Commit 5e6440f0 authored by Niels Möller's avatar Niels Möller

* rsa_md5.c, rsa_sha1.c: Deleted files, contents spread over

several files for signing and verification.
* rsa-sign.c, rsa-sha1-verify.c, rsa-sha1-sign.c,
rsa-md5-verify.c, rsa-md5-sign.c:  New files.

* rsa-sha1-verify.c (rsa_sha1_verify_digest): New function.
* rsa-sha1-sign.c (rsa_sha1_sign_digest):  New function.
* rsa-md5-verify.c (rsa_md5_verify_digest):  New function.
* rsa-md5-sign.c (rsa_md5_sign_digest):  New function.
* rsa-verify.c (_rsa_verify): New file, new function.

* rsa.c (_rsa_check_size): Renamed from rsa_check_size, and made
non-static. Private key functions moved to rsa-sign.c.

Rev: src/nettle/rsa-md5-sign.c:1.1
Rev: src/nettle/rsa-md5-verify.c:1.1
Rev: src/nettle/rsa-sha1-sign.c:1.1
Rev: src/nettle/rsa-sha1-verify.c:1.1
Rev: src/nettle/rsa-sign.c:1.1
Rev: src/nettle/rsa-verify.c:1.1
Rev: src/nettle/rsa.c:1.10
Rev: src/nettle/rsa.h:1.18
parent 97453327
/* rsa-md5-sign.c
*
* Signatures using RSA and MD5.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001, 2003 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#if WITH_PUBLIC_KEY
#include "rsa.h"
#include "bignum.h"
#include "pkcs1.h"
#include <assert.h>
void
rsa_md5_sign(const struct rsa_private_key *key,
struct md5_ctx *hash,
mpz_t s)
{
assert(key->size >= RSA_MINIMUM_N_OCTETS);
pkcs1_rsa_md5_encode(s, key->size - 1, hash);
rsa_compute_root(key, s, s);
}
void
rsa_md5_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s)
{
assert(key->size >= RSA_MINIMUM_N_OCTETS);
pkcs1_rsa_md5_encode_digest(s, key->size - 1, digest);
rsa_compute_root(key, s, s);
}
#endif /* WITH_PUBLIC_KEY */
/* rsa-md5-verify.c
*
* Verifying signatures created with RSA and MD5.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001, 2003 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#if WITH_PUBLIC_KEY
#include "rsa.h"
#include "bignum.h"
#include "pkcs1.h"
#include <assert.h>
int
rsa_md5_verify(const struct rsa_public_key *key,
struct md5_ctx *hash,
const mpz_t s)
{
int res;
mpz_t m;
assert(key->size >= RSA_MINIMUM_N_OCTETS);
mpz_init(m);
pkcs1_rsa_md5_encode(m, key->size - 1, hash);
res = _rsa_verify(key, m, s);
mpz_clear(m);
return res;
}
int
rsa_md5_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
const mpz_t s)
{
int res;
mpz_t m;
assert(key->size >= RSA_MINIMUM_N_OCTETS);
mpz_init(m);
pkcs1_rsa_md5_encode_digest(m, key->size - 1, digest);
res = _rsa_verify(key, m, s);
mpz_clear(m);
return res;
}
#endif /* WITH_PUBLIC_KEY */
/* rsa-sha1-sign.c
*
* Signatures using RSA and SHA1.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001, 2003 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#if WITH_PUBLIC_KEY
#include "rsa.h"
#include "bignum.h"
#include "pkcs1.h"
#include <assert.h>
void
rsa_sha1_sign(const struct rsa_private_key *key,
struct sha1_ctx *hash,
mpz_t s)
{
assert(key->size >= RSA_MINIMUM_N_OCTETS);
pkcs1_rsa_sha1_encode(s, key->size - 1, hash);
rsa_compute_root(key, s, s);
}
void
rsa_sha1_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s)
{
assert(key->size >= RSA_MINIMUM_N_OCTETS);
pkcs1_rsa_sha1_encode_digest(s, key->size - 1, digest);
rsa_compute_root(key, s, s);
}
#endif /* WITH_PUBLIC_KEY */
/* rsa-sha1-verify.c
*
* Verifying signatures created with RSA and SHA1.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001, 2003 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#if WITH_PUBLIC_KEY
#include "rsa.h"
#include "bignum.h"
#include "pkcs1.h"
#include <assert.h>
int
rsa_sha1_verify(const struct rsa_public_key *key,
struct sha1_ctx *hash,
const mpz_t s)
{
int res;
mpz_t m;
