git.distorted.org.uk Git - u/mdw/catacomb/blob - pss.h

   1 /* -*-c-*-
   2  *
   3  * $Id: pss.h,v 1.2 2003/05/16 09:42:03 mdw Exp $
   4  *
   5  * Probabistic signature scheme
   6  *
   7  * (c) 2000 Straylight/Edgeware
   8  */
   9
  10 /*----- Licensing notice --------------------------------------------------*
  11  *
  12  * This file is part of Catacomb.
  13  *
  14  * Catacomb is free software; you can redistribute it and/or modify
  15  * it under the terms of the GNU Library General Public License as
  16  * published by the Free Software Foundation; either version 2 of the
  17  * License, or (at your option) any later version.
  18  *
  19  * Catacomb is distributed in the hope that it will be useful,
  20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22  * GNU Library General Public License for more details.
  23  *
  24  * You should have received a copy of the GNU Library General Public
  25  * License along with Catacomb; if not, write to the Free
  26  * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
  27  * MA 02111-1307, USA.
  28  */
  29
  30 /*----- Revision history --------------------------------------------------*
  31  *
  32  * $Log: pss.h,v $
  33  * Revision 1.2  2003/05/16 09:42:03  mdw
  34  * Declare @pss_preverify@ instead of repeating @pss_resign@.
  35  *
  36  * Revision 1.1  2000/07/20 20:13:38  mdw
  37  * Added Bellare and Rogaway's PSS encoding for RSA signatures.
  38  *
  39  */
  40
  41 /*----- Notes on PSS ------------------------------------------------------*
  42  *
  43  * Applying PSS before RSA signing renders the construction provably secure,
  44  * in that the difficulty of forging a signature is directly related to the
  45  * difficulty of inverting the RSA function, in the random oracle model.
  46  * This is a good thing.  PSS was designed by Bellare and Rogaway.  This
  47  * particular variant is the one specified in draft 1 of PKCS#1 version 2.1.
  48  *
  49  * Stanford University have a patent claim on PSS, although if (as seems
  50  * likely) PSS is included in IEEE P1363, they'll grant a free world-wide
  51  * licence to use the scheme for signatures with appendix (rather than
  52  * signatures with message recovery).
  53  */
  54
  55 #ifndef CATACOMB_PSS_H
  56 #define CATACOMB_PSS_H
  57
  58 #ifdef __cplusplus
  59   extern "C" {
  60 #endif
  61
  62 /*----- Header files ------------------------------------------------------*/
  63
  64 #include <mLib/bits.h>
  65 #include <mLib/dstr.h>
  66
  67 #ifndef CATACOMB_GCIPHER_H
  68 #  include "gcipher.h"
  69 #endif
  70
  71 #ifndef CATACOMB_GHASH_H
  72 #  include "ghash.h"
  73 #endif
  74
  75 #ifndef CATACOMB_GRAND_H
  76 #  include "grand.h"
  77 #endif
  78
  79 /*----- Data structures ---------------------------------------------------*/
  80
  81 typedef struct pss {
  82   const gccipher *cc;                   /* Cipher class for masking */
  83   const gchash *ch;                     /* Hash class for choosing a seed */
  84   grand *r;                             /* Random number source */
  85   void *salt;                           /* Pointer to the salt */
  86 } pss;
  87
  88 /*----- Functions provided ------------------------------------------------*/
  89
  90 /* --- @pss_presign@ --- *
  91  *
  92  * Arguments:   @pss *pp@ = pointer to PSS parameter block
  93  *
  94  * Returns:     An initialized generic hash context.
  95  *
  96  * Use:         Initializes a hash function for signing with PSS.  A salt is
  97  *              chosen and written into the parameter block.
  98  */
  99
 100 extern ghash *pss_presign(pss */*pp*/);
 101
 102 /* --- @pss_encode@ --- *
 103  *
 104  * Arguments:   @const void *msg@ = pointer to message (hash) data
 105  *              @size_t msz@ = size of message data
 106  *              @void *buf@ = pointer to output buffer
 107  *              @size_t sz@ = size of the output buffer
 108  *              @void *p@ = pointer to PSS parameter block
 109  *
 110  * Returns:     Zero of all went well, negative on failure.
 111  *
 112  * Use:         Implements the operation @EMSA-PSS-ENCODE@, as defined in
 113  *              PKCS#1 v. 2.1 draft 1.
 114  */
 115
 116 extern int pss_encode(const void */*msg*/, size_t /*msz*/,
 117                       void */*buf*/, size_t /*sz*/, void */*p*/);
 118
 119 /* --- @pss_decode@ --- *
 120  *
 121  * Arguments:   @const void *buf@ = pointer to encoded buffer
 122  *              @size_t sz@ = size of the encoded byffer
 123  *              @dstr *d@ = pointer to destination string
 124  *              @void *p@ = pointer to PSS parameter block
 125  *
 126  * Returns:     The length of the output string (hash) if successful,
 127  *              negative on failure.
 128  *
 129  * Use:         Implements most of the operation @EMSA_PSS_VERIFY@, as
 130  *              defined in PCSK#1 v. 2.1 draft 1.  The salt value is filled
 131  *              in ready for hashing of the data to start.
 132  */
 133
 134 extern int pss_decode(const void */*buf*/, size_t /*sz*/,
 135                       dstr */*d*/, void */*p*/);
 136
 137 /* --- @pss_preverify@ --- *
 138  *
 139  * Arguments:   @pss *pp@ = pointer to PSS parameter block
 140  *
 141  * Returns:     An initialized generic hash context.
 142  *
 143  * Use:         Initializes a hash function for use with PSS.  A salt is
 144  *              read from the parameter block, where @pss_decode@ should have
 145  *              left it.
 146  */
 147
 148 extern ghash *pss_preverify(pss */*pp*/);
 149
 150 /* --- @pss_done@ --- *
 151  *
 152  * Arguments:   @pss *pp@ = pointer to PSS parameter block
 153  *
 154  * Returns:     ---
 155  *
 156  * Use:         Disposes of a PSS parameter block once it's finished with.
 157  */
 158
 159 extern void pss_done(pss */*pp*/);
 160
 161 /*----- That's all, folks -------------------------------------------------*/
 162
 163 #ifdef __cplusplus
 164   }
 165 #endif
 166
 167 #endif