diff options
-rw-r--r-- | pkcs1-rsa-sha256.c | 94 | ||||
-rw-r--r-- | rsa-sha256-sign.c | 63 | ||||
-rw-r--r-- | rsa-sha256-verify.c | 77 |
3 files changed, 234 insertions, 0 deletions
diff --git a/pkcs1-rsa-sha256.c b/pkcs1-rsa-sha256.c new file mode 100644 index 00000000..77f9d048 --- /dev/null +++ b/pkcs1-rsa-sha256.c @@ -0,0 +1,94 @@ +/* pkcs1-rsa-sha256.c + * + * PKCS stuff for rsa-sha256. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2001, 2003, 2006 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#if WITH_PUBLIC_KEY + +#include <assert.h> +#include <stdlib.h> +#include <string.h> + +#include "rsa.h" + +#include "bignum.h" +#include "pkcs1.h" + +#include "nettle-internal.h" + +/* From RFC 3447, Public-Key Cryptography Standards (PKCS) #1: RSA + * Cryptography Specifications Version 2.1. + * + * id-sha256 OBJECT IDENTIFIER ::= + * {joint-iso-itu-t(2) country(16) us(840) organization(1) + * gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1} + */ + +static const uint8_t +sha256_prefix[] = +{ + /* 19 octets prefix, 32 octets hash, total 51 */ + 0x30, 49, /* SEQUENCE */ + 0x30, 13, /* SEQUENCE */ + 0x06, 9, /* OBJECT IDENTIFIER */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0x05, 0, /* NULL */ + 0x04, 32 /* OCTET STRING */ + /* Here comes the raw hash value */ +}; + +void +pkcs1_rsa_sha256_encode(mpz_t m, unsigned length, struct sha256_ctx *hash) +{ + TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8); + TMP_ALLOC(em, length); + + assert(length >= SHA256_DIGEST_SIZE); + pkcs1_signature_prefix(length - SHA256_DIGEST_SIZE, em, + sizeof(sha256_prefix), + sha256_prefix); + + sha256_digest(hash, SHA256_DIGEST_SIZE, em + length - SHA256_DIGEST_SIZE); + nettle_mpz_set_str_256_u(m, length, em); +} + +void +pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned length, const uint8_t *digest) +{ + TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8); + TMP_ALLOC(em, length); + + assert(length >= SHA256_DIGEST_SIZE); + pkcs1_signature_prefix(length - SHA256_DIGEST_SIZE, em, + sizeof(sha256_prefix), + sha256_prefix); + + memcpy(em + length - SHA256_DIGEST_SIZE, digest, SHA256_DIGEST_SIZE); + nettle_mpz_set_str_256_u(m, length, em); +} + +#endif /* WITH_PUBLIC_KEY */ diff --git a/rsa-sha256-sign.c b/rsa-sha256-sign.c new file mode 100644 index 00000000..ab34c19c --- /dev/null +++ b/rsa-sha256-sign.c @@ -0,0 +1,63 @@ +/* rsa-sha256-sign.c + * + * Signatures using RSA and SHA256. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2001, 2003, 2006 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#if WITH_PUBLIC_KEY + +#include <assert.h> + +#include "rsa.h" + +#include "bignum.h" +#include "pkcs1.h" + +void +rsa_sha256_sign(const struct rsa_private_key *key, + struct sha256_ctx *hash, + mpz_t s) +{ + assert(key->size >= RSA_MINIMUM_N_OCTETS); + + pkcs1_rsa_sha256_encode(s, key->size - 1, hash); + + rsa_compute_root(key, s, s); +} + +void +rsa_sha256_sign_digest(const struct rsa_private_key *key, + const uint8_t *digest, + mpz_t s) +{ + assert(key->size >= RSA_MINIMUM_N_OCTETS); + + pkcs1_rsa_sha256_encode_digest(s, key->size - 1, digest); + + rsa_compute_root(key, s, s); +} + +#endif /* WITH_PUBLIC_KEY */ diff --git a/rsa-sha256-verify.c b/rsa-sha256-verify.c new file mode 100644 index 00000000..a0235a48 --- /dev/null +++ b/rsa-sha256-verify.c @@ -0,0 +1,77 @@ +/* rsa-sha256-verify.c + * + * Verifying signatures created with RSA and SHA256. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2001, 2003, 2006 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#if WITH_PUBLIC_KEY + +#include <assert.h> + +#include "rsa.h" + +#include "bignum.h" +#include "pkcs1.h" + +int +rsa_sha256_verify(const struct rsa_public_key *key, + struct sha256_ctx *hash, + const mpz_t s) +{ + int res; + mpz_t m; + + assert(key->size >= RSA_MINIMUM_N_OCTETS); + mpz_init(m); + + pkcs1_rsa_sha256_encode(m, key->size - 1, hash); + res = _rsa_verify(key, m, s); + + mpz_clear(m); + + return res; +} + +int +rsa_sha256_verify_digest(const struct rsa_public_key *key, + const uint8_t *digest, + const mpz_t s) +{ + int res; + mpz_t m; + + assert(key->size >= RSA_MINIMUM_N_OCTETS); + mpz_init(m); + + pkcs1_rsa_sha256_encode_digest(m, key->size - 1, digest); + res = _rsa_verify(key, m, s); + + mpz_clear(m); + + return res; +} + +#endif /* WITH_PUBLIC_KEY */ |