Commit 6e0c5d8e authored by Niels Möller's avatar Niels Möller
Browse files

* rsa_md5.c: Represent a signature as an mpz_t, not a string.

Updated calls of md5 functions.
* rsa_sha1.c: Likewise.

* rsa.c (rsa_prepare_public_key): Renamed function, was
rsa_init_public_key.
(rsa_prepare_private_key): Renamed function, was
rsa_init_private_key.

Rev: src/nettle/rsa.c:1.2
Rev: src/nettle/rsa.h:1.3
Rev: src/nettle/rsa_md5.c:1.2
Rev: src/nettle/rsa_sha1.c:1.2
parent 5cb171eb
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
* verify functions. */ * verify functions. */
int int
rsa_init_public_key(struct rsa_public_key *key) rsa_prepare_public_key(struct rsa_public_key *key)
{ {
unsigned size = (mpz_sizeinbase(key->n, 2) + 7) / 8; unsigned size = (mpz_sizeinbase(key->n, 2) + 7) / 8;
...@@ -64,23 +64,22 @@ rsa_init_public_key(struct rsa_public_key *key) ...@@ -64,23 +64,22 @@ rsa_init_public_key(struct rsa_public_key *key)
} }
int int
rsa_init_private_key(struct rsa_private_key *key) rsa_prepare_private_key(struct rsa_private_key *key)
{ {
return rsa_init_public_key(&key->pub); return rsa_prepare_public_key(&key->pub);
} }
#ifndef RSA_CRT #ifndef RSA_CRT
#define RSA_CRT 1 #define RSA_CRT 1
#endif #endif
/* Internal function for computing an rsa root. /* Computing an rsa root.
* *
* NOTE: We don't really need n not e, so we could delete the public * NOTE: We don't really need n not e, so we could drop the public
* key info from struct rsa_private_key. We do need the size, * key info from struct rsa_private_key. */
* though. */
void void
rsa_compute_root(struct rsa_private_key *key, mpz_t x, mpz_t m) rsa_compute_root(struct rsa_private_key *key, mpz_t x, const mpz_t m)
{ {
#if RSA_CRT #if RSA_CRT
{ {
......
...@@ -69,7 +69,7 @@ struct rsa_private_key ...@@ -69,7 +69,7 @@ struct rsa_private_key
* *
* Store the private key in a rsa_private_key struct. * Store the private key in a rsa_private_key struct.
* *
* Call rsa_init_private_key. This initializes the size attribute * Call rsa_prepare_private_key. This initializes the size attribute
* to the length of a signature. * to the length of a signature.
* *
* Initialize a hashing context, by callling * Initialize a hashing context, by callling
...@@ -78,44 +78,46 @@ struct rsa_private_key ...@@ -78,44 +78,46 @@ struct rsa_private_key
* Hash the message by calling * Hash the message by calling
* md5_update * md5_update
* *
* Finally, call * Create the signature by calling
* rsa_md5_sign * rsa_md5_sign
* *
* The final call stores the signature, of length size, in the supplied buffer, * The signature is represented as a mpz_t bignum. This call also
* and resets the hashing context. * resets the hashing context.
*
* When done with the key, don't forget to call mpz_clear.
*/ */
int int
rsa_init_public_key(struct rsa_public_key *key); rsa_prepare_public_key(struct rsa_public_key *key);
int int
rsa_init_private_key(struct rsa_private_key *key); rsa_prepare_private_key(struct rsa_private_key *key);
/* PKCS#1 style signatures */ /* PKCS#1 style signatures */
void void
rsa_md5_sign(struct rsa_private_key *key, rsa_md5_sign(struct rsa_private_key *key,
struct md5_ctx *hash, struct md5_ctx *hash,
uint8_t *signature); mpz_t signature);
int int
rsa_md5_verify(struct rsa_public_key *key, rsa_md5_verify(struct rsa_public_key *key,
struct md5_ctx *hash, struct md5_ctx *hash,
const uint8_t *signature); const mpz_t signature);
void void
rsa_sha1_sign(struct rsa_private_key *key, rsa_sha1_sign(struct rsa_private_key *key,
struct sha1_ctx *hash, struct sha1_ctx *hash,
uint8_t *signature); mpz_t signature);
int int
rsa_sha1_verify(struct rsa_public_key *key, rsa_sha1_verify(struct rsa_public_key *key,
struct sha1_ctx *hash, struct sha1_ctx *hash,
const uint8_t *signature); const mpz_t signature);
/* Compute x, the d:th root of m. Calling it with x == m is allowed. */ /* Compute x, the d:th root of m. Calling it with x == m is allowed. */
void void
