Commit abc914fd authored by Niels Möller's avatar Niels Möller

* Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-sha512.c,

rsa-sha512-sign.c and rsa-sha512-verify.c.

* rsa.h: Added prototypes for sha512-related functions.
(RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased.
* pkcs1.h: Added prototypes for sha512-related functions.

* rsa-sha512-verify.c: New file.
* rsa-sha512-sign.c: New file.
* pkcs1-rsa-sha512.c: New file.

Rev: nettle/ChangeLog:1.52
Rev: nettle/Makefile.in:1.16
Rev: nettle/pkcs1-rsa-sha512.c:1.1
Rev: nettle/pkcs1.h:1.2
Rev: nettle/rsa-sha512-sign.c:1.1
Rev: nettle/rsa-sha512-verify.c:1.1
Rev: nettle/rsa.h:1.3
parent 84697847
2010-03-23 Niels Mller <nisse@lysator.liu.se>
* Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-sha512.c,
rsa-sha512-sign.c and rsa-sha512-verify.c.
* rsa.h: Added prototypes for sha512-related functions.
(RSA_MINIMUM_N_OCTETS, RSA_MINIMUM_N_BITS): Increased.
* pkcs1.h: Added prototypes for sha512-related functions.
* rsa-sha512-verify.c: New file.
* rsa-sha512-sign.c: New file.
* pkcs1-rsa-sha512.c: New file.
2010-03-22 Niels Mller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added hmac-sha512.c.
......@@ -5,17 +18,17 @@
* testsuite/hmac-test.c (test_main): Added test cases for
hmac-sha512.
* hmac.h: Declare functions SHA-512-related functions.
* hmac.h: Declare functions sha512-related functions.
* hmac-sha512.c (hmac_sha512_set_key): New file.
Basic SHA 512 support.
Basic sha512 support.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added sha512-test.c.
* testsuite/sha512-test.c: New file.
* macros.h (READ_UINT64, WRITE_UINT64): New macros.
* Makefile.in (nettle_SOURCES): Added sha512.c and sha512-meta.c.
* sha.h: Added SHA-512-related declarations.
* sha.h: Added sha512-related declarations.
* nettle-meta.h: Likewise.
* sha512-meta.c: New file.
* sha512.c: New file.
......@@ -402,7 +415,7 @@
* C source files: Don't use WITH_PUBLIC_KEY / WITH_HOGWEED, the
Makefile sorts out which files should be compiled.
* pgp.h: Include bignum.h, don't pretend to work without bignums.
* pgp-encode.c (pgp_put_mpi, pgp_put_public_rsa_key)
......@@ -4132,16 +4145,16 @@
* yarrow256.c: New file, implementing Yarrow. Work in progress.
* sha256.c: New file, implementing SHA-256.
* sha256.c: New file, implementing sha256.
* testsuite/Makefile.am (CFLAGS): Added sha256-test.
* testsuite/sha256-test.m4: New testcases for SHA-256.
* testsuite/sha256-test.m4: New testcases for sha256.
* shadata.c: New file, for generating SHA-256 constants.
* shadata.c: New file, for generating sha256 constants.
* sha.h: Renamed sha1.h to sha.h, and added declarations for
SHA-256.
sha256.
2001-10-05 Niels Mller <nisse@ehand.com>
......@@ -4404,7 +4417,7 @@
* testsuite/des-test.m4: New file.
* Added SHA1 files.
* Added sha1 files.
* Added desCore files.
......
......@@ -75,11 +75,13 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
hogweed_SOURCES = sexp.c sexp-format.c \
sexp-transport.c sexp-transport-format.c \
bignum.c bignum-next-prime.c bignum-random.c sexp2bignum.c \
pkcs1.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c pkcs1-rsa-sha256.c \
pkcs1.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \
rsa.c rsa-sign.c rsa-verify.c \
rsa-md5-sign.c rsa-md5-verify.c \
rsa-sha1-sign.c rsa-sha1-verify.c \
rsa-sha256-sign.c rsa-sha256-verify.c \