assert(key->size >= RSA_MINIMUM_N_OCTETS);
mpz_init(m);
pkcs1_rsa_sha1_encode(m, key->size - 1, hash);
res = _rsa_verify(key, m, s);
mpz_clear(m);
return res;
}
int
rsa_sha1_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
const mpz_t s)
{
int res;
mpz_t m;
assert(key->size >= RSA_MINIMUM_N_OCTETS);
mpz_init(m);
pkcs1_rsa_sha1_encode_digest(m, key->size - 1, digest);
res = _rsa_verify(key, m, s);
mpz_clear(m);
return res;
}
#endif /* WITH_PUBLIC_KEY */
/* rsa-sign.c
*
* Creating RSA signatures.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001, 2003 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#if WITH_PUBLIC_KEY
#include "rsa.h"
#include "bignum.h"
void
rsa_init_private_key(struct rsa_private_key *key)
{
mpz_init(key->d);
mpz_init(key->p);
mpz_init(key->q);
mpz_init(key->a);
mpz_init(key->b);
mpz_init(key->c);
/* Not really necessary, but it seems cleaner to initialize all the
* storage. */
key->size = 0;
}
void
rsa_clear_private_key(struct rsa_private_key *key)
{
mpz_clear(key->d);
mpz_clear(key->p);
mpz_clear(key->q);
mpz_clear(key->a);
mpz_clear(key->b);
mpz_clear(key->c);
}
int
rsa_prepare_private_key(struct rsa_private_key *key)
{
/* FIXME: Add further sanity checks. */
mpz_t n;
/* The size of the product is the sum of the sizes of the factors,
* or sometimes one less. It's possible but tricky to compute the
* size without computing the full product. */
mpz_init(n);
mpz_mul(n, key->p, key->q);
key->size = _rsa_check_size(n);
mpz_clear(n);
return (key->size > 0);
}
/* Computing an rsa root. */
void
rsa_compute_root(const struct rsa_private_key *key,
mpz_t x, const mpz_t m)
{
mpz_t xp; /* modulo p */
mpz_t xq; /* modulo q */
mpz_init(xp); mpz_init(xq);
/* Compute xq = m^d % q = (m%q)^b % q */
mpz_fdiv_r(xq, m, key->q);
mpz_powm(xq, xq, key->b, key->q);
/* Compute xp = m^d % p = (m%p)^a % p */
mpz_fdiv_r(xp, m, key->p);
mpz_powm(xp, xp, key->a, key->p);
/* Set xp' = (xp - xq) c % p. */
mpz_sub(xp, xp, xq);
mpz_mul(xp, xp, key->c);
mpz_fdiv_r(xp, xp, key->p);
/* Finally, compute x = xq + q xp'
*
* To prove that this works, note that
*
* xp = x + i p,
* xq = x + j q,
* c q = 1 + k p
*
* for some integers i, j and k. Now, for some integer l,
*
* xp' = (xp - xq) c + l p
* = (x + i p - (x + j q)) c + l p
* = (i p - j q) c + l p
* = (i c + l) p - j (c q)
* = (i c + l) p - j (1 + kp)
* = (i c + l - j k) p - j
*
* which shows that xp' = -j (mod p). We get
*
* xq + q xp' = x + j q + (i c + l - j k) p q - j q
* = x + (i c + l - j k) p q
*
* so that
*
* xq + q xp' = x (mod pq)
*
* We also get 0 <= xq + q xp' < p q, because
*
* 0 <= xq < q and 0 <= xp' < p.
*/
mpz_mul(x, key->q, xp);
mpz_add(x, x, xq);
mpz_clear(xp); mpz_clear(xq);
}
#endif /* WITH_PUBLIC_KEY */
/* rsa-verify.c
*
* Verifying RSA signatures.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2001, 2003 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#if WITH_PUBLIC_KEY
#include "rsa.h"
#include "bignum.h"
int
_rsa_verify(const struct rsa_public_key *key,
const mpz_t m,
const mpz_t s)
{
int res;
mpz_t m1;
if ( (mpz_sgn(s) <= 0)
|| (mpz_cmp(s, key->n) >= 0) )
return 0;
mpz_init(m1);
mpz_powm(m1, s, key->e, key->n);
/* FIXME: Is it cheaper to convert m1 to a string and check that? */
res = !mpz_cmp(m, m1);
mpz_clear(m1);
return res;
}
#endif /* WITH_PUBLIC_KEY */
......@@ -55,11 +55,11 @@ rsa_clear_public_key(struct rsa_public_key *key)
mpz_clear(key->e);
}
/* Computes the size, in octets, of a size BITS modulo.
* Returns 0 if the modulo is too small to be useful. */
/* Computes the size, in octets, of a the modulo. Returns 0 if the
* modulo is too small to be useful. */
