Additional rsa signature functions using crt-har.

8 files changed, 454 insertions, 47 deletions

diff --git a/ChangeLog b/ChangeLog
index c57b6f7e..c3fe41c8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,18 @@
+2015-09-17  Niels Möller  <nisse@lysator.liu.se>
+
+	* rsa-md5-sign-tr.c (rsa_md5_sign_tr, rsa_md5_sign_digest_tr): New
+	file, new functions.
+	* rsa-sha1-sign-tr.c (rsa_sha1_sign_tr, rsa_sha1_sign_digest_tr):
+	Likewise.
+	* rsa-sha256-sign-tr.c (rsa_sha256_sign_tr)
+	(rsa_sha256_sign_digest_tr): Likewise.
+	* rsa-sha512-sign-tr.c (rsa_sha512_sign_tr)
+	(rsa_sha512_sign_digest_tr): Likewise.
+	* rsa.h: Added corresponding prototypes.
+	* Makefile.in (hogweed_SOURCES): Added new files.
+	* testsuite/testutils.c (SIGN): Extend macro to test new
+	functions, and the rsa_*_sign_digest functions. Updated callers.
+
 2015-09-14  Niels Möller  <nisse@lysator.liu.se>
 
 	* rsa-sign-tr.c (rsa_blind, rsa_unblind): Moved here, made static,
diff --git a/Makefile.in b/Makefile.in
index ac24f27c..bda83829 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -146,10 +146,10 @@ hogweed_SOURCES = sexp.c sexp-format.c \
 		  pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \
 		  rsa.c rsa-sign.c rsa-sign-tr.c rsa-verify.c \
 		  rsa-pkcs1-sign.c rsa-pkcs1-sign-tr.c rsa-pkcs1-verify.c \
-		  rsa-md5-sign.c rsa-md5-verify.c \
-		  rsa-sha1-sign.c rsa-sha1-verify.c \
-		  rsa-sha256-sign.c rsa-sha256-verify.c \
-		  rsa-sha512-sign.c rsa-sha512-verify.c \
+		  rsa-md5-sign.c rsa-md5-sign-tr.c rsa-md5-verify.c \
+		  rsa-sha1-sign.c rsa-sha1-sign-tr.c rsa-sha1-verify.c \
+		  rsa-sha256-sign.c rsa-sha256-sign-tr.c rsa-sha256-verify.c \
+		  rsa-sha512-sign.c rsa-sha512-sign-tr.c rsa-sha512-verify.c \
 		  rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \
 		  rsa-keygen.c \
 		  rsa2sexp.c sexp2rsa.c \
diff --git a/rsa-md5-sign-tr.c b/rsa-md5-sign-tr.c
new file mode 100644
index 00000000..318d5390
--- /dev/null
+++ b/rsa-md5-sign-tr.c
@@ -0,0 +1,81 @@
+/* rsa-md5-sign-tr.c
+
+   Signatures using RSA and MD5.
+
+   Copyright (C) 2001, 2003, 2015 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+int
+rsa_md5_sign_tr(const struct rsa_public_key *pub,
+		const struct rsa_private_key *key,
+		void *random_ctx, nettle_random_func *random,
+		struct md5_ctx *hash, mpz_t s)
+{
+  mpz_t m;
+  int res;
+
+  mpz_init (m);
+  res = (pkcs1_rsa_md5_encode(m, key->size, hash)
+	 && rsa_compute_root_tr (pub, key,
+				 random_ctx, random,
+				 s, m));
+  mpz_clear (m);
+  return res;
+}
+
+int
+rsa_md5_sign_digest_tr(const struct rsa_public_key *pub,
+		       const struct rsa_private_key *key,
+		       void *random_ctx, nettle_random_func *random,
+		       const uint8_t *digest, mpz_t s)
+{
+  mpz_t m;
+  int res;
+
+  mpz_init (m);
+
+  res = (pkcs1_rsa_md5_encode_digest(m, key->size, digest)
+	 && rsa_compute_root_tr (pub, key,
+				 random_ctx, random,
+				 s, m));
+
+  mpz_clear (m);
+  return res;
+}
diff --git a/rsa-sha1-sign-tr.c b/rsa-sha1-sign-tr.c
new file mode 100644
index 00000000..707acdec
--- /dev/null
+++ b/rsa-sha1-sign-tr.c
@@ -0,0 +1,83 @@
+/* rsa-sha1-sign-tr.c
+
+   Signatures using RSA and SHA1.
+
+   Copyright (C) 2001, 2003, 2015 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+int
+rsa_sha1_sign_tr(const struct rsa_public_key *pub,
+		 const struct rsa_private_key *key,
+		 void *random_ctx, nettle_random_func *random,
+		 struct sha1_ctx *hash,
+		 mpz_t s)
+{
+  mpz_t m;
+  int res;
+
+  mpz_init (m);
+  res = (pkcs1_rsa_sha1_encode(m, key->size, hash)
+	 && rsa_compute_root_tr (pub, key,
+				 random_ctx, random,
+				 s, m));
+  mpz_clear (m);
+  return res;
+}
+
+int
+rsa_sha1_sign_digest_tr(const struct rsa_public_key *pub,
+			const struct rsa_private_key *key,
+			void *random_ctx, nettle_random_func *random,
+			const uint8_t *digest,
+			mpz_t s)
+{
+  mpz_t m;
+  int res;
+
+  mpz_init (m);
+
+  res = (pkcs1_rsa_sha1_encode_digest(m, key->size, digest)
+	 && rsa_compute_root_tr (pub, key,
+				 random_ctx, random,
+				 s, m));
+
+  mpz_clear (m);
+  return res;
+}