rsa_compute_root(struct rsa_private_key *key, mpz_t x, mpz_t m); rsa_compute_root(struct rsa_private_key *key, mpz_t x, const mpz_t m);
#endif /* NETTLE_RSA_H_INCLUDED */ #endif /* NETTLE_RSA_H_INCLUDED */
...@@ -44,42 +44,38 @@ pkcs1_encode_md5(mpz_t m, unsigned length, struct md5_ctx *hash); ...@@ -44,42 +44,38 @@ pkcs1_encode_md5(mpz_t m, unsigned length, struct md5_ctx *hash);
void void
rsa_md5_sign(struct rsa_private_key *key, rsa_md5_sign(struct rsa_private_key *key,
struct md5_ctx *hash, struct md5_ctx *hash,
uint8_t *signature) mpz_t s)
{ {
mpz_t m;
mpz_init(m);
assert(key->pub.size >= 45); assert(key->pub.size >= 45);
pkcs1_encode_md5(m, key->pub.size - 1, hash); pkcs1_encode_md5(s, key->pub.size - 1, hash);
rsa_compute_root(key, m, m);
nettle_mpz_get_str_256(key->pub.size, signature, m);
mpz_clear(m); rsa_compute_root(key, s, s);
} }
int int
rsa_md5_verify(struct rsa_public_key *key, rsa_md5_verify(struct rsa_public_key *key,
struct md5_ctx *hash, struct md5_ctx *hash,
const uint8_t *signature) const mpz_t s)
{ {
int res; int res;
mpz_t m; mpz_t m1;
mpz_t s; mpz_t m2;
mpz_init(m); if ( (mpz_sgn(s) <= 0)
|| (mpz_cmp(s, key->n) >= 0) )
return 0;
mpz_init(m1); mpz_init(m2);
nettle_mpz_init_set_str_256(s, key->size, signature); mpz_powm(m1, s, key->e, key->n);
mpz_powm(s, s, key->e, key->n);
/* FIXME: Is it cheaper to convert s to a string and check that? */ /* FIXME: Is it cheaper to convert m1 to a string and check that? */
pkcs1_encode_md5(m, key->size - 1, hash); pkcs1_encode_md5(m2, key->size - 1, hash);
res = !mpz_cmp(m, s); res = !mpz_cmp(m1, m2);
mpz_clear(m); mpz_clear(s); mpz_clear(m1); mpz_clear(m2);
return res; return res;
} }
...@@ -116,9 +112,7 @@ pkcs1_encode_md5(mpz_t m, unsigned length, struct md5_ctx *hash) ...@@ -116,9 +112,7 @@ pkcs1_encode_md5(mpz_t m, unsigned length, struct md5_ctx *hash)
i = length - MD5_DIGEST_SIZE; i = length - MD5_DIGEST_SIZE;
md5_final(hash);
md5_digest(hash, MD5_DIGEST_SIZE, em + i); md5_digest(hash, MD5_DIGEST_SIZE, em + i);
md5_init(hash);
assert(i >= sizeof(md5_prefix)); assert(i >= sizeof(md5_prefix));
......
...@@ -44,43 +44,39 @@ pkcs1_encode_sha1(mpz_t m, unsigned length, struct sha1_ctx *hash); ...@@ -44,43 +44,39 @@ pkcs1_encode_sha1(mpz_t m, unsigned length, struct sha1_ctx *hash);
void void
rsa_sha1_sign(struct rsa_private_key *key, rsa_sha1_sign(struct rsa_private_key *key,
struct sha1_ctx *hash, struct sha1_ctx *hash,
uint8_t *signature) mpz_t s)
{ {
mpz_t m;
mpz_init(m);
assert(key->pub.size >= 45); assert(key->pub.size >= 45);
pkcs1_encode_sha1(m, key->pub.size - 1, hash); pkcs1_encode_sha1(s, key->pub.size - 1, hash);
rsa_compute_root(key, m, m);
nettle_mpz_get_str_256(key->pub.size, signature, m);
mpz_clear(m); rsa_compute_root(key, s, s);
} }
int int
rsa_sha1_verify(struct rsa_public_key *key, rsa_sha1_verify(struct rsa_public_key *key,
struct sha1_ctx *hash, struct sha1_ctx *hash,
const uint8_t *signature) const mpz_t s)
{ {
int res; int res;
mpz_t m; mpz_t m1;
mpz_t s; mpz_t m2;
mpz_init(m); if ( (mpz_sgn(s) <= 0)
|| (mpz_cmp(s, key->n) >= 0) )
return 0;
mpz_init(m1); mpz_init(m2);
nettle_mpz_init_set_str_256(s, key->size, signature); mpz_powm(m1, s, key->e, key->n);
mpz_powm(s, s, key->e, key->n);
/* FIXME: Is it cheaper to convert s to a string and check that? */ /* FIXME: Is it cheaper to convert s to a string and check that? */
pkcs1_encode_sha1(m, key->size - 1, hash); pkcs1_encode_sha1(m2, key->size - 1, hash);
res = !mpz_cmp(m, s); res = !mpz_cmp(m1, m2);
mpz_clear(m); mpz_clear(s);
mpz_clear(m1); mpz_clear(m2);
return res; return res;
} }
...@@ -118,9 +114,7 @@ pkcs1_encode_sha1(mpz_t m, unsigned length, struct sha1_ctx *hash) ...@@ -118,9 +114,7 @@ pkcs1_encode_sha1(mpz_t m, unsigned length, struct sha1_ctx *hash)
i = length - SHA1_DIGEST_SIZE; i = length - SHA1_DIGEST_SIZE;
sha1_final(hash);
sha1_digest(hash, SHA1_DIGEST_SIZE, em + i); sha1_digest(hash, SHA1_DIGEST_SIZE, em + i);
sha1_init(hash);
assert(i >= sizeof(sha1_prefix)); assert(i >= sizeof(sha1_prefix));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment