diff --git a/ChangeLog b/ChangeLog
index 2ff02f5c9907ceba1a70b550cf4c760628724fe5..70cc1c28ed068b87e756f6be774edffdc94cf234 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2015-09-17 Niels Möller <nisse@lysator.liu.se>
+
+ * rsa-md5-sign-tr.c (rsa_md5_sign_tr, rsa_md5_sign_digest_tr): New
+ file, new functions.
+ * rsa-sha1-sign-tr.c (rsa_sha1_sign_tr, rsa_sha1_sign_digest_tr):
+ Likewise.
+ * rsa-sha256-sign-tr.c (rsa_sha256_sign_tr)
+ (rsa_sha256_sign_digest_tr): Likewise.
+ * rsa-sha512-sign-tr.c (rsa_sha512_sign_tr)
+ (rsa_sha512_sign_digest_tr): Likewise.
+ * rsa.h: Added corresponding prototypes.
+ * Makefile.in (hogweed_SOURCES): Added new files.
+
2015-09-14 Niels Möller <nisse@lysator.liu.se>
* rsa-decrypt-tr.c (rsa_decrypt_tr): Use rsa_compute_root_tr.
diff --git a/Makefile.in b/Makefile.in
index 03f1177ce7b29b1dbebfc62e2c5e91c446370db9..9d47552b8e96f4c6dd350e13a9466b35de693fa9 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -146,10 +146,10 @@ hogweed_SOURCES = sexp.c sexp-format.c \
pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \
rsa.c rsa-sign.c rsa-sign-tr.c rsa-verify.c \
rsa-pkcs1-sign.c rsa-pkcs1-sign-tr.c rsa-pkcs1-verify.c \
- rsa-md5-sign.c rsa-md5-verify.c \
- rsa-sha1-sign.c rsa-sha1-verify.c \
- rsa-sha256-sign.c rsa-sha256-verify.c \
- rsa-sha512-sign.c rsa-sha512-verify.c \
+ rsa-md5-sign.c rsa-md5-sign-tr.c rsa-md5-verify.c \
+ rsa-sha1-sign.c rsa-sha1-sign-tr.c rsa-sha1-verify.c \
+ rsa-sha256-sign.c rsa-sha256-sign-tr.c rsa-sha256-verify.c \
+ rsa-sha512-sign.c rsa-sha512-sign-tr.c rsa-sha512-verify.c \
rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \
rsa-keygen.c rsa-blind.c \
rsa2sexp.c sexp2rsa.c \
diff --git a/rsa-md5-sign-tr.c b/rsa-md5-sign-tr.c
new file mode 100644
index 0000000000000000000000000000000000000000..318d5390ff5e87a517920b60b9431f6ee981a646
--- /dev/null
+++ b/rsa-md5-sign-tr.c
@@ -0,0 +1,81 @@
+/* rsa-md5-sign-tr.c
+
+ Signatures using RSA and MD5.
+
+ Copyright (C) 2001, 2003, 2015 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+int
+rsa_md5_sign_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ struct md5_ctx *hash, mpz_t s)
+{
+ mpz_t m;
+ int res;
+
+ mpz_init (m);
+ res = (pkcs1_rsa_md5_encode(m, key->size, hash)
+ && rsa_compute_root_tr (pub, key,
+ random_ctx, random,
+ s, m));
+ mpz_clear (m);
+ return res;
+}
+
+int
+rsa_md5_sign_digest_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ const uint8_t *digest, mpz_t s)
+{
+ mpz_t m;
+ int res;
+
+ mpz_init (m);
+
+ res = (pkcs1_rsa_md5_encode_digest(m, key->size, digest)
+ && rsa_compute_root_tr (pub, key,
+ random_ctx, random,
+ s, m));
+
+ mpz_clear (m);
+ return res;
+}
diff --git a/rsa-sha1-sign-tr.c b/rsa-sha1-sign-tr.c
new file mode 100644
index 0000000000000000000000000000000000000000..707acdeca657102fea5fda3734ba4693f0d6c0f4
--- /dev/null
+++ b/rsa-sha1-sign-tr.c
@@ -0,0 +1,83 @@
+/* rsa-sha1-sign-tr.c
+
+ Signatures using RSA and SHA1.