static unsigned
rsa_check_size(mpz_t n)
unsigned
_rsa_check_size(mpz_t n)
{
/* Round upwards */
unsigned size = (mpz_sizeinbase(n, 2) + 7) / 8;
......@@ -80,115 +80,9 @@ rsa_prepare_public_key(struct rsa_public_key *key)
return 0;
#endif
key->size = rsa_check_size(key->n);
key->size = _rsa_check_size(key->n);
return (key->size > 0);
}
void
rsa_init_private_key(struct rsa_private_key *key)
{
mpz_init(key->d);
mpz_init(key->p);
mpz_init(key->q);
mpz_init(key->a);
mpz_init(key->b);
mpz_init(key->c);
/* Not really necessary, but it seems cleaner to initialize all the
* storage. */
key->size = 0;
}
void
rsa_clear_private_key(struct rsa_private_key *key)
{
mpz_clear(key->d);
mpz_clear(key->p);
mpz_clear(key->q);
mpz_clear(key->a);
mpz_clear(key->b);
mpz_clear(key->c);
}
int
rsa_prepare_private_key(struct rsa_private_key *key)
{
/* FIXME: Add further sanity checks. */
mpz_t n;
/* The size of the product is the sum of the sizes of the factors,
* or sometimes one less. It's possible but tricky to compute the
* size without computing the full product. */
mpz_init(n);
mpz_mul(n, key->p, key->q);
key->size = rsa_check_size(n);
mpz_clear(n);
return (key->size > 0);
}
/* Computing an rsa root. */
void
rsa_compute_root(const struct rsa_private_key *key,
mpz_t x, const mpz_t m)
{
mpz_t xp; /* modulo p */
mpz_t xq; /* modulo q */
mpz_init(xp); mpz_init(xq);
/* Compute xq = m^d % q = (m%q)^b % q */
mpz_fdiv_r(xq, m, key->q);
mpz_powm(xq, xq, key->b, key->q);
/* Compute xp = m^d % p = (m%p)^a % p */
mpz_fdiv_r(xp, m, key->p);
mpz_powm(xp, xp, key->a, key->p);
/* Set xp' = (xp - xq) c % p. */
mpz_sub(xp, xp, xq);
mpz_mul(xp, xp, key->c);
mpz_fdiv_r(xp, xp, key->p);
/* Finally, compute x = xq + q xp'
*
* To prove that this works, note that
*
* xp = x + i p,
* xq = x + j q,
* c q = 1 + k p
*
* for some integers i, j and k. Now, for some integer l,
*
* xp' = (xp - xq) c + l p
* = (x + i p - (x + j q)) c + l p
* = (i p - j q) c + l p
* = (i c + l) p - j (c q)
* = (i c + l) p - j (1 + kp)
* = (i c + l - j k) p - j
*
* which shows that xp' = -j (mod p). We get
*
* xq + q xp' = x + j q + (i c + l - j k) p q - j q
* = x + (i c + l - j k) p q
*
* so that
*
* xq + q xp' = x (mod pq)
*
* We also get 0 <= xq + q xp' < p q, because
*
* 0 <= xq < q and 0 <= xp' < p.
*/
mpz_mul(x, key->q, xp);
mpz_add(x, x, xq);
mpz_clear(xp); mpz_clear(xq);
}
#endif /* WITH_PUBLIC_KEY */
......@@ -153,6 +153,27 @@ rsa_sha1_verify(const struct rsa_public_key *key,
struct sha1_ctx *hash,
const mpz_t signature);
/* Variants taking the digest as argument. */
void
rsa_md5_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
int
rsa_md5_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
const mpz_t signature);
void
rsa_sha1_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
int
rsa_sha1_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
const mpz_t signature);
/* RSA encryption, using PKCS#1 */
/* FIXME: These functions uses the v1.5 padding. What should the v2
......@@ -177,7 +198,6 @@ rsa_decrypt(const struct rsa_private_key *key,
unsigned *length, uint8_t *cleartext,
const mpz_t ciphertext);
/* Compute x, the e:th root of m. Calling it with x == m is allowed. */
void
rsa_compute_root(const struct rsa_private_key *key,
......@@ -250,4 +270,13 @@ rsa_keypair_to_openpgp(struct nettle_buffer *buffer,
/* A single user id. NUL-terminated utf8. */
const char userid);
/* Internal functions. */
int
_rsa_verify(const struct rsa_public_key *key,
const mpz_t m,
const mpz_t s);
unsigned
_rsa_check_size(mpz_t n);
#endif /* NETTLE_RSA_H_INCLUDED */
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment