diff options
author | Niels Möller <nisse@lysator.liu.se> | 2015-09-17 21:18:11 +0200 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2015-09-17 21:18:11 +0200 |
commit | dc03f267483e8fc7aa10316db9fbb60235d83461 (patch) | |
tree | 5f79e5432485c2ba3817ff368f69b3f00d2550fb | |
parent | 58b6701c98a67160c960083ccca940ad33699c4f (diff) | |
download | nettle-dc03f267483e8fc7aa10316db9fbb60235d83461.tar.gz |
Additional rsa signature functions using crt-har.
-rw-r--r-- | ChangeLog | 15 | ||||
-rw-r--r-- | Makefile.in | 8 | ||||
-rw-r--r-- | rsa-md5-sign-tr.c | 81 | ||||
-rw-r--r-- | rsa-sha1-sign-tr.c | 83 | ||||
-rw-r--r-- | rsa-sha256-sign-tr.c | 83 | ||||
-rw-r--r-- | rsa-sha512-sign-tr.c | 83 | ||||
-rw-r--r-- | rsa.h | 62 | ||||
-rw-r--r-- | testsuite/testutils.c | 86 |
8 files changed, 454 insertions, 47 deletions
@@ -1,3 +1,18 @@ +2015-09-17 Niels Möller <nisse@lysator.liu.se> + + * rsa-md5-sign-tr.c (rsa_md5_sign_tr, rsa_md5_sign_digest_tr): New + file, new functions. + * rsa-sha1-sign-tr.c (rsa_sha1_sign_tr, rsa_sha1_sign_digest_tr): + Likewise. + * rsa-sha256-sign-tr.c (rsa_sha256_sign_tr) + (rsa_sha256_sign_digest_tr): Likewise. + * rsa-sha512-sign-tr.c (rsa_sha512_sign_tr) + (rsa_sha512_sign_digest_tr): Likewise. + * rsa.h: Added corresponding prototypes. + * Makefile.in (hogweed_SOURCES): Added new files. + * testsuite/testutils.c (SIGN): Extend macro to test new + functions, and the rsa_*_sign_digest functions. Updated callers. + 2015-09-14 Niels Möller <nisse@lysator.liu.se> * rsa-sign-tr.c (rsa_blind, rsa_unblind): Moved here, made static, diff --git a/Makefile.in b/Makefile.in index ac24f27c..bda83829 100644 --- a/Makefile.in +++ b/Makefile.in @@ -146,10 +146,10 @@ hogweed_SOURCES = sexp.c sexp-format.c \ pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \ rsa.c rsa-sign.c rsa-sign-tr.c rsa-verify.c \ rsa-pkcs1-sign.c rsa-pkcs1-sign-tr.c rsa-pkcs1-verify.c \ - rsa-md5-sign.c rsa-md5-verify.c \ - rsa-sha1-sign.c rsa-sha1-verify.c \ - rsa-sha256-sign.c rsa-sha256-verify.c \ - rsa-sha512-sign.c rsa-sha512-verify.c \ + rsa-md5-sign.c rsa-md5-sign-tr.c rsa-md5-verify.c \ + rsa-sha1-sign.c rsa-sha1-sign-tr.c rsa-sha1-verify.c \ + rsa-sha256-sign.c rsa-sha256-sign-tr.c rsa-sha256-verify.c \ + rsa-sha512-sign.c rsa-sha512-sign-tr.c rsa-sha512-verify.c \ rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \ rsa-keygen.c \ rsa2sexp.c sexp2rsa.c \ diff --git a/rsa-md5-sign-tr.c b/rsa-md5-sign-tr.c new file mode 100644 index 00000000..318d5390 --- /dev/null +++ b/rsa-md5-sign-tr.c @@ -0,0 +1,81 @@ +/* rsa-md5-sign-tr.c + + Signatures using RSA and MD5. + + Copyright (C) 2001, 2003, 2015 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "rsa.h" + +#include "bignum.h" +#include "pkcs1.h" + +int +rsa_md5_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct md5_ctx *hash, mpz_t s) +{ + mpz_t m; + int res; + + mpz_init (m); + res = (pkcs1_rsa_md5_encode(m, key->size, hash) + && rsa_compute_root_tr (pub, key, + random_ctx, random, + s, m)); + mpz_clear (m); + return res; +} + +int +rsa_md5_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, mpz_t s) +{ + mpz_t m; + int res; + + mpz_init (m); + + res = (pkcs1_rsa_md5_encode_digest(m, key->size, digest) + && rsa_compute_root_tr (pub, key, + random_ctx, random, + s, m)); + + mpz_clear (m); + return res; +} diff --git a/rsa-sha1-sign-tr.c b/rsa-sha1-sign-tr.c new file mode 100644 index 00000000..707acdec --- /dev/null +++ b/rsa-sha1-sign-tr.c @@ -0,0 +1,83 @@ +/* rsa-sha1-sign-tr.c + + Signatures using RSA and SHA1. + + Copyright (C) 2001, 2003, 2015 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "rsa.h" + +#include "bignum.h" +#include "pkcs1.h" + +int +rsa_sha1_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct sha1_ctx *hash, + mpz_t s) +{ + mpz_t m; + int res; + + mpz_init (m); + res = (pkcs1_rsa_sha1_encode(m, key->size, hash) + && rsa_compute_root_tr (pub, key, + random_ctx, random, + s, m)); + mpz_clear (m); + return res; +} + +int +rsa_sha1_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, + mpz_t s) +{ + mpz_t m; + int res; + + mpz_init (m); + + res = (pkcs1_rsa_sha1_encode_digest(m, key->size, digest) + && rsa_compute_root_tr (pub, key, + random_ctx, random, + s, m)); + + mpz_clear (m); + return res; +} diff --git a/rsa-sha256-sign-tr.c b/rsa-sha256-sign-tr.c new file mode 100644 index 00000000..4179af8f --- /dev/null +++ b/rsa-sha256-sign-tr.c @@ -0,0 +1,83 @@ +/* rsa-sha256-sign-tr.c + + Signatures using RSA and SHA256. + + Copyright (C) 2001, 2003, 2015 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "rsa.h" + +#include "bignum.h" +#include "pkcs1.h" + +int +rsa_sha256_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct sha256_ctx *hash, + mpz_t s) +{ + mpz_t m; + int res; + + mpz_init (m); + res = (pkcs1_rsa_sha256_encode(m, key->size, hash) + && rsa_compute_root_tr (pub, key, + random_ctx, random, + s, m)); + mpz_clear (m); + return res; +} + +int +rsa_sha256_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, + mpz_t s) +{ + mpz_t m; + int res; + + mpz_init (m); + + res = (pkcs1_rsa_sha256_encode_digest(m, key->size, digest) + && rsa_compute_root_tr (pub, key, + random_ctx, random, + s, m)); + + mpz_clear (m); + return res; +} diff --git a/rsa-sha512-sign-tr.c b/rsa-sha512-sign-tr.c new file mode 100644 index 00000000..158b80f2 --- /dev/null +++ b/rsa-sha512-sign-tr.c @@ -0,0 +1,83 @@ +/* rsa-sha512-sign-tr.c + + Signatures using RSA and SHA512. + + Copyright (C) 2001, 2003, 2015 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "rsa.h" + +#include "bignum.h" +#include "pkcs1.h" + +int +rsa_sha512_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct sha512_ctx *hash, + mpz_t s) +{ + mpz_t m; + int res; + + mpz_init (m); + res = (pkcs1_rsa_sha512_encode(m, key->size, hash) + && rsa_compute_root_tr (pub, key, + random_ctx, random, + s, m)); + mpz_clear (m); + return res; +} + +int +rsa_sha512_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, + mpz_t s) +{ + mpz_t m; + int res; + + mpz_init (m); + + res = (pkcs1_rsa_sha512_encode_digest(m, key->size, digest) + && rsa_compute_root_tr (pub, key, + random_ctx, random, + s, m)); + + mpz_clear (m); + return res; +} @@ -56,20 +56,28 @@ extern "C" { #define rsa_pkcs1_sign nettle_rsa_pkcs1_sign #define rsa_pkcs1_sign_tr nettle_rsa_pkcs1_sign_tr #define rsa_md5_sign nettle_rsa_md5_sign +#define rsa_md5_sign_tr nettle_rsa_md5_sign_tr #define rsa_md5_verify nettle_rsa_md5_verify #define rsa_sha1_sign nettle_rsa_sha1_sign +#define rsa_sha1_sign_tr nettle_rsa_sha1_sign_tr #define rsa_sha1_verify nettle_rsa_sha1_verify #define rsa_sha256_sign nettle_rsa_sha256_sign +#define rsa_sha256_sign_tr nettle_rsa_sha256_sign_tr #define rsa_sha256_verify nettle_rsa_sha256_verify #define rsa_sha512_sign nettle_rsa_sha512_sign +#define rsa_sha512_sign_tr nettle_rsa_sha512_sign_tr #define rsa_sha512_verify nettle_rsa_sha512_verify #define rsa_md5_sign_digest nettle_rsa_md5_sign_digest +#define rsa_md5_sign_digest_tr nettle_rsa_md5_sign_digest_tr #define rsa_md5_verify_digest nettle_rsa_md5_verify_digest #define rsa_sha1_sign_digest