+
+ Copyright (C) 2001, 2003, 2015 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+int
+rsa_sha1_sign_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ struct sha1_ctx *hash,
+ mpz_t s)
+{
+ mpz_t m;
+ int res;
+
+ mpz_init (m);
+ res = (pkcs1_rsa_sha1_encode(m, key->size, hash)
+ && rsa_compute_root_tr (pub, key,
+ random_ctx, random,
+ s, m));
+ mpz_clear (m);
+ return res;
+}
+
+int
+rsa_sha1_sign_digest_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ const uint8_t *digest,
+ mpz_t s)
+{
+ mpz_t m;
+ int res;
+
+ mpz_init (m);
+
+ res = (pkcs1_rsa_sha1_encode_digest(m, key->size, digest)
+ && rsa_compute_root_tr (pub, key,
+ random_ctx, random,
+ s, m));
+
+ mpz_clear (m);
+ return res;
+}
diff --git a/rsa-sha256-sign-tr.c b/rsa-sha256-sign-tr.c
new file mode 100644
index 0000000000000000000000000000000000000000..4179af8f5838c669b011eb142efa01803d6eb8e7
--- /dev/null
+++ b/rsa-sha256-sign-tr.c
@@ -0,0 +1,83 @@
+/* rsa-sha256-sign-tr.c
+
+ Signatures using RSA and SHA256.
+
+ Copyright (C) 2001, 2003, 2015 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+int
+rsa_sha256_sign_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ struct sha256_ctx *hash,
+ mpz_t s)
+{
+ mpz_t m;
+ int res;
+
+ mpz_init (m);
+ res = (pkcs1_rsa_sha256_encode(m, key->size, hash)
+ && rsa_compute_root_tr (pub, key,
+ random_ctx, random,
+ s, m));
+ mpz_clear (m);
+ return res;
+}
+
+int
+rsa_sha256_sign_digest_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ const uint8_t *digest,
+ mpz_t s)
+{
+ mpz_t m;
+ int res;
+
+ mpz_init (m);
+
+ res = (pkcs1_rsa_sha256_encode_digest(m, key->size, digest)
+ && rsa_compute_root_tr (pub, key,
+ random_ctx, random,
+ s, m));
+
+ mpz_clear (m);
+ return res;
+}
diff --git a/rsa-sha512-sign-tr.c b/rsa-sha512-sign-tr.c
new file mode 100644
index 0000000000000000000000000000000000000000..158b80f2ad1f7fce54f582968d3fd64e05d51f30
--- /dev/null
+++ b/rsa-sha512-sign-tr.c
@@ -0,0 +1,83 @@
+/* rsa-sha512-sign-tr.c
+
+ Signatures using RSA and SHA512.
+
+ Copyright (C) 2001, 2003, 2015 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+int
+rsa_sha512_sign_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ struct sha512_ctx *hash,
+ mpz_t s)
+{
+ mpz_t m;
+ int res;
+
+ mpz_init (m);
+ res = (pkcs1_rsa_sha512_encode(m, key->size, hash)
+ && rsa_compute_root_tr (pub, key,
+ random_ctx, random,
+ s, m));
+ mpz_clear (m);
+ return res;
+}
+
+int
+rsa_sha512_sign_digest_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ const uint8_t *digest,
+ mpz_t s)
+{
+ mpz_t m;
+ int res;
+
+ mpz_init (m);
+
+ res = (pkcs1_rsa_sha512_encode_digest(m, key->size, digest)
+ && rsa_compute_root_tr (pub, key,
+ random_ctx, random,
+ s, m));
+
+ mpz_clear (m);
+ return res;
+}
diff --git a/rsa.h b/rsa.h
index 7d50ad908550f9e081eb18eebdb5ec1e32c84596..aefef4b2a7e77b0ed1a8df54af319127033dc0f6 100644
--- a/rsa.h
+++ b/rsa.h
@@ -56,20 +56,28 @@ extern "C" {
#define rsa_pkcs1_sign nettle_rsa_pkcs1_sign
#define rsa_pkcs1_sign_tr nettle_rsa_pkcs1_sign_tr
#define rsa_md5_sign nettle_rsa_md5_sign
+#define rsa_md5_sign_tr nettle_rsa_md5_sign_tr
#define rsa_md5_verify nettle_rsa_md5_verify
#define rsa_sha1_sign nettle_rsa_sha1_sign
+#define rsa_sha1_sign_tr nettle_rsa_sha1_sign_tr
#define rsa_sha1_verify nettle_rsa_sha1_verify
#define rsa_sha256_sign nettle_rsa_sha256_sign
