static void bench_dsa_sign (void *p) { struct dsa_ctx *ctx = p; struct dsa_signature s; dsa_signature_init (&s); dsa_sign (&ctx->params, ctx->key, &ctx->lfib, (nettle_random_func *)knuth_lfib_random, SHA1_DIGEST_SIZE, ctx->digest, &s); dsa_signature_clear (&s); }
static void * bench_dsa_init (unsigned size) { struct dsa_ctx *ctx; struct sexp_iterator i; unsigned char dsa1024[] = "{KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDEyOToA2q4hOXEClLMXXMOl9xaPcGC/GeGmCMv" " VCaaW0uWc50DvvmJDPQPdCehyfZr/1dv2UDbx06TC7ls/IFd+BsDzGBRxqIQ44J20cn+0gt" " NMIXAocE1QhCCFaT5gXrk8zMlqBEGaP3RdpgxNanEXkTj2Wma8r1GtrLX3HPafio62jicpK" " DE6cTIxOgDN9pcW3exdVAesC9WsxwCGoJK24ykoMTpnMTI5OgCJr9DmKdiE0WJZB7HACESv" " Tpg1qZgc8E15byQ+OsHUyOTRrJRTcrgKZJW7dFRJ9cXmyi7XYCd3bJtu/2HRHLY1vd4qMvU" " 7Y8x08ooCoABGV7nGqcmdQfEho1OY6TZh2NikmPKZLeur3PZFpcZ8Dl+KVWtwC55plNC7Om" " iAQy8MaCkoMTp5MTI5OgDakk0LOUQwzOKt9FHOBmBKrWsvTm7549eScTUqH4OMm3btjUsXz" " MmlqEe+imwQCOW/AE3Xw9pXZeETWK0jlLe8k5vnKcNskerFwZ1eQKtOPPQty8IqQ9PEfF6B" " 0oVQiJg2maHUDWFnDkIBd7ZR1z8FnZMUxH9mH4kEUo6YQgtCdykoMTp4MjA6cOl3ijiiMjI" " pesFD8jxESWb2mn8pKSk=}"; ctx = xalloc(sizeof(*ctx)); dsa_params_init (&ctx->params); mpz_init (ctx->pub); mpz_init (ctx->key); dsa_signature_init (&ctx->s); knuth_lfib_init (&ctx->lfib, 1); if (size != 1024) die ("Internal error.\n"); if (! (sexp_transport_iterator_first (&i, sizeof(dsa1024) - 1, dsa1024) && sexp_iterator_check_type (&i, "private-key") && sexp_iterator_check_type (&i, "dsa") && dsa_keypair_from_sexp_alist (&ctx->params, ctx->pub, ctx->key, 0, DSA_SHA1_Q_BITS, &i)) ) die ("Internal error.\n"); ctx->digest = hash_string (&nettle_sha1, "foo"); dsa_sign (&ctx->params, ctx->key, &ctx->lfib, (nettle_random_func *)knuth_lfib_random, SHA1_DIGEST_SIZE, ctx->digest, &ctx->s); return ctx; }
/* Signs the given data using the parameters from the signer's * private key. * * returns 0 on success. * * 'tbs' is the data to be signed * 'signature' will hold the signature! * 'hash' is only used in PKCS1 RSA signing. */ int _gnutls_x509_sign (const gnutls_datum_t * tbs, gnutls_digest_algorithm_t hash, gnutls_x509_privkey_t signer, gnutls_datum_t * signature) { int ret; switch (signer->pk_algorithm) { case GNUTLS_PK_RSA: ret = pkcs1_rsa_sign (hash, tbs, signer->params, signer->params_size, signature); if (ret < 0) { gnutls_assert (); return ret; } return 0; break; case GNUTLS_PK_DSA: ret = dsa_sign (tbs, signer->params, signer->params_size, signature); if (ret < 0) { gnutls_assert (); return ret; } return 0; break; default: gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } }
unsigned pgp_write_sig(pgp_output_t *output, pgp_create_sig_t *sig, const pgp_pubkey_t *key, const pgp_seckey_t *seckey) { unsigned ret = 0; size_t len = pgp_mem_len(sig->mem); /* check key not decrypted */ switch (seckey->pubkey.alg) { case PGP_PKA_RSA: case PGP_PKA_RSA_ENCRYPT_ONLY: case PGP_PKA_RSA_SIGN_ONLY: if (seckey->key.rsa.d == NULL) { (void) fprintf(stderr, "pgp_write_sig: null rsa.d\n"); return 0; } break; case PGP_PKA_DSA: if (seckey->key.dsa.x == NULL) { (void) fprintf(stderr, "pgp_write_sig: null dsa.x\n"); return 0; } break; default: (void) fprintf(stderr, "Unsupported algorithm %d\n", seckey->pubkey.alg); return 0; } if (sig->hashlen == (unsigned) -1) { (void) fprintf(stderr, "ops_write_sig: bad hashed data len\n"); return 0; } pgp_memory_place_int(sig->mem, sig->unhashoff, (unsigned)(len - sig->unhashoff - 2), 2); /* add the packet from version number to end of hashed subpackets */ if (pgp_get_debug_level(__FILE__)) { (void) fprintf(stderr, "ops_write_sig: hashed packet info\n"); } sig->hash.add(&sig->hash, pgp_mem_data(sig->mem), sig->unhashoff); /* add final trailer */ pgp_hash_add_int(&sig->hash, (unsigned)sig->sig.info.version, 1); pgp_hash_add_int(&sig->hash, 0xff, 1); /* +6 for version, type, pk alg, hash alg, hashed subpacket length */ pgp_hash_add_int(&sig->hash, sig->hashlen + 6, 4); if (pgp_get_debug_level(__FILE__)) { (void) fprintf(stderr, "ops_write_sig: done writing hashed\n"); } /* XXX: technically, we could figure out how big the signature is */ /* and write it directly to the output instead of via memory. */ switch (seckey->pubkey.alg) { case PGP_PKA_RSA: case PGP_PKA_RSA_ENCRYPT_ONLY: case PGP_PKA_RSA_SIGN_ONLY: if (!rsa_sign(&sig->hash, &key->key.rsa, &seckey->key.rsa, sig->output)) { (void) fprintf(stderr, "pgp_write_sig: rsa_sign failure\n"); return 0; } break; case PGP_PKA_DSA: if (!dsa_sign(&sig->hash, &key->key.dsa, &seckey->key.dsa, sig->output)) { (void) fprintf(stderr, "pgp_write_sig: dsa_sign failure\n"); return 0; } break; default: (void) fprintf(stderr, "Unsupported algorithm %d\n", seckey->pubkey.alg); return 0; } ret = pgp_write_ptag(output, PGP_PTAG_CT_SIGNATURE); if (ret) { len = pgp_mem_len(sig->mem); ret = pgp_write_length(output, (unsigned)len) && pgp_write(output, pgp_mem_data(sig->mem), (unsigned)len); } pgp_memory_free(sig->mem); if (ret == 0) { PGP_ERROR_1(&output->errors, PGP_E_W, "%s", "Cannot write signature"); } return ret; }