nettle_rsa_sha1_sign_digest +#define rsa_sha1_sign_digest_tr nettle_rsa_sha1_sign_digest_tr #define rsa_sha1_verify_digest nettle_rsa_sha1_verify_digest #define rsa_sha256_sign_digest nettle_rsa_sha256_sign_digest +#define rsa_sha256_sign_digest_tr nettle_rsa_sha256_sign_digest_tr #define rsa_sha256_verify_digest nettle_rsa_sha256_verify_digest #define rsa_sha512_sign_digest nettle_rsa_sha512_sign_digest +#define rsa_sha512_sign_digest_tr nettle_rsa_sha512_sign_digest_tr #define rsa_sha512_verify_digest nettle_rsa_sha512_verify_digest #define rsa_encrypt nettle_rsa_encrypt #define rsa_decrypt nettle_rsa_decrypt @@ -200,6 +208,12 @@ rsa_md5_sign(const struct rsa_private_key *key, struct md5_ctx *hash, mpz_t signature); +int +rsa_md5_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct md5_ctx *hash, mpz_t s); + int rsa_md5_verify(const struct rsa_public_key *key, @@ -212,6 +226,13 @@ rsa_sha1_sign(const struct rsa_private_key *key, mpz_t signature); int +rsa_sha1_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct sha1_ctx *hash, + mpz_t s); + +int rsa_sha1_verify(const struct rsa_public_key *key, struct sha1_ctx *hash, const mpz_t signature); @@ -222,6 +243,13 @@ rsa_sha256_sign(const struct rsa_private_key *key, mpz_t signature); int +rsa_sha256_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct sha256_ctx *hash, + mpz_t s); + +int rsa_sha256_verify(const struct rsa_public_key *key, struct sha256_ctx *hash, const mpz_t signature); @@ -232,6 +260,13 @@ rsa_sha512_sign(const struct rsa_private_key *key, mpz_t signature); int +rsa_sha512_sign_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct sha512_ctx *hash, + mpz_t s); + +int rsa_sha512_verify(const struct rsa_public_key *key, struct sha512_ctx *hash, const mpz_t signature); @@ -243,6 +278,12 @@ rsa_md5_sign_digest(const struct rsa_private_key *key, mpz_t s); int +rsa_md5_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, mpz_t s); + +int rsa_md5_verify_digest(const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature); @@ -253,6 +294,13 @@ rsa_sha1_sign_digest(const struct rsa_private_key *key, mpz_t s); int +rsa_sha1_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, + mpz_t s); + +int rsa_sha1_verify_digest(const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature); @@ -263,6 +311,13 @@ rsa_sha256_sign_digest(const struct rsa_private_key *key, mpz_t s); int +rsa_sha256_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, + mpz_t s); + +int rsa_sha256_verify_digest(const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature); @@ -273,6 +328,13 @@ rsa_sha512_sign_digest(const struct rsa_private_key *key, mpz_t s); int +rsa_sha512_sign_digest_tr(const struct rsa_public_key *pub, + const struct rsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, + mpz_t s); + +int rsa_sha512_verify_digest(const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature); diff --git a/testsuite/testutils.c b/testsuite/testutils.c index 1ef04c98..36efe855 100644 --- a/testsuite/testutils.c +++ b/testsuite/testutils.c @@ -663,9 +663,33 @@ xalloc_limbs (mp_size_t n) return xalloc (n * sizeof (mp_limb_t)); } -#define SIGN(key, hash, msg, signature) do { \ - hash##_update(&hash, LDATA(msg)); \ - ASSERT(rsa_##hash##_sign(key, &hash, signature)); \ +/* Expects local variables pub, key, rstate, digest, signature */ +#define SIGN(hash, msg, expected) do { \ + hash##_update(&hash, LDATA(msg)); \ + ASSERT(rsa_##hash##_sign(key, &hash, signature)); \ + if (verbose) \ + { \ + fprintf(stderr, "rsa-%s signature: ", #hash); \ + mpz_out_str(stderr, 16, signature); \ + fprintf(stderr, "\n"); \ + } \ + ASSERT(mpz_cmp (signature, expected) == 0); \ + \ + hash##_update(&hash, LDATA(msg)); \ + ASSERT(rsa_##hash##_sign_tr(pub, key, &rstate, \ + (nettle_random_func *) knuth_lfib_random, \ + &hash, signature)); \ + ASSERT(mpz_cmp (signature, expected) == 0); \ + \ + hash##_update(&hash, LDATA(msg)); \ + hash##_digest(&hash, sizeof(digest), digest); \ + ASSERT(rsa_##hash##_sign_digest(key, digest, signature)); \ + ASSERT(mpz_cmp (signature, expected) == 0); \ + \ + ASSERT(rsa_##hash##_sign_digest_tr(pub, key, &rstate, \ + (nettle_random_func *)knuth_lfib_random, \ + digest, signature)); \ + ASSERT(mpz_cmp (signature, expected) == 0); \ } while(0) #define VERIFY(key, hash, msg, signature) ( \ @@ -770,22 +794,16 @@ test_rsa_md5(struct rsa_public_key *pub, mpz_t expected) { struct md5_ctx md5; + struct knuth_lfib_ctx rstate; + uint8_t digest[MD5_DIGEST_SIZE]; mpz_t signature; md5_init(&md5); mpz_init(signature); - - SIGN(key, md5, "The magic words are squeamish ossifrage", signature); + knuth_lfib_init (&rstate, 15); - if (verbose) - { - fprintf(stderr, "rsa-md5 signature: "); - mpz_out_str(stderr, 16, signature); - fprintf(stderr, "\n"); - } + SIGN(md5, "The magic words are squeamish ossifrage", expected); - ASSERT (mpz_cmp(signature, expected) == 0); - /* Try bad data */ ASSERT (!VERIFY(pub, md5, "The magick words are squeamish ossifrage", signature)); @@ -808,22 +826,16 @@ test_rsa_sha1(struct rsa_public_key *pub, mpz_t expected) { struct sha1_ctx sha1; + struct knuth_lfib_ctx rstate; + uint8_t digest[SHA1_DIGEST_SIZE]; mpz_t signature; sha1_init(&sha1); mpz_init(signature); + knuth_lfib_init (&rstate, 16); - SIGN(key, sha1, "The magic words are squeamish ossifrage", signature); + SIGN(sha1, "The magic words are squeamish ossifrage", expected); - if (verbose) - { - fprintf(stderr, "rsa-sha1 signature: "); - mpz_out_str(stderr, 16, signature); - fprintf(stderr, "\n"); - } - - ASSERT (mpz_cmp(signature, expected) == 0); - /* Try bad data */ ASSERT (!VERIFY(pub, sha1, "The magick words are squeamish ossifrage", signature)); @@ -846,22 +858,16 @@ test_rsa_sha256(struct rsa_public_key *pub, mpz_t expected) { struct sha256_ctx sha256; + struct knuth_lfib_ctx rstate; + uint8_t digest[SHA256_DIGEST_SIZE]; mpz_t signature; sha256_init(&sha256); mpz_init(signature); + knuth_lfib_init (&rstate, 17); - SIGN(key, sha256, "The magic words are squeamish ossifrage", signature); + SIGN(sha256, "The magic words are squeamish ossifrage", expected); - if (verbose) - { - fprintf(stderr, "rsa-sha256 signature: "); - mpz_out_str(stderr, 16, signature); - fprintf(stderr, "\n"); - } - - ASSERT (mpz_cmp(signature, expected) == 0); - /* Try bad data */ ASSERT (!VERIFY(pub, sha256, "The magick words are squeamish ossifrage", signature)); @@ -884,22 +890,16 @@ test_rsa_sha512(struct rsa_public_key *pub, mpz_t expected) { struct sha512_ctx sha512; + struct knuth_lfib_ctx rstate; + uint8_t digest[SHA512_DIGEST_SIZE]; mpz_t signature; sha512_init(&sha512); mpz_init(signature); + knuth_lfib_init (&rstate, 18); - SIGN(key, sha512, "The magic words are squeamish ossifrage", signature); + SIGN(sha512, "The magic words are squeamish ossifrage", expected); - if (verbose) - { - fprintf(stderr, "rsa-sha512 signature: "); - mpz_out_str(stderr, 16, signature); - fprintf(stderr, "\n"); - } - - ASSERT (mpz_cmp(signature, expected) == 0); - /* Try bad data */ ASSERT (!VERIFY(pub, sha512, "The magick words are squeamish ossifrage", signature)); |