diff --git a/rsa-sha256-sign-tr.c b/rsa-sha256-sign-tr.c
new file mode 100644
index 00000000..4179af8f
--- /dev/null
+++ b/rsa-sha256-sign-tr.c
@@ -0,0 +1,83 @@
+/* rsa-sha256-sign-tr.c
+
+   Signatures using RSA and SHA256.
+
+   Copyright (C) 2001, 2003, 2015 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+int
+rsa_sha256_sign_tr(const struct rsa_public_key *pub,
+		   const struct rsa_private_key *key,
+		   void *random_ctx, nettle_random_func *random,
+		   struct sha256_ctx *hash,
+		   mpz_t s)
+{
+  mpz_t m;
+  int res;
+
+  mpz_init (m);
+  res = (pkcs1_rsa_sha256_encode(m, key->size, hash)
+	 && rsa_compute_root_tr (pub, key,
+				 random_ctx, random,
+				 s, m));
+  mpz_clear (m);
+  return res;
+}
+
+int
+rsa_sha256_sign_digest_tr(const struct rsa_public_key *pub,
+			  const struct rsa_private_key *key,
+			  void *random_ctx, nettle_random_func *random,
+			  const uint8_t *digest,
+			  mpz_t s)
+{
+  mpz_t m;
+  int res;
+
+  mpz_init (m);
+
+  res = (pkcs1_rsa_sha256_encode_digest(m, key->size, digest)
+	 && rsa_compute_root_tr (pub, key,
+				 random_ctx, random,
+				 s, m));
+
+  mpz_clear (m);
+  return res;
+}
diff --git a/rsa-sha512-sign-tr.c b/rsa-sha512-sign-tr.c
new file mode 100644
index 00000000..158b80f2
--- /dev/null
+++ b/rsa-sha512-sign-tr.c
@@ -0,0 +1,83 @@
+/* rsa-sha512-sign-tr.c
+
+   Signatures using RSA and SHA512.
+
+   Copyright (C) 2001, 2003, 2015 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+int
+rsa_sha512_sign_tr(const struct rsa_public_key *pub,
+		   const struct rsa_private_key *key,
+		   void *random_ctx, nettle_random_func *random,
+		   struct sha512_ctx *hash,
+		   mpz_t s)
+{
+  mpz_t m;
+  int res;
+
+  mpz_init (m);
+  res = (pkcs1_rsa_sha512_encode(m, key->size, hash)
+	 && rsa_compute_root_tr (pub, key,
+				 random_ctx, random,
+				 s, m));
+  mpz_clear (m);
+  return res;
+}
+
+int
+rsa_sha512_sign_digest_tr(const struct rsa_public_key *pub,
+			  const struct rsa_private_key *key,
+			  void *random_ctx, nettle_random_func *random,
+			  const uint8_t *digest,
+			  mpz_t s)
+{
+  mpz_t m;
+  int res;
+
+  mpz_init (m);
+
+  res = (pkcs1_rsa_sha512_encode_digest(m, key->size, digest)
+	 && rsa_compute_root_tr (pub, key,
+				 random_ctx, random,
+				 s, m));
+
+  mpz_clear (m);
+  return res;
+}
diff --git a/rsa.h b/rsa.h
index 3b5a68a9..539bb44d 100644
--- a/rsa.h
+++ b/rsa.h
@@ -56,20 +56,28 @@ extern "C" {
 #define rsa_pkcs1_sign nettle_rsa_pkcs1_sign
 #define rsa_pkcs1_sign_tr nettle_rsa_pkcs1_sign_tr
 #define rsa_md5_sign nettle_rsa_md5_sign
+#define rsa_md5_sign_tr nettle_rsa_md5_sign_tr
 #define rsa_md5_verify nettle_rsa_md5_verify
 #define rsa_sha1_sign nettle_rsa_sha1_sign
+#define rsa_sha1_sign_tr nettle_rsa_sha1_sign_tr
 #define rsa_sha1_verify nettle_rsa_sha1_verify
 #define rsa_sha256_sign nettle_rsa_sha256_sign
+#define rsa_sha256_sign_tr nettle_rsa_sha256_sign_tr
 #define rsa_sha256_verify nettle_rsa_sha256_verify
 #define rsa_sha512_sign nettle_rsa_sha512_sign
+#define rsa_sha512_sign_tr nettle_rsa_sha512_sign_tr
 #define rsa_sha512_verify nettle_rsa_sha512_verify
 #define rsa_md5_sign_digest nettle_rsa_md5_sign_digest
+#define rsa_md5_sign_digest_tr nettle_rsa_md5_sign_digest_tr
 #define rsa_md5_verify_digest nettle_rsa_md5_verify_digest
 #define rsa_sha1_sign_digest nettle_rsa_sha1_sign_digest
+#define rsa_sha1_sign_digest_tr nettle_rsa_sha1_sign_digest_tr
 #define rsa_sha1_verify_digest nettle_rsa_sha1_verify_digest
 #define rsa_sha256_sign_digest nettle_rsa_sha256_sign_digest
+#define rsa_sha256_sign_digest_tr nettle_rsa_sha256_sign_digest_tr
 #define rsa_sha256_verify_digest nettle_rsa_sha256_verify_digest
 #define rsa_sha512_sign_digest nettle_rsa_sha512_sign_digest
+#define rsa_sha512_sign_digest_tr nettle_rsa_sha512_sign_digest_tr
 #define rsa_sha512_verify_digest nettle_rsa_sha512_verify_digest
 #define rsa_encrypt nettle_rsa_encrypt
 #define rsa_decrypt nettle_rsa_decrypt
@@ -200,6 +208,12 @@ rsa_md5_sign(const struct rsa_private_key *key,
              struct md5_ctx *hash,
              mpz_t signature);
 
+int
+rsa_md5_sign_tr(const struct rsa_public_key *pub,
+		const struct rsa_private_key *key,
+		void *random_ctx, nettle_random_func *random,
+		struct md5_ctx *hash, mpz_t s);
+
 
 int
 rsa_md5_verify(const struct rsa_public_key *key,
@@ -212,6 +226,13 @@ rsa_sha1_sign(const struct rsa_private_key *key,
               mpz_t signature);
 
 int
+rsa_sha1_sign_tr(const struct rsa_public_key *pub,
+		 const struct rsa_private_key *key,
+		 void *random_ctx, nettle_random_func *random,
+		 struct sha1_ctx *hash,
+		 mpz_t s);
+
+int
 rsa_sha1_verify(const struct rsa_public_key *key,
                 struct sha1_ctx *hash,
 		const mpz_t signature);
@@ -222,6 +243,13 @@ rsa_sha256_sign(const struct rsa_private_key *key,
 		mpz_t signature);
 
 int
+rsa_sha256_sign_tr(const struct rsa_public_key *pub,
+		   const struct rsa_private_key *key,
+		   void *random_ctx, nettle_random_func *random,
+		   struct sha256_ctx *hash,
+		   mpz_t s);
+
+int
 rsa_sha256_verify(const struct rsa_public_key *key,
 		  struct sha256_ctx *hash,
 		  const mpz_t signature);
@@ -232,6 +260,13 @@ rsa_sha512_sign(const struct rsa_private_key *key,
 		mpz_t signature);
 
