aboutsummaryrefslogtreecommitdiff
path: root/src/util/rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/rsa.c')
-rw-r--r--src/util/rsa.c62
1 files changed, 26 insertions, 36 deletions
diff --git a/src/util/rsa.c b/src/util/rsa.c
index c34ab1661..0b533615c 100644
--- a/src/util/rsa.c
+++ b/src/util/rsa.c
@@ -578,18 +578,19 @@ data_to_sexp (const void *ptr, size_t size)
578 578
579 579
580/** 580/**
581 * Sign the given hash block. 581 * Sign the given message. The size of the message should be less than
582 * TALER_RSA_DATA_ENCODING_LENGTH (256) bytes.
582 * 583 *
583 * @param key private key to use for the signing 584 * @param key private key to use for the signing
584 * @param hash the block containing the hash of the message to sign 585 * @param msg the message
585 * @param hash_size the size of the hash block 586 * @param size the size of the message
586 * @param sig where to write the signature 587 * @param sig where to write the signature
587 * @return GNUNET_SYSERR on error, GNUNET_OK on success 588 * @return GNUNET_SYSERR on error, GNUNET_OK on success
588 */ 589 */
589int 590int
590TALER_RSA_sign (const struct TALER_RSA_PrivateKey *key, 591TALER_RSA_sign (const struct TALER_RSA_PrivateKey *key,
591 const void *hash, 592 const void *msg,
592 size_t hash_size, 593 size_t size,
593 struct TALER_RSA_Signature *sig) 594 struct TALER_RSA_Signature *sig)
594{ 595{
595 gcry_sexp_t result; 596 gcry_sexp_t result;
@@ -597,7 +598,10 @@ TALER_RSA_sign (const struct TALER_RSA_PrivateKey *key,
597 size_t ssize; 598 size_t ssize;
598 gcry_mpi_t rval; 599 gcry_mpi_t rval;
599 600
600 data = data_to_sexp (hash, hash_size); 601 GNUNET_assert (size <= TALER_RSA_DATA_ENCODING_LENGTH);
602 if (size > TALER_RSA_DATA_ENCODING_LENGTH)
603 return GNUNET_SYSERR;
604 data = data_to_sexp (msg, size);
601 GNUNET_assert (0 == gcry_pk_sign (&result, data, key->sexp)); 605 GNUNET_assert (0 == gcry_pk_sign (&result, data, key->sexp));
602 gcry_sexp_release (data); 606 gcry_sexp_release (data);
603 GNUNET_assert (0 == key_from_sexp (&rval, result, "rsa", "s")); 607 GNUNET_assert (0 == key_from_sexp (&rval, result, "rsa", "s"));
@@ -666,35 +670,42 @@ decode_public_key (const struct TALER_RSA_PublicKeyBinaryEncoded *publicKey)
666 670
667 671
668/** 672/**
669 * Verify signature with the given hash. 673 * Verify signature on the given message. The size of the message should be less than
674 * TALER_RSA_DATA_ENCODING_LENGTH (256) bytes.
670 * 675 *
671 * @param hash the hash code to verify against the signature 676 * @param msg the message
677 * @param size the size of the message
672 * @param sig signature that is being validated 678 * @param sig signature that is being validated
673 * @param publicKey public key of the signer 679 * @param publicKey public key of the signer
674 * @returns GNUNET_OK if ok, GNUNET_SYSERR if invalid 680 * @returns GNUNET_OK if ok, GNUNET_SYSERR if invalid
675 */ 681 */
676int 682int
677TALER_RSA_hash_verify (const struct GNUNET_HashCode *hash, 683TALER_RSA_verify (const void *msg, size_t size,
678 const struct TALER_RSA_Signature *sig, 684 const struct TALER_RSA_Signature *sig,
679 const struct TALER_RSA_PublicKeyBinaryEncoded *publicKey) 685 const struct TALER_RSA_PublicKeyBinaryEncoded *publicKey)
680{ 686{
681 gcry_sexp_t data; 687 gcry_sexp_t data;
682 gcry_sexp_t sigdata; 688 gcry_sexp_t sigdata;
683 size_t size; 689 size_t sig_size;
684 gcry_mpi_t val; 690 gcry_mpi_t val;
685 gcry_sexp_t psexp; 691 gcry_sexp_t psexp;
686 size_t erroff; 692 size_t erroff;
687 int rc; 693 int rc;
688 694
689 size = sizeof (struct TALER_RSA_Signature); 695 GNUNET_assert (size <= TALER_RSA_DATA_ENCODING_LENGTH);
696 if (size > TALER_RSA_DATA_ENCODING_LENGTH)
697 return GNUNET_SYSERR;
690 GNUNET_assert (0 == 698 GNUNET_assert (0 ==
691 gcry_mpi_scan (&val, GCRYMPI_FMT_USG, 699 gcry_mpi_scan (&val, GCRYMPI_FMT_USG,
692 (const unsigned char *) sig, size, &size)); 700 (const unsigned char *) sig,
701 sizeof (struct TALER_RSA_Signature),
702 &sig_size));
703 GNUNET_assert (sizeof (struct TALER_RSA_Signature) == sig_size);
693 GNUNET_assert (0 == 704 GNUNET_assert (0 ==
694 gcry_sexp_build (&sigdata, &erroff, "(sig-val(rsa(s %m)))", 705 gcry_sexp_build (&sigdata, &erroff, "(sig-val(rsa(s %m)))",
695 val)); 706 val));
696 gcry_mpi_release (val); 707 gcry_mpi_release (val);
697 data = data_to_sexp (hash, sizeof (struct GNUNET_HashCode)); 708 data = data_to_sexp (msg, size);
698 if (! (psexp = decode_public_key (publicKey))) 709 if (! (psexp = decode_public_key (publicKey)))
699 { 710 {
700 gcry_sexp_release (data); 711 gcry_sexp_release (data);
@@ -715,27 +726,6 @@ TALER_RSA_hash_verify (const struct GNUNET_HashCode *hash,
715 return GNUNET_OK; 726 return GNUNET_OK;
716} 727}
717 728
718
719/**
720 * Verify signature on the given message
721 *
722 * @param msg the message
723 * @param size the size of the message
724 * @param sig signature that is being validated
725 * @param publicKey public key of the signer
726 * @returns GNUNET_OK if ok, GNUNET_SYSERR if invalid
727 */
728int
729TALER_RSA_verify (const void *msg, size_t size,
730 const struct TALER_RSA_Signature *sig,
731 const struct TALER_RSA_PublicKeyBinaryEncoded *publicKey)
732{
733 struct GNUNET_HashCode hash;
734
735 GNUNET_CRYPTO_hash (msg, size, &hash);
736 return TALER_RSA_hash_verify (&hash, sig, publicKey);
737}
738
739/** 729/**
740 * The blinding key is equal in length to the RSA modulus 730 * The blinding key is equal in length to the RSA modulus
741 */ 731 */