From 527c0f3708a5f3a098aedda58afdc287a7f8e97c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Sat, 9 Jun 2012 21:55:50 +0200
Subject: [PATCH] General pkcs1 signature interface.
---
ChangeLog | 15 ++++++++++++
Makefile.in | 3 ++-
pkcs1-rsa-digest.c | 49 ++++++++++++++++++++++++++++++++++++
pkcs1.h | 5 ++++
rsa-pkcs1-sign-tr.c | 60 +++++++++++++++++++++++++++++++++++++++++++++
rsa-pkcs1-sign.c | 49 ++++++++++++++++++++++++++++++++++++
rsa-pkcs1-verify.c | 50 +++++++++++++++++++++++++++++++++++++
rsa.h | 19 ++++++++++++++
8 files changed, 249 insertions(+), 1 deletion(-)
create mode 100644 pkcs1-rsa-digest.c
create mode 100644 rsa-pkcs1-sign-tr.c
create mode 100644 rsa-pkcs1-sign.c
create mode 100644 rsa-pkcs1-verify.c
diff --git a/ChangeLog b/ChangeLog
index 1ad2e53b..20507374 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,20 @@
2012-06-09 Niels Möller <nisse@lysator.liu.se>
+ General pkcs1 signatures, with a "DigestInfo" input. Suggested by
+ Nikos Mavrogiannopoulos.
+ * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-digest.c,
+ rsa-pkcs1-sign.c, rsa-pkcs1-sign-tr.c, and rsa-pkcs1-verify.c.
+
+ * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): New file and
+ function.
+ * pkcs1.h: Declare it.
+
+ * rsa-pkcs1-verify.c (rsa_pkcs1_verify): New file and function.
+ * rsa-pkcs1-sign.c (rsa_pkcs1_sign): New file and function.
+ * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): New file and function,
+ contributed by Nikos Mavrogiannopoulos.
+ * rsa.h: Declare new functions.
+
* rsa.h (_rsa_blind, _rsa_unblind): Declare functions.
* rsa-blind.c (_rsa_blind, _rsa_unblind): Functions moved to a
separate file, renamed and made non-static. Moved from...
diff --git a/Makefile.in b/Makefile.in
index ba0fdb27..be0de3cd 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -100,9 +100,10 @@ hogweed_SOURCES = sexp.c sexp-format.c \
bignum-random.c bignum-random-prime.c \
sexp2bignum.c \
pkcs1.c pkcs1-encrypt.c pkcs1-decrypt.c \
- pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
+ pkcs1-rsa-digest.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \
rsa.c rsa-sign.c rsa-verify.c \
+ rsa-pkcs1-sign.c rsa-pkcs1-sign-tr.c rsa-pkcs1-verify.c \
rsa-md5-sign.c rsa-md5-verify.c \
rsa-sha1-sign.c rsa-sha1-verify.c \
rsa-sha256-sign.c rsa-sha256-verify.c \
diff --git a/pkcs1-rsa-digest.c b/pkcs1-rsa-digest.c
new file mode 100644
index 00000000..e84db6d4
--- /dev/null
+++ b/pkcs1-rsa-digest.c
@@ -0,0 +1,49 @@
+/* pkcs1-rsa-digest.c
+ *
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2003, 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "pkcs1.h"
+
+#include "bignum.h"
+#include "nettle-internal.h"
+
+int
+pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size,
+ unsigned di_length, const uint8_t *digest_info)
+{
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ TMP_ALLOC(em, key_size);
+
+ if (pkcs1_signature_prefix(key_size, em,
+ di_length, digest_info, 0))
+ {
+ nettle_mpz_set_str_256_u(m, key_size, em);
+ return 1;
+ }
+ else
+ return 0;
+}
diff --git a/pkcs1.h b/pkcs1.h
index 2f6251e2..27219554 100644
--- a/pkcs1.h
+++ b/pkcs1.h
@@ -35,6 +35,7 @@ extern "C" {
/* Name mangling */
#define pkcs1_signature_prefix nettle_pkcs1_signature_prefix
+#define pkcs1_rsa_digest_encode nettle_pkcs1_rsa_digest_encode
#define pkcs1_rsa_md5_encode nettle_pkcs1_rsa_md5_encode
#define pkcs1_rsa_md5_encode_digest nettle_pkcs1_rsa_md5_encode_digest
#define pkcs1_rsa_sha1_encode nettle_pkcs1_rsa_sha1_encode