rsa-sha512-sign.c rsa-sha512-verify.c \
rsa-encrypt.c rsa-decrypt.c \
rsa-keygen.c rsa-compat.c \
rsa2sexp.c sexp2rsa.c \
......
/* pkcs1-rsa-sha512.c
*
* PKCS stuff for rsa-sha512.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001, 2003, 2006, 2010 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include "rsa.h"
#include "bignum.h"
#include "pkcs1.h"
#include "nettle-internal.h"
/* From RFC 3447, Public-Key Cryptography Standards (PKCS) #1: RSA
* Cryptography Specifications Version 2.1.
*
* id-sha512 OBJECT IDENTIFIER ::=
* {joint-iso-itu-t(2) country(16) us(840) organization(1)
* gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3}
*/
static const uint8_t
sha512_prefix[] =
{
/* 19 octets prefix, 64 octets hash, total 83 */
0x30, 81, /* SEQUENCE */
0x30, 13, /* SEQUENCE */
0x06, 9, /* OBJECT IDENTIFIER */
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
0x05, 0, /* NULL */
0x04, 64 /* OCTET STRING */
/* Here comes the raw hash value, 64 octets */
};
void
pkcs1_rsa_sha512_encode(mpz_t m, unsigned length, struct sha512_ctx *hash)
{
TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
TMP_ALLOC(em, length);
assert(length >= SHA512_DIGEST_SIZE);
pkcs1_signature_prefix(length - SHA512_DIGEST_SIZE, em,
sizeof(sha512_prefix),
sha512_prefix);
sha512_digest(hash, SHA512_DIGEST_SIZE, em + length - SHA512_DIGEST_SIZE);
nettle_mpz_set_str_256_u(m, length, em);
}
void
pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned length, const uint8_t *digest)
{
TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
TMP_ALLOC(em, length);
assert(length >= SHA512_DIGEST_SIZE);
pkcs1_signature_prefix(length - SHA512_DIGEST_SIZE, em,
sizeof(sha512_prefix),
sha512_prefix);
memcpy(em + length - SHA512_DIGEST_SIZE, digest, SHA512_DIGEST_SIZE);
nettle_mpz_set_str_256_u(m, length, em);
}
......@@ -41,10 +41,13 @@ extern "C" {
#define pkcs1_rsa_sha1_encode_digest nettle_pkcs1_rsa_sha1_encode_digest
#define pkcs1_rsa_sha256_encode nettle_pkcs1_rsa_sha256_encode
#define pkcs1_rsa_sha256_encode_digest nettle_pkcs1_rsa_sha256_encode_digest
#define pkcs1_rsa_sha512_encode nettle_pkcs1_rsa_sha512_encode
#define pkcs1_rsa_sha512_encode_digest nettle_pkcs1_rsa_sha512_encode_digest
struct md5_ctx;
struct sha1_ctx;
struct sha256_ctx;
struct sha512_ctx;
void
pkcs1_signature_prefix(unsigned length,
......@@ -70,6 +73,12 @@ pkcs1_rsa_sha256_encode(mpz_t m, unsigned length, struct sha256_ctx *hash);
void
pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned length, const uint8_t *digest);
void
pkcs1_rsa_sha512_encode(mpz_t m, unsigned length, struct sha512_ctx *hash);
void
pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned length, const uint8_t *digest);
#ifdef __cplusplus
}
#endif
......
/* rsa-sha512-sign.c
*
* Signatures using RSA and SHA512.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001, 2003, 2006, 2010 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "rsa.h"
#include "bignum.h"
#include "pkcs1.h"
void
rsa_sha512_sign(const struct rsa_private_key *key,
struct sha512_ctx *hash,
mpz_t s)
{
assert(key->size >= RSA_MINIMUM_N_OCTETS);
pkcs1_rsa_sha512_encode(s, key->size - 1, hash);
rsa_compute_root(key, s, s);
}
void
rsa_sha512_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s)
{
assert(key->size >= RSA_MINIMUM_N_OCTETS);
pkcs1_rsa_sha512_encode_digest(s, key->size - 1, digest);
