General pkcs1 signature interface.

8 files changed, 249 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 1ad2e53b..20507374 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,20 @@
 2012-06-09  Niels Möller  <nisse@lysator.liu.se>
 
+	General pkcs1 signatures, with a "DigestInfo" input. Suggested by
+	Nikos Mavrogiannopoulos.
+	* Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-digest.c,
+	rsa-pkcs1-sign.c, rsa-pkcs1-sign-tr.c, and rsa-pkcs1-verify.c.
+
+	* pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): New file and
+	function.
+	* pkcs1.h: Declare it.
+
+	* rsa-pkcs1-verify.c (rsa_pkcs1_verify): New file and function.
+	* rsa-pkcs1-sign.c (rsa_pkcs1_sign): New file and function.
+	* rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): New file and function,
+	contributed by Nikos Mavrogiannopoulos.
+	* rsa.h: Declare new functions.
+
 	* rsa.h (_rsa_blind, _rsa_unblind): Declare functions.
 	* rsa-blind.c (_rsa_blind, _rsa_unblind): Functions moved to a
 	separate file, renamed and made non-static. Moved from...
diff --git a/Makefile.in b/Makefile.in
index ba0fdb27..be0de3cd 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -100,9 +100,10 @@ hogweed_SOURCES = sexp.c sexp-format.c \
 		  bignum-random.c bignum-random-prime.c \
 		  sexp2bignum.c \
 		  pkcs1.c pkcs1-encrypt.c pkcs1-decrypt.c \
-		  pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
+		  pkcs1-rsa-digest.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
 		  pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \
 		  rsa.c rsa-sign.c rsa-verify.c \
+		  rsa-pkcs1-sign.c rsa-pkcs1-sign-tr.c rsa-pkcs1-verify.c \
 		  rsa-md5-sign.c rsa-md5-verify.c \
 		  rsa-sha1-sign.c rsa-sha1-verify.c \
 		  rsa-sha256-sign.c rsa-sha256-verify.c \
diff --git a/pkcs1-rsa-digest.c b/pkcs1-rsa-digest.c
new file mode 100644
index 00000000..e84db6d4
--- /dev/null
+++ b/pkcs1-rsa-digest.c
@@ -0,0 +1,49 @@
+/* pkcs1-rsa-digest.c
+ *
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2003, 2012 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "pkcs1.h"
+
+#include "bignum.h"
+#include "nettle-internal.h"
+
+int
+pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size,
+			unsigned di_length, const uint8_t *digest_info)
+{
+  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+  TMP_ALLOC(em, key_size);
+
+  if (pkcs1_signature_prefix(key_size, em,
+			     di_length, digest_info, 0))
+    {
+      nettle_mpz_set_str_256_u(m, key_size, em);
+      return 1;
+    }
+  else
+    return 0;
+}
diff --git a/pkcs1.h b/pkcs1.h
index 2f6251e2..27219554 100644
--- a/pkcs1.h
+++ b/pkcs1.h
@@ -35,6 +35,7 @@ extern "C" {
 
 /* Name mangling */
 #define pkcs1_signature_prefix nettle_pkcs1_signature_prefix
+#define pkcs1_rsa_digest_encode nettle_pkcs1_rsa_digest_encode
 #define pkcs1_rsa_md5_encode nettle_pkcs1_rsa_md5_encode
 #define pkcs1_rsa_md5_encode_digest nettle_pkcs1_rsa_md5_encode_digest
 #define pkcs1_rsa_sha1_encode nettle_pkcs1_rsa_sha1_encode
@@ -71,6 +72,10 @@ pkcs1_decrypt (unsigned key_size,
 	       unsigned *length, uint8_t *message);
 
 int
+pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size,
+			unsigned di_length, const uint8_t *digest_info);
+
+int
 pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash);
 
