void rsa_sha256_sign_digest(const struct rsa_private_key *key, const uint8_t *digest, mpz_t s) { assert(key->size >= RSA_MINIMUM_N_OCTETS); pkcs1_rsa_sha256_encode_digest(s, key->size - 1, digest); rsa_compute_root(key, s, s); }
void rsa_sha256_sign(const struct rsa_private_key *key, struct sha256_ctx *hash, mpz_t s) { assert(key->size >= RSA_MINIMUM_N_OCTETS); pkcs1_rsa_sha256_encode(s, key->size - 1, hash); rsa_compute_root(key, s, s); }
static struct lsh_string * do_rsa_sign(struct signer *s, int algorithm, UINT32 msg_length, const UINT8 *msg) { CAST(rsa_signer, self, s); struct lsh_string *res; mpz_t m; trace("do_rsa_sign: Signing according to %a\n", algorithm); mpz_init(m); pkcs1_encode(m, self->verifier->params, self->verifier->size - 1, msg_length, msg); rsa_compute_root(self, m, m); switch (algorithm) { case ATOM_SSH_RSA: /* Uses the encoding: * * string ssh-rsa * string signature-blob */ res = ssh_format("%a%un", ATOM_SSH_RSA, m); break; #if 0 case ATOM_RSA_PKCS1_SHA1: case ATOM_RSA_PKCS1_SHA1_LOCAL: /* Uses the encoding: * * string rsa-pkcs1 * string signature-blob */ res = ssh_format("%a%un", ATOM_RSA_PKCS1_SHA1, m); break; #endif /* It doesn't matter here which flavour of SPKI is used. */ case ATOM_SPKI_SIGN_RSA: case ATOM_SPKI_SIGN_DSS: res = sexp_format(encode_rsa_sig_val(m), SEXP_CANONICAL, 0); break; default: fatal("do_rsa_sign: Internal error!\n"); } mpz_clear(m); return res; }
int rsa_decrypt(const struct rsa_private_key *key, unsigned *length, uint8_t *message, const mpz_t gibberish) { mpz_t m; int res; mpz_init(m); rsa_compute_root(key, m, gibberish); res = pkcs1_decrypt (key->size, m, length, message); mpz_clear(m); return res; }
int rsa_md5_sign_digest(const struct rsa_private_key *key, const uint8_t *digest, mpz_t s) { if (pkcs1_rsa_md5_encode_digest(s, key->size, digest)) { rsa_compute_root(key, s, s); return 1; } else { mpz_set_ui(s, 0); return 0; } }
int rsa_md5_sign(const struct rsa_private_key *key, struct md5_ctx *hash, mpz_t s) { if (pkcs1_rsa_md5_encode(s, key->size, hash)) { rsa_compute_root(key, s, s); return 1; } else { mpz_set_ui(s, 0); return 0; } }
static struct sexp * do_rsa_sign_spki(struct signer *s, /* struct sexp *hash, struct sexp *principal, */ UINT32 msg_length, const UINT8 *msg) { CAST(rsa_signer, self, s); mpz_t m; struct sexp *signature; mpz_init(m); pkcs1_encode(m, self->verifier->params, self->verifier->size - 1, msg_length, msg); rsa_compute_root(self, m, m); signature = encode_rsa_sig_val(m); mpz_clear(m); return signature; }
int rsa_decrypt_tr(const struct rsa_public_key *pub, const struct rsa_private_key *key, void *random_ctx, nettle_random_func *random, unsigned *length, uint8_t *message, const mpz_t gibberish) { mpz_t m, ri; int res; mpz_init_set(m, gibberish); mpz_init (ri); _rsa_blind (pub, random_ctx, random, m, ri); rsa_compute_root(key, m, m); _rsa_unblind (pub, m, ri); mpz_clear (ri); res = pkcs1_decrypt (key->size, m, length, message); mpz_clear(m); return res; }
/* in case of DSA puts into data, r,s */ static int _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature, const gnutls_datum_t * vdata, const gnutls_pk_params_st * pk_params) { int ret; unsigned int hash; unsigned int hash_len; switch (algo) { case GNUTLS_PK_EC: /* we do ECDSA */ { ecc_key priv; struct dsa_signature sig; _ecc_params_to_privkey(pk_params, &priv); dsa_signature_init (&sig); hash = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len); if (hash_len > vdata->size) { gnutls_assert (); _gnutls_debug_log("Security level of algorithm requires hash %s(%d) or better\n", gnutls_mac_get_name(hash), hash_len); hash_len = vdata->size; } ret = ecc_sign_hash(vdata->data, hash_len, &sig, NULL, rnd_func, &priv); if (ret != 0) { gnutls_assert (); ret = GNUTLS_E_PK_SIGN_FAILED; goto ecdsa_fail; } ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s); ecdsa_fail: dsa_signature_clear (&sig); _ecc_params_clear( &priv); if (ret < 0) { gnutls_assert (); goto cleanup; } break; } case GNUTLS_PK_DSA: { struct dsa_public_key pub; struct dsa_private_key priv; struct dsa_signature sig; memset(&priv, 0, sizeof(priv)); memset(&pub, 0, sizeof(pub)); _dsa_params_to_pubkey (pk_params, &pub); _dsa_params_to_privkey (pk_params, &priv); dsa_signature_init (&sig); hash = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len); if (hash_len > vdata->size) { gnutls_assert (); _gnutls_debug_log("Security level of algorithm requires hash %s(%d) or better\n", gnutls_mac_get_name(hash), hash_len); hash_len = vdata->size; } ret = _dsa_sign (&pub, &priv, NULL, rnd_func, hash_len, vdata->data, &sig); if (ret == 0) { gnutls_assert (); ret = GNUTLS_E_PK_SIGN_FAILED; goto dsa_fail; } ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s); dsa_fail: dsa_signature_clear (&sig); if (ret < 0) { gnutls_assert (); goto cleanup; } break; } case GNUTLS_PK_RSA: { struct rsa_private_key priv; bigint_t hash, nc, ri; if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) { gnutls_assert (); return GNUTLS_E_MPI_SCAN_FAILED; } memset(&priv, 0, sizeof(priv)); _rsa_params_to_privkey (pk_params, &priv); nc = rsa_blind (hash, pk_params->params[1] /*e */ , pk_params->params[0] /*m */ , &ri); _gnutls_mpi_release (&hash); if (nc == NULL) { gnutls_assert (); ret = GNUTLS_E_MEMORY_ERROR; goto rsa_fail; } rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc)); rsa_unblind (nc, ri, pk_params->params[0] /*m */ ); ret = _gnutls_mpi_dprint (nc, signature); rsa_fail: _gnutls_mpi_release (&nc); _gnutls_mpi_release (&ri); if (ret < 0) { gnutls_assert (); goto cleanup; } break; } default: gnutls_assert (); ret = GNUTLS_E_INTERNAL_ERROR; goto cleanup; } ret = 0; cleanup: return ret; }
static int _wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo, gnutls_datum_t * plaintext, const gnutls_datum_t * ciphertext, const gnutls_pk_params_st * pk_params) { int ret; /* make a sexp from pkey */ switch (algo) { case GNUTLS_PK_RSA: { struct rsa_private_key priv; bigint_t c, ri, nc; if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0) { gnutls_assert (); return GNUTLS_E_MPI_SCAN_FAILED; } nc = rsa_blind (c, pk_params->params[1] /*e */ , pk_params->params[0] /*m */ , &ri); _gnutls_mpi_release (&c); if (nc == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } memset(&priv, 0, sizeof(priv)); _rsa_params_to_privkey (pk_params, &priv); rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc)); rsa_unblind (nc, ri, pk_params->params[0] /*m */ ); ret = _gnutls_mpi_dprint_size (nc, plaintext, ciphertext->size); _gnutls_mpi_release (&nc); _gnutls_mpi_release (&ri); if (ret < 0) { gnutls_assert (); goto cleanup; } break; } default: gnutls_assert (); ret = GNUTLS_E_INTERNAL_ERROR; goto cleanup; } ret = 0; cleanup: return ret; }