From 527c0f3708a5f3a098aedda58afdc287a7f8e97c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20M=C3=B6ller?= Date: Sat, 9 Jun 2012 21:55:50 +0200 Subject: [PATCH] General pkcs1 signature interface. --- ChangeLog | 15 ++++++++++++ Makefile.in | 3 ++- pkcs1-rsa-digest.c | 49 ++++++++++++++++++++++++++++++++++++ pkcs1.h | 5 ++++ rsa-pkcs1-sign-tr.c | 60 +++++++++++++++++++++++++++++++++++++++++++++ rsa-pkcs1-sign.c | 49 ++++++++++++++++++++++++++++++++++++ rsa-pkcs1-verify.c | 50 +++++++++++++++++++++++++++++++++++++ rsa.h | 19 ++++++++++++++ 8 files changed, 249 insertions(+), 1 deletion(-) create mode 100644 pkcs1-rsa-digest.c create mode 100644 rsa-pkcs1-sign-tr.c create mode 100644 rsa-pkcs1-sign.c create mode 100644 rsa-pkcs1-verify.c diff --git a/ChangeLog b/ChangeLog index 1ad2e53b..20507374 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,20 @@ 2012-06-09 Niels Möller + General pkcs1 signatures, with a "DigestInfo" input. Suggested by + Nikos Mavrogiannopoulos. + * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-digest.c, + rsa-pkcs1-sign.c, rsa-pkcs1-sign-tr.c, and rsa-pkcs1-verify.c. + + * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): New file and + function. + * pkcs1.h: Declare it. + + * rsa-pkcs1-verify.c (rsa_pkcs1_verify): New file and function. + * rsa-pkcs1-sign.c (rsa_pkcs1_sign): New file and function. + * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): New file and function, + contributed by Nikos Mavrogiannopoulos. + * rsa.h: Declare new functions. + * rsa.h (_rsa_blind, _rsa_unblind): Declare functions. * rsa-blind.c (_rsa_blind, _rsa_unblind): Functions moved to a separate file, renamed and made non-static. Moved from... diff --git a/Makefile.in b/Makefile.in index ba0fdb27..be0de3cd 100644 --- a/Makefile.in +++ b/Makefile.in @@ -100,9 +100,10 @@ hogweed_SOURCES = sexp.c sexp-format.c \ bignum-random.c bignum-random-prime.c \ sexp2bignum.c \ pkcs1.c pkcs1-encrypt.c pkcs1-decrypt.c \ - pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \ + pkcs1-rsa-digest.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \ pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \ rsa.c rsa-sign.c rsa-verify.c \ + rsa-pkcs1-sign.c rsa-pkcs1-sign-tr.c rsa-pkcs1-verify.c \ rsa-md5-sign.c rsa-md5-verify.c \ rsa-sha1-sign.c rsa-sha1-verify.c \ rsa-sha256-sign.c rsa-sha256-verify.c \ diff --git a/pkcs1-rsa-digest.c b/pkcs1-rsa-digest.c new file mode 100644 index 00000000..e84db6d4 --- /dev/null +++ b/pkcs1-rsa-digest.c @@ -0,0 +1,49 @@ +/* pkcs1-rsa-digest.c + * + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2001, 2003, 2012 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "pkcs1.h" + +#include "bignum.h" +#include "nettle-internal.h" + +int +pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size, + unsigned di_length, const uint8_t *digest_info) +{ + TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE); + TMP_ALLOC(em, key_size); + + if (pkcs1_signature_prefix(key_size, em, + di_length, digest_info, 0)) + { + nettle_mpz_set_str_256_u(m, key_size, em); + return 1; + } + else + return 0; +} diff --git a/pkcs1.h b/pkcs1.h index 2f6251e2..27219554 100644 --- a/pkcs1.h +++ b/pkcs1.h @@ -35,6 +35,7 @@ extern "C" { /* Name mangling */ #define pkcs1_signature_prefix nettle_pkcs1_signature_prefix +#define pkcs1_rsa_digest_encode nettle_pkcs1_rsa_digest_encode #define pkcs1_rsa_md5_encode nettle_pkcs1_rsa_md5_encode #define pkcs1_rsa_md5_encode_digest nettle_pkcs1_rsa_md5_encode_digest #define pkcs1_rsa_sha1_encode nettle_pkcs1_rsa_sha1_encode @@ -70,6 +71,10 @@ pkcs1_decrypt (unsigned key_size, const mpz_t m, unsigned *length, uint8_t *message); +int +pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size, + unsigned di_length, const uint8_t *digest_info); + int pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash); diff --git a/rsa-pkcs1-sign-tr.c b/rsa-pkcs1-sign-tr.c new file mode 100644 index 00000000..672b902b --- /dev/null +++ b/rsa-pkcs1-sign-tr.c @@ -0,0 +1,60 @@ +/* rsa-pkcs1-sign-tr.c + * + * Creating timing resistant RSA signatures. