3
|
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis |
|
2 * |
|
3 * LibTomCrypt is a library that provides various cryptographic |
|
4 * algorithms in a highly modular and flexible manner. |
|
5 * |
|
6 * The library is free for all purposes without any express |
|
7 * guarantee it works. |
|
8 * |
|
9 * Tom St Denis, [email protected], http://libtomcrypt.org |
|
10 */ |
|
11 #include "mycrypt.h" |
|
12 |
|
13 #ifdef MDSA |
|
14 |
|
15 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, |
|
16 const unsigned char *hash, unsigned long inlen, |
|
17 int *stat, dsa_key *key) |
|
18 { |
|
19 mp_int r, s, w, v, u1, u2; |
|
20 unsigned long x, y; |
|
21 int err; |
|
22 |
|
23 _ARGCHK(sig != NULL); |
|
24 _ARGCHK(hash != NULL); |
|
25 _ARGCHK(stat != NULL); |
|
26 _ARGCHK(key != NULL); |
|
27 |
|
28 /* default to invalid signature */ |
|
29 *stat = 0; |
|
30 |
|
31 if (siglen < PACKET_SIZE+2+2) { |
|
32 return CRYPT_INVALID_PACKET; |
|
33 } |
|
34 |
|
35 /* is the message format correct? */ |
|
36 if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DSA, PACKET_SUB_SIGNED)) != CRYPT_OK) { |
|
37 return err; |
|
38 } |
|
39 |
|
40 /* skip over header */ |
|
41 y = PACKET_SIZE; |
|
42 |
|
43 /* init our variables */ |
|
44 if ((err = mp_init_multi(&r, &s, &w, &v, &u1, &u2, NULL)) != MP_OKAY) { |
|
45 return mpi_to_ltc_error(err); |
|
46 } |
|
47 |
|
48 /* read in r followed by s */ |
|
49 x = ((unsigned)sig[y]<<8)|((unsigned)sig[y+1]); |
|
50 y += 2; |
|
51 if (y + x > siglen) { |
|
52 err = CRYPT_INVALID_PACKET; |
|
53 goto done; |
|
54 } |
|
55 if ((err = mp_read_unsigned_bin(&r, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; } |
|
56 y += x; |
|
57 |
|
58 /* load s */ |
|
59 x = ((unsigned)sig[y]<<8)|((unsigned)sig[y+1]); |
|
60 y += 2; |
|
61 if (y + x > siglen) { |
|
62 err = CRYPT_INVALID_PACKET; |
|
63 goto done; |
|
64 } |
|
65 if ((err = mp_read_unsigned_bin(&s, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; } |
|
66 |
|
67 /* w = 1/s mod q */ |
|
68 if ((err = mp_invmod(&s, &key->q, &w)) != MP_OKAY) { goto error; } |
|
69 |
|
70 /* u1 = m * w mod q */ |
|
71 if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, inlen)) != MP_OKAY) { goto error; } |
|
72 if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; } |
|
73 |
|
74 /* u2 = r*w mod q */ |
|
75 if ((err = mp_mulmod(&r, &w, &key->q, &u2)) != MP_OKAY) { goto error; } |
|
76 |
|
77 /* v = g^u1 * y^u2 mod p mod q */ |
|
78 if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; } |
|
79 if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; } |
|
80 if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; } |
|
81 if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; } |
|
82 |
|
83 /* if r = v then we're set */ |
|
84 if (mp_cmp(&r, &v) == MP_EQ) { |
|
85 *stat = 1; |
|
86 } |
|
87 |
|
88 err = CRYPT_OK; |
|
89 goto done; |
|
90 |
|
91 error : err = mpi_to_ltc_error(err); |
|
92 done : mp_clear_multi(&r, &s, &w, &v, &u1, &u2, NULL); |
|
93 return err; |
|
94 } |
|
95 |
|
96 #endif |
|
97 |