 int
diff --git a/rsa-pkcs1-sign-tr.c b/rsa-pkcs1-sign-tr.c
new file mode 100644
index 00000000..672b902b
--- /dev/null
+++ b/rsa-pkcs1-sign-tr.c
@@ -0,0 +1,60 @@
+/* rsa-pkcs1-sign-tr.c
+ *
+ * Creating timing resistant RSA signatures.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Nikos Mavrogiannopoulos
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "rsa.h"
+
+#include "pkcs1.h"
+
+int
+rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
+  	          const struct rsa_private_key *key,
+	          void *random_ctx, nettle_random_func random,
+	          unsigned length, const uint8_t *digest_info,
+   	          mpz_t s)
+{
+  mpz_t ri;
+
+  if (pkcs1_rsa_digest_encode (s, key->size, length, digest_info))
+    {
+      mpz_init (ri);
+
+      _rsa_blind (pub, random_ctx, random, s, ri);
+      rsa_compute_root(key, s, s);
+      _rsa_unblind (pub, s, ri);
+
+      mpz_clear (ri);
+
+      return 1;
+    }
+  else
+    {
+      mpz_set_ui(s, 0);
+      return 0;
+    }    
+}
diff --git a/rsa-pkcs1-sign.c b/rsa-pkcs1-sign.c
new file mode 100644
index 00000000..e9348c9b
--- /dev/null
+++ b/rsa-pkcs1-sign.c
@@ -0,0 +1,49 @@
+/* rsa-pkcs1-sign.c
+ *
+ * PKCS#1 version 1.5 signatures.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "rsa.h"
+
+#include "pkcs1.h"
+
+int
+rsa_pkcs1_sign(const struct rsa_private_key *key,
+	       unsigned length, const uint8_t *digest_info,
+	       mpz_t s)
+{  
+  if (pkcs1_rsa_digest_encode (s, key->size, length, digest_info))
+    {
+      rsa_compute_root(key, s, s);
+      return 1;
+    }
+  else
+    {
+      mpz_set_ui(s, 0);
+      return 0;
+    }    
+}
diff --git a/rsa-pkcs1-verify.c b/rsa-pkcs1-verify.c
new file mode 100644
index 00000000..4b25aaf3
--- /dev/null
+++ b/rsa-pkcs1-verify.c
@@ -0,0 +1,50 @@
+/* rsa-pkcs1-sign.c
+ *
+ * PKCS#1 version 1.5 signatures.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "rsa.h"
+
+#include "pkcs1.h"
+
+int
+rsa_pkcs1_verify(const struct rsa_public_key *key,
+		 unsigned length, const uint8_t *digest_info,
+		 const mpz_t s)
+{
+  int res;
+  mpz_t m;
+
+  mpz_init (m);
+
+  res = (pkcs1_rsa_digest_encode (m, key->size, length, digest_info)
+	 && _rsa_verify (key, m, s));
+
+  mpz_clear(m);
+
+  return res;
+}
diff --git a/rsa.h b/rsa.h
index 1b975ab8..9857b67c 100644
--- a/rsa.h
+++ b/rsa.h
@@ -43,6 +43,9 @@ extern "C" {
 #define rsa_private_key_init nettle_rsa_private_key_init
 #define rsa_private_key_clear nettle_rsa_private_key_clear
 #define rsa_private_key_prepare nettle_rsa_private_key_prepare
+#define rsa_pkcs1_verify nettle_rsa_pkcs1_verify
+#define rsa_pkcs1_sign nettle_rsa_pkcs1_sign
+#define rsa_pkcs1_sign_tr nettle_rsa_pkcs1_sign_tr
 #define rsa_md5_sign nettle_rsa_md5_sign
 #define rsa_md5_verify nettle_rsa_md5_verify
 #define rsa_sha1_sign nettle_rsa_sha1_sign
@@ -169,6 +172,22 @@ rsa_private_key_prepare(struct rsa_private_key *key);
 
 /* PKCS#1 style signatures */
 int
+rsa_pkcs1_sign(const struct rsa_private_key *key,
+	       unsigned length, const uint8_t *digest_info,
+	       mpz_t s);
+
+int
+rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
+  	          const struct rsa_private_key *key,
+	          void *random_ctx, nettle_random_func random,
+	          unsigned length, const uint8_t *digest_info,
+   	          mpz_t s);
+int
+rsa_pkcs1_verify(const struct rsa_public_key *key,
+		 unsigned length, const uint8_t *digest_info,
+		 const mpz_t signature);
+
+int
 rsa_md5_sign(const struct rsa_private_key *key,
              struct md5_ctx *hash,
              mpz_t signature);