3
|
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis |
|
2 * |
|
3 * LibTomCrypt is a library that provides various cryptographic |
|
4 * algorithms in a highly modular and flexible manner. |
|
5 * |
|
6 * The library is free for all purposes without any express |
|
7 * guarantee it works. |
|
8 * |
|
9 * Tom St Denis, [email protected], http://libtomcrypt.org |
|
10 */ |
|
11 #include "mycrypt.h" |
|
12 |
|
13 #ifdef MDSA |
|
14 |
|
15 int dsa_verify_key(dsa_key *key, int *stat) |
|
16 { |
|
17 mp_int tmp, tmp2; |
|
18 int res, err; |
|
19 |
|
20 _ARGCHK(key != NULL); |
|
21 _ARGCHK(stat != NULL); |
|
22 |
|
23 *stat = 0; |
|
24 |
|
25 /* first make sure key->q and key->p are prime */ |
|
26 if ((err = is_prime(&key->q, &res)) != CRYPT_OK) { |
|
27 return err; |
|
28 } |
|
29 if (res == 0) { |
|
30 return CRYPT_OK; |
|
31 } |
|
32 |
|
33 |
|
34 if ((err = is_prime(&key->p, &res)) != CRYPT_OK) { |
|
35 return err; |
|
36 } |
|
37 if (res == 0) { |
|
38 return CRYPT_OK; |
|
39 } |
|
40 |
|
41 /* now make sure that g is not -1, 0 or 1 and <p */ |
|
42 if (mp_cmp_d(&key->g, 0) == MP_EQ || mp_cmp_d(&key->g, 1) == MP_EQ) { |
|
43 return CRYPT_OK; |
|
44 } |
|
45 if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != MP_OKAY) { goto error; } |
|
46 if ((err = mp_sub_d(&key->p, 1, &tmp)) != MP_OKAY) { goto error; } |
|
47 if (mp_cmp(&tmp, &key->g) == MP_EQ || mp_cmp(&key->g, &key->p) != MP_LT) { |
|
48 err = CRYPT_OK; |
|
49 goto done; |
|
50 } |
|
51 |
|
52 /* 1 < y < p-1 */ |
|
53 if (!(mp_cmp_d(&key->y, 1) == MP_GT && mp_cmp(&key->y, &tmp) == MP_LT)) { |
|
54 err = CRYPT_OK; |
|
55 goto done; |
|
56 } |
|
57 |
|
58 /* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */ |
|
59 if ((err = mp_div(&tmp, &key->q, &tmp, &tmp2)) != MP_OKAY) { goto error; } |
|
60 if (mp_iszero(&tmp2) != MP_YES) { |
|
61 err = CRYPT_OK; |
|
62 goto done; |
|
63 } |
|
64 |
|
65 if ((err = mp_exptmod(&key->g, &key->q, &key->p, &tmp)) != MP_OKAY) { goto error; } |
|
66 if (mp_cmp_d(&tmp, 1) != MP_EQ) { |
|
67 err = CRYPT_OK; |
|
68 goto done; |
|
69 } |
|
70 |
|
71 /* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */ |
|
72 if ((err = mp_exptmod(&key->y, &key->q, &key->p, &tmp)) != MP_OKAY) { goto error; } |
|
73 if (mp_cmp_d(&tmp, 1) != MP_EQ) { |
|
74 err = CRYPT_OK; |
|
75 goto done; |
|
76 } |
|
77 |
|
78 /* at this point we are out of tests ;-( */ |
|
79 err = CRYPT_OK; |
|
80 *stat = 1; |
|
81 goto done; |
|
82 error: err = mpi_to_ltc_error(err); |
|
83 done : mp_clear_multi(&tmp, &tmp2, NULL); |
|
84 return err; |
|
85 } |
|
86 #endif |