Commit 6e0c5d8e authored by Niels Möller's avatar Niels Möller

* rsa_md5.c: Represent a signature as an mpz_t, not a string.

Updated calls of md5 functions.
* rsa_sha1.c: Likewise.

* rsa.c (rsa_prepare_public_key): Renamed function, was
rsa_init_public_key.
(rsa_prepare_private_key): Renamed function, was
rsa_init_private_key.

Rev: src/nettle/rsa.c:1.2
Rev: src/nettle/rsa.h:1.3
Rev: src/nettle/rsa_md5.c:1.2
Rev: src/nettle/rsa_sha1.c:1.2
parent 5cb171eb
......@@ -38,7 +38,7 @@
* verify functions. */
int
rsa_init_public_key(struct rsa_public_key *key)
rsa_prepare_public_key(struct rsa_public_key *key)
{
unsigned size = (mpz_sizeinbase(key->n, 2) + 7) / 8;
......@@ -64,23 +64,22 @@ rsa_init_public_key(struct rsa_public_key *key)
}
int
rsa_init_private_key(struct rsa_private_key *key)
rsa_prepare_private_key(struct rsa_private_key *key)
{
return rsa_init_public_key(&key->pub);
return rsa_prepare_public_key(&key->pub);
}
#ifndef RSA_CRT
#define RSA_CRT 1
#endif
/* Internal function for computing an rsa root.
/* Computing an rsa root.
*
* NOTE: We don't really need n not e, so we could delete the public
* key info from struct rsa_private_key. We do need the size,
* though. */
* NOTE: We don't really need n not e, so we could drop the public
* key info from struct rsa_private_key. */
void
rsa_compute_root(struct rsa_private_key *key, mpz_t x, mpz_t m)
rsa_compute_root(struct rsa_private_key *key, mpz_t x, const mpz_t m)
{
#if RSA_CRT
{
......
......@@ -69,7 +69,7 @@ struct rsa_private_key
*
* Store the private key in a rsa_private_key struct.
*
* Call rsa_init_private_key. This initializes the size attribute
* Call rsa_prepare_private_key. This initializes the size attribute
* to the length of a signature.
*
* Initialize a hashing context, by callling
......@@ -78,44 +78,46 @@ struct rsa_private_key
* Hash the message by calling
* md5_update
*
* Finally, call
* Create the signature by calling
* rsa_md5_sign
*
* The final call stores the signature, of length size, in the supplied buffer,
* and resets the hashing context.
* The signature is represented as a mpz_t bignum. This call also
* resets the hashing context.
*
* When done with the key, don't forget to call mpz_clear.
*/
int
rsa_init_public_key(struct rsa_public_key *key);
rsa_prepare_public_key(struct rsa_public_key *key);
int
rsa_init_private_key(struct rsa_private_key *key);
rsa_prepare_private_key(struct rsa_private_key *key);
/* PKCS#1 style signatures */
void
rsa_md5_sign(struct rsa_private_key *key,
struct md5_ctx *hash,
uint8_t *signature);
mpz_t signature);
int
rsa_md5_verify(struct rsa_public_key *key,
struct md5_ctx *hash,
const uint8_t *signature);
const mpz_t signature);
void
rsa_sha1_sign(struct rsa_private_key *key,
struct sha1_ctx *hash,
uint8_t *signature);
mpz_t signature);
int
rsa_sha1_verify(struct rsa_public_key *key,
struct sha1_ctx *hash,
const uint8_t *signature);
const mpz_t signature);
/* Compute x, the d:th root of m. Calling it with x == m is allowed. */
void
