.c \
rsa2sexp.c sexp2rsa.c \
diff --git a/pkcs1-rsa-sha512.c b/pkcs1-rsa-sha512.c
new file mode 100644
index 00000000..1e446667
--- /dev/null
+++ b/pkcs1-rsa-sha512.c
@@ -0,0 +1,90 @@
+/* pkcs1-rsa-sha512.c
+ *
+ * PKCS stuff for rsa-sha512.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2003, 2006, 2010 Niels M�ller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+#include "nettle-internal.h"
+
+/* From RFC 3447, Public-Key Cryptography Standards (PKCS) #1: RSA
+ * Cryptography Specifications Version 2.1.
+ *
+ * id-sha512 OBJECT IDENTIFIER ::=
+ * {joint-iso-itu-t(2) country(16) us(840) organization(1)
+ * gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3}
+ */
+
+static const uint8_t
+sha512_prefix[] =
+{
+ /* 19 octets prefix, 64 octets hash, total 83 */
+ 0x30, 81, /* SEQUENCE */
+ 0x30, 13, /* SEQUENCE */
+ 0x06, 9, /* OBJECT IDENTIFIER */
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
+ 0x05, 0, /* NULL */
+ 0x04, 64 /* OCTET STRING */
+ /* Here comes the raw hash value, 64 octets */
+};
+
+void
+pkcs1_rsa_sha512_encode(mpz_t m, unsigned length, struct sha512_ctx *hash)
+{
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_ALLOC(em, length);
+
+ assert(length >= SHA512_DIGEST_SIZE);
+ pkcs1_signature_prefix(length - SHA512_DIGEST_SIZE, em,
+ sizeof(sha512_prefix),
+ sha512_prefix);
+
+ sha512_digest(hash, SHA512_DIGEST_SIZE, em + length - SHA512_DIGEST_SIZE);
+ nettle_mpz_set_str_256_u(m, length, em);
+}
+
+void
+pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned length, const uint8_t *digest)
+{
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_ALLOC(em, length);
+
+ assert(length >= SHA512_DIGEST_SIZE);
+ pkcs1_signature_prefix(length - SHA512_DIGEST_SIZE, em,
+ sizeof(sha512_prefix),
+ sha512_prefix);
+
+ memcpy(em + length - SHA512_DIGEST_SIZE, digest, SHA512_DIGEST_SIZE);
+ nettle_mpz_set_str_256_u(m, length, em);
+}
diff --git a/pkcs1.h b/pkcs1.h
index 953604f2..575570b4 100644
--- a/pkcs1.h
+++ b/pkcs1.h
@@ -41,10 +41,13 @@ extern "C" {
#define pkcs1_rsa_sha1_encode_digest nettle_pkcs1_rsa_sha1_encode_digest
#define pkcs1_rsa_sha256_encode nettle_pkcs1_rsa_sha256_encode
#define pkcs1_rsa_sha256_encode_digest nettle_pkcs1_rsa_sha256_encode_digest
+#define pkcs1_rsa_sha512_encode nettle_pkcs1_rsa_sha512_encode
+#define pkcs1_rsa_sha512_encode_digest nettle_pkcs1_rsa_sha512_encode_digest
struct md5_ctx;
struct sha1_ctx;
struct sha256_ctx;
+struct sha512_ctx;
void
pkcs1_signature_prefix(unsigned length,
@@ -70,6 +73,12 @@ pkcs1_rsa_sha256_encode(mpz_t m, unsigned length, struct sha256_ctx *hash);
void
pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned length, const uint8_t *digest);
+void
+pkcs1_rsa_sha512_encode(mpz_t m, unsigned length, struct sha512_ctx *hash);
+
+void
+pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned length, const uint8_t *digest);
+
#ifdef __cplusplus
}
#endif
diff --git a/rsa-sha512-sign.c b/rsa-sha512-sign.c
new file mode 100644
index 00000000..2d0981d8
--- /dev/null
+++ b/rsa-sha512-sign.c
@@ -0,0 +1,59 @@
+/* rsa-sha512-sign.c
+ *
+ * Signatures using RSA and SHA512.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2003, 2006, 2010 Niels M�ller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+void
+rsa_sha512_sign(const struct rsa_private_key *key,
+ struct sha512_ctx *hash,
+ mpz_t s)
+{
+ assert(key->size >= RSA_MINIMUM_N_OCTETS);
+
+ pkcs1_rsa_sha512_encode(s, key->size - 1, hash);
+
+ rsa_compute_root(key, s, s);
+}
+
+void
+rsa_sha512_sign_digest(const struct rsa_private_key *key,
+ const uint8_t *digest,
+ mpz_t s)
+{
+ assert(key->size >= RSA_MINIMUM_N_OCTETS);
+
+ pkcs1_rsa_sha512_encode_digest(s, key->size - 1, digest);