@@ -70,6 +71,10 @@ pkcs1_decrypt (unsigned key_size,
const mpz_t m,
unsigned *length, uint8_t *message);
+int
+pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size,
+ unsigned di_length, const uint8_t *digest_info);
+
int
pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash);
diff --git a/rsa-pkcs1-sign-tr.c b/rsa-pkcs1-sign-tr.c
new file mode 100644
index 00000000..672b902b
--- /dev/null
+++ b/rsa-pkcs1-sign-tr.c
@@ -0,0 +1,60 @@
+/* rsa-pkcs1-sign-tr.c
+ *
+ * Creating timing resistant RSA signatures.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Nikos Mavrogiannopoulos
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "rsa.h"
+
+#include "pkcs1.h"
+
+int
+rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func random,
+ unsigned length, const uint8_t *digest_info,
+ mpz_t s)
+{
+ mpz_t ri;
+
+ if (pkcs1_rsa_digest_encode (s, key->size, length, digest_info))
+ {
+ mpz_init (ri);
+
+ _rsa_blind (pub, random_ctx, random, s, ri);
+ rsa_compute_root(key, s, s);
+ _rsa_unblind (pub, s, ri);
+
+ mpz_clear (ri);
+
+ return 1;
+ }
+ else
+ {
+ mpz_set_ui(s, 0);
+ return 0;
+ }
+}
diff --git a/rsa-pkcs1-sign.c b/rsa-pkcs1-sign.c
new file mode 100644
index 00000000..e9348c9b
--- /dev/null
+++ b/rsa-pkcs1-sign.c
@@ -0,0 +1,49 @@
+/* rsa-pkcs1-sign.c
+ *
+ * PKCS#1 version 1.5 signatures.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "rsa.h"
+
+#include "pkcs1.h"
+
+int
+rsa_pkcs1_sign(const struct rsa_private_key *key,
+ unsigned length, const uint8_t *digest_info,
+ mpz_t s)
+{
+ if (pkcs1_rsa_digest_encode (s, key->size, length, digest_info))
+ {
+ rsa_compute_root(key, s, s);
+ return 1;
+ }
+ else
+ {
+ mpz_set_ui(s, 0);
+ return 0;
+ }
+}
diff --git a/rsa-pkcs1-verify.c b/rsa-pkcs1-verify.c
new file mode 100644
index 00000000..4b25aaf3
--- /dev/null
+++ b/rsa-pkcs1-verify.c
@@ -0,0 +1,50 @@
+/* rsa-pkcs1-sign.c
+ *
+ * PKCS#1 version 1.5 signatures.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "rsa.h"
+
+#include "pkcs1.h"
+
+int
+rsa_pkcs1_verify(const struct rsa_public_key *key,
+ unsigned length, const uint8_t *digest_info,
+ const mpz_t s)
+{
+ int res;
+ mpz_t m;
+
+ mpz_init (m);
+
+ res = (pkcs1_rsa_digest_encode (m, key->size, length, digest_info)
+ && _rsa_verify (key, m, s));
+
+ mpz_clear(m);
+
+ return res;
+}
diff --git a/rsa.h b/rsa.h
index 1b975ab8..9857b67c 100644
--- a/rsa.h
+++ b/rsa.h
@@ -43,6 +43,9 @@ extern "C" {
#define rsa_private_key_init nettle_rsa_private_key_init
#define rsa_private_key_clear nettle_rsa_private_key_clear
#define rsa_private_key_prepare nettle_rsa_private_key_prepare
+#define rsa_pkcs1_verify nettle_rsa_pkcs1_verify
+#define rsa_pkcs1_sign nettle_rsa_pkcs1_sign
+#define rsa_pkcs1_sign_tr nettle_rsa_pkcs1_sign_tr
#define rsa_md5_sign nettle_rsa_md5_sign
#define rsa_md5_verify nettle_rsa_md5_verify
#define rsa_sha1_sign nettle_rsa_sha1_sign
@@ -168,6 +171,22 @@ rsa_private_key_prepare(struct rsa_private_key *key);
/* PKCS#1 style signatures */
+int
+rsa_pkcs1_sign(const struct rsa_private_key *key,
+ unsigned length, const uint8_t *digest_info,
+ mpz_t s);
+
+int
+rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func random,
+ unsigned length, const uint8_t *digest_info,
+ mpz_t s);
+int
+rsa_pkcs1_verify(const struct rsa_public_key *key,
+ unsigned length, const uint8_t *digest_info,
+ const mpz_t signature);
+
int
rsa_md5_sign(const struct rsa_private_key *key,
struct md5_ctx *hash,
--
GitLab