FEAT: optional definition of the message digest algorithm to sign/verify data using rsa

Oldes · Oldes · commit c7e3d73e5c82 · 2022-01-31T14:04:08.000+01:00
diff --git a/src/boot/words.reb b/src/boot/words.reb
@@ -201,12 +201,12 @@ crc24
 crc32
 md4
 md5
-ripemd160
 sha1
 sha224
 sha256
 sha384
 sha512
+ripemd160
 
 ; Codec actions
 identify
diff --git a/src/core/n-crypt.c b/src/core/n-crypt.c
@@ -308,9 +308,11 @@ static int myrand(void *rng_state, unsigned char *output, size_t len)
 //		data    [binary! none!] "Data to work with. Use NONE to release the RSA handle resources!"
 //		/encrypt  "Use public key to encrypt data"
 //		/decrypt  "Use private key to decrypt data"
-//		/sign     "Use private key to sign data"
+//		/sign     "Use private key to sign data. Result is PKCS1 v1.5 binary"
 //		/verify   "Use public key to verify signed data (returns TRUE or FALSE)"
-//		 signature [binary!] "Result of the sign call"
+//		 signature [binary!] "Result of the /sign call"
+//		/hash     "Signature's message digest algorithm"
+//		 algorithm [word!] "Default value is SHA256"
 //  ]
 ***********************************************************************/
 {
@@ -324,20 +326,23 @@ static int myrand(void *rng_state, unsigned char *output, size_t len)
 	REBOOL  refSign     = D_REF(5);
 	REBOOL  refVerify   = D_REF(6);
 	REBVAL *val_sign    = D_ARG(7);
+	REBOOL  refHash     = D_REF(8);
+	REBVAL *val_hash    = D_ARG(9);
 
 	RSA_CTX *rsa;
 	REBSER  *data;
 	REBYTE  *inBinary;
 	REBYTE  *outBinary;
-	REBYTE   hash[32];
+	REBYTE   hash[64];
 	REBINT   inBytes;
 	REBINT   outBytes;
 	REBINT   err = 0;
+	mbedtls_md_type_t md_alg;
 
 	// make sure that only one refinement is used!
 	if(
-		(refEncrypt && (refDecrypt || refSign    || refVerify)) ||
-		(refDecrypt && (refEncrypt || refSign    || refVerify)) ||
+		(refEncrypt && (refDecrypt || refSign    || refVerify || refHash)) ||
+		(refDecrypt && (refEncrypt || refSign    || refVerify || refHash)) ||
 		(refSign    && (refDecrypt || refEncrypt || refVerify)) ||
 		(refVerify  && (refDecrypt || refSign    || refEncrypt))
 	) {
@@ -365,10 +370,26 @@ static int myrand(void *rng_state, unsigned char *output, size_t len)
 	inBinary = BIN_DATA(data);
 	inBytes = BIN_LEN(data);
 
-	if (refVerify) {
-		SHA256(inBinary, inBytes, hash);
-		err = mbedtls_rsa_rsassa_pkcs1_v15_verify(rsa, MBEDTLS_MD_SHA256, 32, hash, VAL_BIN(val_sign));
-		return (err == 0) ? R_TRUE : R_FALSE;
+	if (refVerify || refSign) {
+		if (IS_NONE(val_hash)) {
+			md_alg = MBEDTLS_MD_NONE;
+		}
+		else {
+			// count message digest off the input data
+			if (Message_Digest(hash, inBinary, inBytes, VAL_WORD_CANON(val_hash), &inBytes)) {
+				// map Rebol word to mbedtls_md_type_t (expets that have same order!)
+				// no need to test a range as only known will pass above run
+				md_alg = VAL_WORD_CANON(val_hash) - SYM_MD5 + 1;
+				inBinary = hash;
+			}
+			else {
+				return R_NONE;
+			}
+		}
+		if (refVerify) {
+			err = mbedtls_rsa_rsassa_pkcs1_v15_verify(rsa, md_alg, inBytes, inBinary, VAL_BIN(val_sign));
+			return (err == 0) ? R_TRUE : R_FALSE;
+		}
 	}
 