+#define rsa_sha256_sign_tr nettle_rsa_sha256_sign_tr
#define rsa_sha256_verify nettle_rsa_sha256_verify
#define rsa_sha512_sign nettle_rsa_sha512_sign
+#define rsa_sha512_sign_tr nettle_rsa_sha512_sign_tr
#define rsa_sha512_verify nettle_rsa_sha512_verify
#define rsa_md5_sign_digest nettle_rsa_md5_sign_digest
+#define rsa_md5_sign_digest_tr nettle_rsa_md5_sign_digest_tr
#define rsa_md5_verify_digest nettle_rsa_md5_verify_digest
#define rsa_sha1_sign_digest nettle_rsa_sha1_sign_digest
+#define rsa_sha1_sign_digest_tr nettle_rsa_sha1_sign_digest_tr
#define rsa_sha1_verify_digest nettle_rsa_sha1_verify_digest
#define rsa_sha256_sign_digest nettle_rsa_sha256_sign_digest
+#define rsa_sha256_sign_digest_tr nettle_rsa_sha256_sign_digest_tr
#define rsa_sha256_verify_digest nettle_rsa_sha256_verify_digest
#define rsa_sha512_sign_digest nettle_rsa_sha512_sign_digest
+#define rsa_sha512_sign_digest_tr nettle_rsa_sha512_sign_digest_tr
#define rsa_sha512_verify_digest nettle_rsa_sha512_verify_digest
#define rsa_encrypt nettle_rsa_encrypt
#define rsa_decrypt nettle_rsa_decrypt
@@ -202,6 +210,12 @@ rsa_md5_sign(const struct rsa_private_key *key,
struct md5_ctx *hash,
mpz_t signature);
+int
+rsa_md5_sign_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ struct md5_ctx *hash, mpz_t s);
+
int
rsa_md5_verify(const struct rsa_public_key *key,
@@ -213,6 +227,13 @@ rsa_sha1_sign(const struct rsa_private_key *key,
struct sha1_ctx *hash,
mpz_t signature);
+int
+rsa_sha1_sign_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ struct sha1_ctx *hash,
+ mpz_t s);
+
int
rsa_sha1_verify(const struct rsa_public_key *key,
struct sha1_ctx *hash,
@@ -223,6 +244,13 @@ rsa_sha256_sign(const struct rsa_private_key *key,
struct sha256_ctx *hash,
mpz_t signature);
+int
+rsa_sha256_sign_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ struct sha256_ctx *hash,
+ mpz_t s);
+
int
rsa_sha256_verify(const struct rsa_public_key *key,
struct sha256_ctx *hash,
@@ -233,6 +261,13 @@ rsa_sha512_sign(const struct rsa_private_key *key,
struct sha512_ctx *hash,
mpz_t signature);
+int
+rsa_sha512_sign_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ struct sha512_ctx *hash,
+ mpz_t s);
+
int
rsa_sha512_verify(const struct rsa_public_key *key,
struct sha512_ctx *hash,
@@ -244,6 +279,12 @@ rsa_md5_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
+int
+rsa_md5_sign_digest_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ const uint8_t *digest, mpz_t s);
+
int
rsa_md5_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
@@ -254,6 +295,13 @@ rsa_sha1_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
+int
+rsa_sha1_sign_digest_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ const uint8_t *digest,
+ mpz_t s);
+
int
rsa_sha1_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
@@ -264,6 +312,13 @@ rsa_sha256_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
+int
+rsa_sha256_sign_digest_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ const uint8_t *digest,
+ mpz_t s);
+
int
rsa_sha256_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
@@ -274,6 +329,13 @@ rsa_sha512_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
+int
+rsa_sha512_sign_digest_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ const uint8_t *digest,
+ mpz_t s);
+
int
rsa_sha512_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,