 int
+rsa_sha512_sign_tr(const struct rsa_public_key *pub,
+		   const struct rsa_private_key *key,
+		   void *random_ctx, nettle_random_func *random,
+		   struct sha512_ctx *hash,
+		   mpz_t s);
+
+int
 rsa_sha512_verify(const struct rsa_public_key *key,
 		  struct sha512_ctx *hash,
 		  const mpz_t signature);
@@ -243,6 +278,12 @@ rsa_md5_sign_digest(const struct rsa_private_key *key,
 		    mpz_t s);
 
 int
+rsa_md5_sign_digest_tr(const struct rsa_public_key *pub,
+		       const struct rsa_private_key *key,
+		       void *random_ctx, nettle_random_func *random,
+		       const uint8_t *digest, mpz_t s);
+
+int
 rsa_md5_verify_digest(const struct rsa_public_key *key,
 		      const uint8_t *digest,
 		      const mpz_t signature);
@@ -253,6 +294,13 @@ rsa_sha1_sign_digest(const struct rsa_private_key *key,
 		     mpz_t s);
 
 int
+rsa_sha1_sign_digest_tr(const struct rsa_public_key *pub,
+			const struct rsa_private_key *key,
+			void *random_ctx, nettle_random_func *random,
+			const uint8_t *digest,
+			mpz_t s);
+
+int
 rsa_sha1_verify_digest(const struct rsa_public_key *key,
 		       const uint8_t *digest,
 		       const mpz_t signature);
@@ -263,6 +311,13 @@ rsa_sha256_sign_digest(const struct rsa_private_key *key,
 		       mpz_t s);
 
 int
+rsa_sha256_sign_digest_tr(const struct rsa_public_key *pub,
+			  const struct rsa_private_key *key,
+			  void *random_ctx, nettle_random_func *random,
+			  const uint8_t *digest,
+			  mpz_t s);
+
+int
 rsa_sha256_verify_digest(const struct rsa_public_key *key,
 			 const uint8_t *digest,
 			 const mpz_t signature);
@@ -273,6 +328,13 @@ rsa_sha512_sign_digest(const struct rsa_private_key *key,
 		       mpz_t s);
 
 int
+rsa_sha512_sign_digest_tr(const struct rsa_public_key *pub,
+			  const struct rsa_private_key *key,
+			  void *random_ctx, nettle_random_func *random,
+			  const uint8_t *digest,
+			  mpz_t s);
+
+int
 rsa_sha512_verify_digest(const struct rsa_public_key *key,
 			 const uint8_t *digest,
 			 const mpz_t signature);
diff --git a/testsuite/testutils.c b/testsuite/testutils.c
index 1ef04c98..36efe855 100644
--- a/testsuite/testutils.c
+++ b/testsuite/testutils.c
@@ -663,9 +663,33 @@ xalloc_limbs (mp_size_t n)
   return xalloc (n * sizeof (mp_limb_t));
 }
 
-#define SIGN(key, hash, msg, signature) do {		\
-  hash##_update(&hash, LDATA(msg));		\
-  ASSERT(rsa_##hash##_sign(key, &hash, signature));	\
+/* Expects local variables pub, key, rstate, digest, signature */
+#define SIGN(hash, msg, expected) do { \
+  hash##_update(&hash, LDATA(msg));					\
+  ASSERT(rsa_##hash##_sign(key, &hash, signature));			\
+  if (verbose)								\
+    {									\
+      fprintf(stderr, "rsa-%s signature: ", #hash);			\
+      mpz_out_str(stderr, 16, signature);				\
+      fprintf(stderr, "\n");						\
+    }									\
+  ASSERT(mpz_cmp (signature, expected) == 0);				\
+									\
+  hash##_update(&hash, LDATA(msg));					\
+  ASSERT(rsa_##hash##_sign_tr(pub, key, &rstate,			\
+			      (nettle_random_func *) knuth_lfib_random,	\
+			      &hash, signature));			\
+  ASSERT(mpz_cmp (signature, expected) == 0);				\
+									\
+  hash##_update(&hash, LDATA(msg));					\
+  hash##_digest(&hash, sizeof(digest), digest);				\
+  ASSERT(rsa_##hash##_sign_digest(key, digest, signature));		\
+  ASSERT(mpz_cmp (signature, expected) == 0);				\
+									\
+  ASSERT(rsa_##hash##_sign_digest_tr(pub, key, &rstate,			\
+				     (nettle_random_func *)knuth_lfib_random, \
+				     digest, signature));		\
+  ASSERT(mpz_cmp (signature, expected) == 0);				\
 } while(0)
 
