From: Daiki Ueno dueno@redhat.com
Hello,
This series of patches implements the RSA-PSS signature scheme, as specified in RFC 3447. To keep the interface minimal but to allow TLS 1.3 implementations on top of this, only SHA256/384/512 variants are provided.
The prototypes of the top-level functions are as follows:
int rsa_pss_shaXXX_sign_digest_tr(const struct rsa_public_key *pub, const struct rsa_private_key *key, void *random_ctx, nettle_random_func *random, size_t salt_length, const uint8_t *salt, const uint8_t *digest, mpz_t s);
int rsa_pss_shaXXX_verify_digest(const struct rsa_public_key *key, size_t salt_length, const uint8_t *digest, const mpz_t signature);
For MGF, "mask generation function 1" backed by the same hash algorithm is always used, as indicated in [1]. I thought it might make sense to provide more flexible variants, such as rsa_pss_{sign_tr,verify} analogous to rsa_pkcs1_*, but realized that parsing ASN.1 encoded parameters would require extra complexity.
Suggestions appreciated.
Daiki Ueno (2): Implement PSS encoding functions Add PSS variants for RSA sign/verify functions
Makefile.in | 7 +- mgf1-sha256.c | 47 +++++++ mgf1-sha384.c | 47 +++++++ mgf1-sha512.c | 47 +++++++ mgf1.c | 72 +++++++++++ mgf1.h | 70 ++++++++++ nettle-types.h | 3 + nettle.texinfo | 30 +++++ pss-sha256.c | 64 ++++++++++ pss-sha512.c | 90 +++++++++++++ pss.c | 195 ++++++++++++++++++++++++++++ pss.h | 105 +++++++++++++++ rsa-pss-sha256-sign-tr.c | 64 ++++++++++ rsa-pss-sha256-verify.c | 60 +++++++++ rsa-pss-sha512-sign-tr.c | 87 +++++++++++++ rsa-pss-sha512-verify.c | 79 ++++++++++++ rsa-verify.c | 14 ++ rsa.h | 55 ++++++++ testsuite/.test-rules.make | 9 ++ testsuite/Makefile.in | 5 +- testsuite/mgf1-test.c | 23 ++++ testsuite/pss-test.c | 35 +++++ testsuite/rsa-pss-sign-tr-test.c | 268 +++++++++++++++++++++++++++++++++++++++ 23 files changed, 1473 insertions(+), 3 deletions(-) create mode 100644 mgf1-sha256.c create mode 100644 mgf1-sha384.c create mode 100644 mgf1-sha512.c create mode 100644 mgf1.c create mode 100644 mgf1.h create mode 100644 pss-sha256.c create mode 100644 pss-sha512.c create mode 100644 pss.c create mode 100644 pss.h create mode 100644 rsa-pss-sha256-sign-tr.c create mode 100644 rsa-pss-sha256-verify.c create mode 100644 rsa-pss-sha512-sign-tr.c create mode 100644 rsa-pss-sha512-verify.c create mode 100644 testsuite/mgf1-test.c create mode 100644 testsuite/pss-test.c create mode 100644 testsuite/rsa-pss-sign-tr-test.c
Footnotes: [1] https://tlswg.github.io/tls13-spec/#signature-algorithms