+
+ rsa_compute_root(key, s, s);
+}
diff --git a/rsa-sha512-verify.c b/rsa-sha512-verify.c
new file mode 100644
index 00000000..1ac24a12
--- /dev/null
+++ b/rsa-sha512-verify.c
@@ -0,0 +1,73 @@
+/* rsa-sha512-verify.c
+ *
+ * Verifying signatures created with RSA and SHA512.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2003, 2006, 2010 Niels M�ller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+int
+rsa_sha512_verify(const struct rsa_public_key *key,
+ struct sha512_ctx *hash,
+ const mpz_t s)
+{
+ int res;
+ mpz_t m;
+
+ assert(key->size >= RSA_MINIMUM_N_OCTETS);
+ mpz_init(m);
+
+ pkcs1_rsa_sha512_encode(m, key->size - 1, hash);
+ res = _rsa_verify(key, m, s);
+
+ mpz_clear(m);
+
+ return res;
+}
+
+int
+rsa_sha512_verify_digest(const struct rsa_public_key *key,
+ const uint8_t *digest,
+ const mpz_t s)
+{
+ int res;
+ mpz_t m;
+
+ assert(key->size >= RSA_MINIMUM_N_OCTETS);
+ mpz_init(m);
+
+ pkcs1_rsa_sha512_encode_digest(m, key->size - 1, digest);
+ res = _rsa_verify(key, m, s);
+
+ mpz_clear(m);
+
+ return res;
+}
diff --git a/rsa.h b/rsa.h
index dbdace22..9c29587b 100644
--- a/rsa.h
+++ b/rsa.h
@@ -52,12 +52,16 @@ extern "C" {
#define rsa_sha1_verify nettle_rsa_sha1_verify
#define rsa_sha256_sign nettle_rsa_sha256_sign
#define rsa_sha256_verify nettle_rsa_sha256_verify
+#define rsa_sha512_sign nettle_rsa_sha512_sign
+#define rsa_sha512_verify nettle_rsa_sha512_verify
#define rsa_md5_sign_digest nettle_rsa_md5_sign_digest
#define rsa_md5_verify_digest nettle_rsa_md5_verify_digest
#define rsa_sha1_sign_digest nettle_rsa_sha1_sign_digest
#define rsa_sha1_verify_digest nettle_rsa_sha1_verify_digest
#define rsa_sha256_sign_digest nettle_rsa_sha256_sign_digest
#define rsa_sha256_verify_digest nettle_rsa_sha256_verify_digest
+#define rsa_sha512_sign_digest nettle_rsa_sha512_sign_digest
+#define rsa_sha512_verify_digest nettle_rsa_sha512_verify_digest
#define rsa_encrypt nettle_rsa_encrypt
#define rsa_decrypt nettle_rsa_decrypt
#define rsa_compute_root nettle_rsa_compute_root
@@ -75,12 +79,13 @@ extern "C" {
/* For PKCS#1 to make sense, the size of the modulo, in octets, must
* be at least 11 + the length of the DER-encoded Digest Info.
*
- * And a DigestInfo is 34 octets for md5, 35 octets for sha1, and 51
- * octets for sha256. 62 octets is 496 bits, and as the upper 7 bits
- * may be zero, the smallest useful size of n is 489 bits. */
+ * And a DigestInfo is 34 octets for md5, 35 octets for sha1, 51
+ * octets for sha256, and 83 octetss for sha512. 94 octets is 752
+ * bits, and as the upper 7 bits may be zero, the smallest useful size
+ * of n is 745 bits. */
-#define RSA_MINIMUM_N_OCTETS 62
-#define RSA_MINIMUM_N_BITS 489
+#define RSA_MINIMUM_N_OCTETS 94
+#define RSA_MINIMUM_N_BITS (8*RSA_MINIMUM_N_OCTETS - 7)
struct rsa_public_key
{
@@ -194,6 +199,16 @@ rsa_sha256_verify(const struct rsa_public_key *key,
struct sha256_ctx *hash,
const mpz_t signature);
+void
+rsa_sha512_sign(const struct rsa_private_key *key,
+ struct sha512_ctx *hash,
+ mpz_t signature);
+
+int
+rsa_sha512_verify(const struct rsa_public_key *key,
+ struct sha512_ctx *hash,
+ const mpz_t signature);
+
/* Variants taking the digest as argument. */
void
rsa_md5_sign_digest(const struct rsa_private_key *key,
@@ -225,6 +240,16 @@ rsa_sha256_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
const mpz_t signature);
+void
+rsa_sha512_sign_digest(const struct rsa_private_key *key,
+ const uint8_t *digest,
+ mpz_t s);
+
+int
+rsa_sha512_verify_digest(const struct rsa_public_key *key,
+ const uint8_t *digest,
+ const mpz_t signature);
+
/* RSA encryption, using PKCS#1 */
/* These functions uses the v1.5 padding. What should the v2 (OAEP)
--
GitLab