 #define VERIFY(key, hash, msg, signature) (	\
@@ -770,22 +794,16 @@ test_rsa_md5(struct rsa_public_key *pub,
 	     mpz_t expected)
 {
   struct md5_ctx md5;
+  struct knuth_lfib_ctx rstate;
+  uint8_t digest[MD5_DIGEST_SIZE];
   mpz_t signature;
 
   md5_init(&md5);
   mpz_init(signature);
-  
-  SIGN(key, md5, "The magic words are squeamish ossifrage", signature);
+  knuth_lfib_init (&rstate, 15);
 
-  if (verbose)
-    {
-      fprintf(stderr, "rsa-md5 signature: ");
-      mpz_out_str(stderr, 16, signature);
-      fprintf(stderr, "\n");
-    }
+  SIGN(md5, "The magic words are squeamish ossifrage", expected);
 
-  ASSERT (mpz_cmp(signature, expected) == 0);
-  
   /* Try bad data */
   ASSERT (!VERIFY(pub, md5,
 		  "The magick words are squeamish ossifrage", signature));
@@ -808,22 +826,16 @@ test_rsa_sha1(struct rsa_public_key *pub,
 	      mpz_t expected)
 {
   struct sha1_ctx sha1;
+  struct knuth_lfib_ctx rstate;
+  uint8_t digest[SHA1_DIGEST_SIZE];
   mpz_t signature;
 
   sha1_init(&sha1);
   mpz_init(signature);
+  knuth_lfib_init (&rstate, 16);
 
-  SIGN(key, sha1, "The magic words are squeamish ossifrage", signature);
+  SIGN(sha1, "The magic words are squeamish ossifrage", expected);
 
-  if (verbose)
-    {
-      fprintf(stderr, "rsa-sha1 signature: ");
-      mpz_out_str(stderr, 16, signature);
-      fprintf(stderr, "\n");
-    }
-
-  ASSERT (mpz_cmp(signature, expected) == 0);
-  
   /* Try bad data */
   ASSERT (!VERIFY(pub, sha1,
 		  "The magick words are squeamish ossifrage", signature));
@@ -846,22 +858,16 @@ test_rsa_sha256(struct rsa_public_key *pub,
 		mpz_t expected)
 {
   struct sha256_ctx sha256;
+  struct knuth_lfib_ctx rstate;
+  uint8_t digest[SHA256_DIGEST_SIZE];
   mpz_t signature;
 
   sha256_init(&sha256);
   mpz_init(signature);
+  knuth_lfib_init (&rstate, 17);
 
-  SIGN(key, sha256, "The magic words are squeamish ossifrage", signature);
+  SIGN(sha256, "The magic words are squeamish ossifrage", expected);
 
-  if (verbose)
-    {
-      fprintf(stderr, "rsa-sha256 signature: ");
-      mpz_out_str(stderr, 16, signature);
-      fprintf(stderr, "\n");
-    }
-
-  ASSERT (mpz_cmp(signature, expected) == 0);
-  
   /* Try bad data */
   ASSERT (!VERIFY(pub, sha256,
 		  "The magick words are squeamish ossifrage", signature));
@@ -884,22 +890,16 @@ test_rsa_sha512(struct rsa_public_key *pub,
 		mpz_t expected)
 {
   struct sha512_ctx sha512;
+  struct knuth_lfib_ctx rstate;
+  uint8_t digest[SHA512_DIGEST_SIZE];
   mpz_t signature;
 
   sha512_init(&sha512);
   mpz_init(signature);
+  knuth_lfib_init (&rstate, 18);
 
-  SIGN(key, sha512, "The magic words are squeamish ossifrage", signature);
+  SIGN(sha512, "The magic words are squeamish ossifrage", expected);
 
-  if (verbose)
-    {
-      fprintf(stderr, "rsa-sha512 signature: ");
-      mpz_out_str(stderr, 16, signature);
-      fprintf(stderr, "\n");
-    }
-
-  ASSERT (mpz_cmp(signature, expected) == 0);
-  
   /* Try bad data */
   ASSERT (!VERIFY(pub, sha512,
 		  "The magick words are squeamish ossifrage", signature));