 	//allocate new binary!
@@ -377,8 +398,7 @@ static int myrand(void *rng_state, unsigned char *output, size_t len)
 	outBinary = BIN_DATA(data);
 
 	if (refSign) {
-		SHA256(inBinary, inBytes, hash);
-		err = mbedtls_rsa_rsassa_pkcs1_v15_sign(rsa, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_MD_SHA256, 32, hash, outBinary);
+		err = mbedtls_rsa_rsassa_pkcs1_v15_sign(rsa, mbedtls_ctr_drbg_random, &ctr_drbg, md_alg, inBytes, inBinary, outBinary);
 	}
 	else if (refEncrypt) {
 		err = mbedtls_rsa_rsaes_pkcs1_v15_encrypt(rsa, mbedtls_ctr_drbg_random, &ctr_drbg, inBytes, inBinary, outBinary);
diff --git a/src/core/n-strings.c b/src/core/n-strings.c
@@ -70,6 +70,58 @@ static struct digest {
 };
 
 
+/***********************************************************************
+**
+*/	REBOOL *Message_Digest(REBYTE *output, REBYTE *input, REBCNT length, REBCNT method, REBCNT *olen)
+/*
+***********************************************************************/
+{
+	switch (method) {
+	case SYM_MD5:
+		MD5(input, length, output);
+		*olen = 16;
+		break;
+	case SYM_SHA1:
+		SHA1(input, length, output);
+		*olen = 20;
+		break;
+	case SYM_SHA256:
+		SHA256(input, length, output);
+		*olen = 32;
+		break;
+	case SYM_SHA224:
+		SHA224(input, length, output);
+		*olen = 28;
+		break;
+	case SYM_SHA512:
+		SHA512(input, length, output);
+		*olen = 64;
+		break;
+#ifdef INCLUDE_SHA384
+	case SYM_SHA384:
+		SHA384(input, length, output);
+		*olen = 48;
+		break;
+#endif
+#ifdef INCLUDE_RIPEMD160
+	case SYM_RIPEMD160:
+		RIPEMD160(input, length, output);
+		*olen = 20;
+		break;
+#endif
+#ifdef INCLUDE_MD4
+	case SYM_MD4:
+		MD4(input, length, output);
+		*olen = 16;
+		break;
+#endif
+	default:
+		return FALSE;
+	}
+	return TRUE;
+}
+
+
 /***********************************************************************
 **
 */	REBNATIVE(ajoin)
diff --git a/src/tests/units/rsa-test.r3 b/src/tests/units/rsa-test.r3
@@ -89,36 +89,36 @@ Rebol [
 
 	--test-- "RSA verification"
 		;you can use both keys for verification (only the public parts are used)
-		--assert true? rsa/verify key-pub bin-data sign-hash
-		--assert true? rsa/verify key-pri bin-data sign-hash
+		--assert rsa/verify key-pub bin-data sign-hash
+		--assert rsa/verify key-pri bin-data sign-hash
 
 	--test-- "RSA key release"
 		;once RSA key is not needed, release the resources using NONE data
 		--assert rsa key-pub none
 		--assert rsa key-pri none
+		; released handle is now unusable:
+		--assert error? try [rsa/verify/hash key-pub bin-data signature 'SHA512]
 
 ===end-group===
 
 
 ===start-group=== "RSA initialization using codecs"
 	--test-- "RSA sign/verify using external file"
 	; Bob has data, which wants to sign, so it's clear, that nobody modifies them
-	data: "Hello!"
-	; As RSA is slow, it is used on hashes.. for example SHA1
-	hash: checksum data 'sha1
+	data: read %units/files/apiserver.crt
 	; Bob uses private key which keeps secret...
 	--assert handle? try [private-key: load %units/files/rebol-private-no-pass.ppk]
-	; .. to sign the hash..
-	--assert binary? signed-hash: rsa/sign private-key hash
+	; .. and signs data with specified message digest algorithm
+	--assert binary? signature: rsa/sign/hash private-key data 'SHA512
 
-	; than sends data, and signed hash to Eve, who have his public key 
+	; than sends data and its signature to Eve, who have his public key, even using some unsecure way
 	--assert handle? try [public-key: load %units/files/rebol-public.ppk]
-	; Eve uses the key to verify the checksum...
-	--assert true? rsa/verify public-key (checksum data 'sha1) signed-hash
-	; so she know, that data were not modified
+	; Eve uses the key to verify the received data using its signature and hash
+	--assert rsa/verify/hash public-key data signature 'SHA512
+	; so she knows, that data were not modified
 
-	; cleanup:
-	rsa public-key none
+	; used keys should be released by GC, when not referenced, but we can release them immediately:
+	rsa public-key  none
 	rsa private-key none
 ===end-group===
 