rsa_compute_root(struct rsa_private_key *key, mpz_t x, mpz_t m);
rsa_compute_root(struct rsa_private_key *key, mpz_t x, const mpz_t m);
#endif /* NETTLE_RSA_H_INCLUDED */
......@@ -44,42 +44,38 @@ pkcs1_encode_md5(mpz_t m, unsigned length, struct md5_ctx *hash);
void
rsa_md5_sign(struct rsa_private_key *key,
struct md5_ctx *hash,
uint8_t *signature)
mpz_t s)
{
mpz_t m;
mpz_init(m);
assert(key->pub.size >= 45);
pkcs1_encode_md5(m, key->pub.size - 1, hash);
rsa_compute_root(key, m, m);
nettle_mpz_get_str_256(key->pub.size, signature, m);
pkcs1_encode_md5(s, key->pub.size - 1, hash);
mpz_clear(m);
rsa_compute_root(key, s, s);
}
int
rsa_md5_verify(struct rsa_public_key *key,
struct md5_ctx *hash,
const uint8_t *signature)
const mpz_t s)
{
int res;
mpz_t m;
mpz_t s;
mpz_init(m);
mpz_t m1;
mpz_t m2;
if ( (mpz_sgn(s) <= 0)
|| (mpz_cmp(s, key->n) >= 0) )
return 0;
mpz_init(m1); mpz_init(m2);
nettle_mpz_init_set_str_256(s, key->size, signature);
mpz_powm(s, s, key->e, key->n);
mpz_powm(m1, s, key->e, key->n);
/* FIXME: Is it cheaper to convert s to a string and check that? */
pkcs1_encode_md5(m, key->size - 1, hash);
res = !mpz_cmp(m, s);
/* FIXME: Is it cheaper to convert m1 to a string and check that? */
pkcs1_encode_md5(m2, key->size - 1, hash);
res = !mpz_cmp(m1, m2);
mpz_clear(m); mpz_clear(s);
mpz_clear(m1); mpz_clear(m2);
return res;
}
......@@ -116,9 +112,7 @@ pkcs1_encode_md5(mpz_t m, unsigned length, struct md5_ctx *hash)
i = length - MD5_DIGEST_SIZE;
md5_final(hash);
md5_digest(hash, MD5_DIGEST_SIZE, em + i);
md5_init(hash);
assert(i >= sizeof(md5_prefix));
......
......@@ -44,43 +44,39 @@ pkcs1_encode_sha1(mpz_t m, unsigned length, struct sha1_ctx *hash);
void
rsa_sha1_sign(struct rsa_private_key *key,
struct sha1_ctx *hash,
uint8_t *signature)
mpz_t s)
{
mpz_t m;
mpz_init(m);
assert(key->pub.size >= 45);
pkcs1_encode_sha1(m, key->pub.size - 1, hash);
rsa_compute_root(key, m, m);
nettle_mpz_get_str_256(key->pub.size, signature, m);
pkcs1_encode_sha1(s, key->pub.size - 1, hash);
mpz_clear(m);
rsa_compute_root(key, s, s);
}
int
rsa_sha1_verify(struct rsa_public_key *key,
struct sha1_ctx *hash,
const uint8_t *signature)
const mpz_t s)
{
int res;
mpz_t m;
mpz_t s;
mpz_t m1;
mpz_t m2;
mpz_init(m);
if ( (mpz_sgn(s) <= 0)
|| (mpz_cmp(s, key->n) >= 0) )
return 0;
mpz_init(m1); mpz_init(m2);
nettle_mpz_init_set_str_256(s, key->size, signature);
mpz_powm(s, s, key->e, key->n);
mpz_powm(m1, s, key->e, key->n);
/* FIXME: Is it cheaper to convert s to a string and check that? */
pkcs1_encode_sha1(m, key->size - 1, hash);
res = !mpz_cmp(m, s);
mpz_clear(m); mpz_clear(s);
pkcs1_encode_sha1(m2, key->size - 1, hash);
res = !mpz_cmp(m1, m2);
mpz_clear(m1); mpz_clear(m2);
return res;
}
......@@ -118,9 +114,7 @@ pkcs1_encode_sha1(mpz_t m, unsigned length, struct sha1_ctx *hash)
i = length - SHA1_DIGEST_SIZE;
sha1_final(hash);
sha1_digest(hash, SHA1_DIGEST_SIZE, em + i);
sha1_init(hash);
assert(i >= sizeof(sha1_prefix));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment