nettle: vendor-in RSA-OAEP implementation

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/configure.ac b/configure.ac
index d6f283a6ee7ed6d505c31832daaa6fe78100f6b6..b68486e551885baa5e97226db6a95991ac673532 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -785,6 +785,13 @@ AC_CHECK_FUNCS(nettle_siv_gcm_encrypt_message)
 LIBS=$save_LIBS
 AM_CONDITIONAL([NEED_SIV_GCM], [test "$ac_cv_func_nettle_siv_gcm_encrypt_message" != yes])
 
+# Check for RSA-OAEP
+save_LIBS=$LIBS
+LIBS="$LIBS $NETTLE_LIBS"
+AC_CHECK_FUNCS(nettle_rsa_oaep_sha256_encrypt)
+LIBS=$save_LIBS
+AM_CONDITIONAL([NEED_RSA_OAEP], [test "$ac_cv_func_nettle_rsa_oaep_sha256_encrypt" != yes])
+
 # Check sonames of the linked libraries needed for FIPS selftests.
 save_LIBS=$LIBS
 LIBS="$LIBS $GMP_LIBS"

diff --git a/devel/import-from-nettle.sh b/devel/import-from-nettle.sh
index ac3dd5fbff7ad3c46db01fb182fb507f6ae0f614..38c3dfffb5ad139fc4f06c7c5432bf2bd628ac93 100755 (executable)
--- a/devel/import-from-nettle.sh
+++ b/devel/import-from-nettle.sh
@@ -18,6 +18,17 @@ ctr16.c
 ghash-internal.h
 ghash-set-key.c
 ghash-update.c
+gmp-glue.c
+gmp-glue.h
+oaep.c
+oaep.h
+pss-mgf1.h
+pss-mgf1.c
+rsa-internal.h
+rsa-oaep-encrypt.c
+rsa-oaep-decrypt.c
+rsa-sec-compute-root.c
+rsa-sign-tr.c
 siv-gcm-aes128.c
 siv-gcm-aes256.c
 siv-gcm.c
@@ -35,10 +46,14 @@ ecc-curve.h
 ecc.h
 gcm.h
 macros.h
+md5.h
 memops.h
 memxor.h
 nettle-meta.h
 nettle-types.h
+rsa.h
+sha1.h
+sha2.h
 "
 
 test -d $DST || mkdir $DST
@@ -93,6 +108,15 @@ for f in $IMPORTS; do
        sed \
          -e '/^#include <nettle\/nettle-types\.h>/a\
 #include "block8.h"
+' \
+         $dst > $dst-t && mv $dst-t $dst
+       ;;
+    esac
+    case $dst in
+      */rsa-oaep-*.c)
+       sed \
+         -e '/^#include <nettle\/rsa\.h>/a\
+#include "int/rsa-oaep.h"
 ' \
          $dst > $dst-t && mv $dst-t $dst
        ;;

diff --git a/devel/nettle b/devel/nettle
index d2cc9b95b50440c331ee143312309951a7e8d7ca..236d79b8bc508ae089f63a75c16f87c7076babdf 160000 (submodule)
--- a/devel/nettle
+++ b/devel/nettle
@@ -1 +1 @@
-Subproject commit d2cc9b95b50440c331ee143312309951a7e8d7ca
+Subproject commit 236d79b8bc508ae089f63a75c16f87c7076babdf

diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am
index d644a0cbfcaf3504d9f197c228eb23721f14a798..6a9e6ce0822250fd9dd5b8be4ed26b866d20b930 100644 (file)
--- a/lib/nettle/Makefile.am
+++ b/lib/nettle/Makefile.am
@@ -47,7 +47,7 @@ libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c init.c \
        int/ecdsa-compute-k.c int/ecdsa-compute-k.h \
        int/mpn-base256.c int/mpn-base256.h \
        int/block8.h backport/block-internal.h \
-       int/rsa-pad.c int/nettle-internal.h
+       int/rsa-oaep.h int/rsa-pad.c int/nettle-internal.h
 
 if WINDOWS
 if HAVE_BCRYPT
@@ -113,3 +113,19 @@ libcrypto_la_SOURCES += \
        backport/siv-ghash-update.c \
        $(NULL)
 endif
+
+if NEED_RSA_OAEP
+libcrypto_la_SOURCES += \
+       backport/gmp-glue.c \
+       backport/gmp-glue.h \
+       backport/oaep.c \
+       backport/oaep.h \
+       backport/pss-mgf1.c \
+       backport/pss-mgf1.h \
+       backport/rsa-internal.h \
+       backport/rsa-oaep-encrypt.c \
+       backport/rsa-oaep-decrypt.c \
+       backport/rsa-sec-compute-root.c \
+       backport/rsa-sign-tr.c \
+       $(NULL)
+endif

diff --git a/lib/nettle/int/nettle-internal.h b/lib/nettle/int/nettle-internal.h
index c3aefb8084c7cf09f251e022dd16ad7091795fa4..bc6144dcc9dd2369582a1d98772f52d92f342ac7 100644 (file)
--- a/lib/nettle/int/nettle-internal.h
+++ b/lib/nettle/int/nettle-internal.h
@@ -73,4 +73,16 @@
        } while (0)
 #endif
 
+/* Limits that apply to systems that don't have alloca */
+#define NETTLE_MAX_HASH_BLOCK_SIZE 144 /* For sha3_224*/
+#define NETTLE_MAX_HASH_DIGEST_SIZE 64
+#define NETTLE_MAX_HASH_CONTEXT_SIZE (sizeof(struct sha3_224_ctx))
+#define NETTLE_MAX_SEXP_ASSOC 17
+#define NETTLE_MAX_CIPHER_BLOCK_SIZE 32
+#define NETTLE_MAX_CIPHER_KEY_SIZE 32
+
+/* Equivalent to x == 0, but with an expression that should compile to
+   branch free code on all compilers. Requires that x is at most 31 bits. */
+#define IS_ZERO_SMALL(x) (((uint32_t)(x)-1U) >> 31)
+
 #endif /* GNUTLS_NETTLE_INT_NETTLE_INTERNAL_H_INCLUDED */

diff --git a/lib/nettle/int/rsa-oaep.h b/lib/nettle/int/rsa-oaep.h
new file mode 100644 (file)
index 0000000..cfdb30e
--- /dev/null
+++ b/lib/nettle/int/rsa-oaep.h
@@ -0,0 +1,90 @@
+/* rsa.h
+
+   The RSA publickey algorithm.
+
+   Copyright (C) 2001, 2002 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef GNUTLS_LIB_NETTLE_INT_RSA_OAEP_H_INCLUDED
+#define GNUTLS_LIB_NETTLE_INT_RSA_OAEP_H_INCLUDED
+
+#include <nettle/nettle-types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Name mangling */
+#define rsa_oaep_sha256_encrypt gnutls_nettle_backport_rsa_oaep_sha256_encrypt
+#define rsa_oaep_sha256_decrypt gnutls_nettle_backport_rsa_oaep_sha256_decrypt
+#define rsa_oaep_sha384_encrypt gnutls_nettle_backport_rsa_oaep_sha384_encrypt
+#define rsa_oaep_sha384_decrypt gnutls_nettle_backport_rsa_oaep_sha384_decrypt
+#define rsa_oaep_sha512_encrypt gnutls_nettle_backport_rsa_oaep_sha512_encrypt
+#define rsa_oaep_sha512_decrypt gnutls_nettle_backport_rsa_oaep_sha512_decrypt
+
+/* RSA encryption, using OAEP */
+
+int rsa_oaep_sha256_encrypt(const struct rsa_public_key *key, void *random_ctx,
+                           nettle_random_func *random, size_t label_length,
+                           const uint8_t *label, size_t length,
+                           const uint8_t *message, uint8_t *ciphertext);
+
+int rsa_oaep_sha256_decrypt(const struct rsa_public_key *pub,
+                           const struct rsa_private_key *key, void *random_ctx,
+                           nettle_random_func *random, size_t label_length,
+                           const uint8_t *label, size_t *length,
+                           uint8_t *message, const uint8_t *ciphertext);
+
+int rsa_oaep_sha384_encrypt(const struct rsa_public_key *key, void *random_ctx,
+                           nettle_random_func *random, size_t label_length,
+                           const uint8_t *label, size_t length,
+                           const uint8_t *message, uint8_t *ciphertext);
+
+int rsa_oaep_sha384_decrypt(const struct rsa_public_key *pub,
+                           const struct rsa_private_key *key, void *random_ctx,
+                           nettle_random_func *random, size_t label_length,
+                           const uint8_t *label, size_t *length,
+                           uint8_t *message, const uint8_t *ciphertext);
+
+int rsa_oaep_sha512_encrypt(const struct rsa_public_key *key, void *random_ctx,
+                           nettle_random_func *random, size_t label_length,
+                           const uint8_t *label, size_t length,
+                           const uint8_t *message, uint8_t *ciphertext);
+
+int rsa_oaep_sha512_decrypt(const struct rsa_public_key *pub,
+                           const struct rsa_private_key *key, void *random_ctx,
+                           nettle_random_func *random, size_t label_length,
+                           const uint8_t *label, size_t *length,
+                           uint8_t *message, const uint8_t *ciphertext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* GNUTLS_LIB_NETTLE_INT_RSA_OAEP_H_INCLUDED */