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2012 Nikos Mavrogiannopoulos + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "rsa.h" + +#include "pkcs1.h" + +int +rsa_pkcs1_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func random, + unsigned length, const uint8_t *digest_info, + mpz_t s) +{ + mpz_t ri; + + if (pkcs1_rsa_digest_encode (s, key->size, length, digest_info)) + { + mpz_init (ri); + + _rsa_blind (pub, random_ctx, random, s, ri); + rsa_compute_root(key, s, s); + _rsa_unblind (pub, s, ri); + + mpz_clear (ri); + + return 1; + } + else + { + mpz_set_ui(s, 0); + return 0; + } +} diff --git a/rsa-pkcs1-sign.c b/rsa-pkcs1-sign.c new file mode 100644 index 00000000..e9348c9b --- /dev/null +++ b/rsa-pkcs1-sign.c @@ -0,0 +1,49 @@ +/* rsa-pkcs1-sign.c + * + * PKCS#1 version 1.5 signatures. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2012 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "rsa.h" + +#include "pkcs1.h" + +int +rsa_pkcs1_sign(const struct rsa_private_key *key, + unsigned length, const uint8_t *digest_info, + mpz_t s) +{ + if (pkcs1_rsa_digest_encode (s, key->size, length, digest_info)) + { + rsa_compute_root(key, s, s); + return 1; + } + else + { + mpz_set_ui(s, 0); + return 0; + } +} diff --git a/rsa-pkcs1-verify.c b/rsa-pkcs1-verify.c new file mode 100644 index 00000000..4b25aaf3 --- /dev/null +++ b/rsa-pkcs1-verify.c @@ -0,0 +1,50 @@ +/* rsa-pkcs1-sign.c + * + * PKCS#1 version 1.5 signatures. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2012 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "rsa.h" + +#include "pkcs1.h" + +int +rsa_pkcs1_verify(const struct rsa_public_key *key, + unsigned length, const uint8_t *digest_info, + const mpz_t s) +{ + int res; + mpz_t m; + + mpz_init (m); + + res = (pkcs1_rsa_digest_encode (m, key->size, length, digest_info) + && _rsa_verify (key, m, s)); + + mpz_clear(m); + + return res; +} diff --git a/rsa.h b/rsa.h index 1b975ab8..9857b67c 100644 --- a/rsa.h +++ b/rsa.h @@ -43,6 +43,9 @@ extern "C" { #define rsa_private_key_init nettle_rsa_private_key_init #define rsa_private_key_clear nettle_rsa_private_key_clear #define rsa_private_key_prepare nettle_rsa_private_key_prepare +#define rsa_pkcs1_verify nettle_rsa_pkcs1_verify +#define rsa_pkcs1_sign nettle_rsa_pkcs1_sign +#define rsa_pkcs1_sign_tr nettle_rsa_pkcs1_sign_tr #define rsa_md5_sign nettle_rsa_md5_sign #define rsa_md5_verify nettle_rsa_md5_verify #define rsa_sha1_sign nettle_rsa_sha1_sign @@ -168,6 +171,22 @@ rsa_private_key_prepare(struct rsa_private_key *key); /* PKCS#1 style signatures */ +int +rsa_pkcs1_sign(const struct rsa_private_key *key, + unsigned length, const uint8_t *digest_info, + mpz_t s); + +int +rsa_pkcs1_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func random, + unsigned length, const uint8_t *digest_info, + mpz_t s); +int +rsa_pkcs1_verify(const struct rsa_public_key *key, + unsigned length, const uint8_t *digest_info, + const mpz_t signature); + int rsa_md5_sign(const struct rsa_private_key *key, struct md5_ctx *hash, -- GitLab