rsa_compute_root(key, s, s);
}
/* rsa-sha512-verify.c
*
* Verifying signatures created with RSA and SHA512.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001, 2003, 2006, 2010 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "rsa.h"
#include "bignum.h"
#include "pkcs1.h"
int
rsa_sha512_verify(const struct rsa_public_key *key,
struct sha512_ctx *hash,
const mpz_t s)
{
int res;
mpz_t m;
assert(key->size >= RSA_MINIMUM_N_OCTETS);
mpz_init(m);
pkcs1_rsa_sha512_encode(m, key->size - 1, hash);
res = _rsa_verify(key, m, s);
mpz_clear(m);
return res;
}
int
rsa_sha512_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
const mpz_t s)
{
int res;
mpz_t m;
assert(key->size >= RSA_MINIMUM_N_OCTETS);
mpz_init(m);
pkcs1_rsa_sha512_encode_digest(m, key->size - 1, digest);
res = _rsa_verify(key, m, s);
mpz_clear(m);
return res;
}
......@@ -52,12 +52,16 @@ extern "C" {
#define rsa_sha1_verify nettle_rsa_sha1_verify
#define rsa_sha256_sign nettle_rsa_sha256_sign
#define rsa_sha256_verify nettle_rsa_sha256_verify
#define rsa_sha512_sign nettle_rsa_sha512_sign
#define rsa_sha512_verify nettle_rsa_sha512_verify
#define rsa_md5_sign_digest nettle_rsa_md5_sign_digest
#define rsa_md5_verify_digest nettle_rsa_md5_verify_digest
#define rsa_sha1_sign_digest nettle_rsa_sha1_sign_digest
#define rsa_sha1_verify_digest nettle_rsa_sha1_verify_digest
#define rsa_sha256_sign_digest nettle_rsa_sha256_sign_digest
#define rsa_sha256_verify_digest nettle_rsa_sha256_verify_digest
#define rsa_sha512_sign_digest nettle_rsa_sha512_sign_digest
#define rsa_sha512_verify_digest nettle_rsa_sha512_verify_digest
#define rsa_encrypt nettle_rsa_encrypt
#define rsa_decrypt nettle_rsa_decrypt
#define rsa_compute_root nettle_rsa_compute_root
......@@ -75,12 +79,13 @@ extern "C" {
/* For PKCS#1 to make sense, the size of the modulo, in octets, must
* be at least 11 + the length of the DER-encoded Digest Info.
*
* And a DigestInfo is 34 octets for md5, 35 octets for sha1, and 51
* octets for sha256. 62 octets is 496 bits, and as the upper 7 bits
* may be zero, the smallest useful size of n is 489 bits. */
* And a DigestInfo is 34 octets for md5, 35 octets for sha1, 51
* octets for sha256, and 83 octetss for sha512. 94 octets is 752
* bits, and as the upper 7 bits may be zero, the smallest useful size
* of n is 745 bits. */
#define RSA_MINIMUM_N_OCTETS 62
#define RSA_MINIMUM_N_BITS 489
#define RSA_MINIMUM_N_OCTETS 94
#define RSA_MINIMUM_N_BITS (8*RSA_MINIMUM_N_OCTETS - 7)
struct rsa_public_key
{
......@@ -194,6 +199,16 @@ rsa_sha256_verify(const struct rsa_public_key *key,
struct sha256_ctx *hash,
const mpz_t signature);
void
rsa_sha512_sign(const struct rsa_private_key *key,
struct sha512_ctx *hash,
mpz_t signature);
int
rsa_sha512_verify(const struct rsa_public_key *key,
struct sha512_ctx *hash,
const mpz_t signature);
/* Variants taking the digest as argument. */
void
rsa_md5_sign_digest(const struct rsa_private_key *key,
......@@ -225,6 +240,16 @@ rsa_sha256_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
const mpz_t signature);
void
rsa_sha512_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
int
rsa_sha512_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
const mpz_t signature);
/* RSA encryption, using PKCS#1 */
/* These functions uses the v1.5 padding. What should the v2 (OAEP)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment