Mercurial > dropbear
comparison src/pk/dsa/dsa_verify_hash.c @ 191:1c15b283127b libtomcrypt-orig
Import of libtomcrypt 1.02 with manual path rename rearrangement etc
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 06 May 2005 13:23:02 +0000 |
| parents | |
| children | 39d5d58461d6 |
comparison
equal
deleted
inserted
replaced
| 143:5d99163f7e32 | 191:1c15b283127b |
|---|---|
| 1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
| 2 * | |
| 3 * LibTomCrypt is a library that provides various cryptographic | |
| 4 * algorithms in a highly modular and flexible manner. | |
| 5 * | |
| 6 * The library is free for all purposes without any express | |
| 7 * guarantee it works. | |
| 8 * | |
| 9 * Tom St Denis, [email protected], http://libtomcrypt.org | |
| 10 */ | |
| 11 #include "tomcrypt.h" | |
| 12 | |
| 13 /** | |
| 14 @file dsa_verify_hash.c | |
| 15 DSA implementation, verify a signature, Tom St Denis | |
| 16 */ | |
| 17 | |
| 18 | |
| 19 #ifdef MDSA | |
| 20 | |
| 21 /** | |
| 22 Verify a DSA signature | |
| 23 @param sig The signature | |
| 24 @param siglen The length of the signature (octets) | |
| 25 @param hash The hash that was signed | |
| 26 @param hashlen The length of the hash that was signed | |
| 27 @param stat [out] The result of the signature verification, 1==valid, 0==invalid | |
| 28 @param key The corresponding public DH key | |
| 29 @return CRYPT_OK if successful (even if the signature is invalid) | |
| 30 */ | |
| 31 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, | |
| 32 const unsigned char *hash, unsigned long hashlen, | |
| 33 int *stat, dsa_key *key) | |
| 34 { | |
| 35 mp_int r, s, w, v, u1, u2; | |
| 36 int err; | |
| 37 | |
| 38 LTC_ARGCHK(sig != NULL); | |
| 39 LTC_ARGCHK(hash != NULL); | |
| 40 LTC_ARGCHK(stat != NULL); | |
| 41 LTC_ARGCHK(key != NULL); | |
| 42 | |
| 43 /* default to invalid signature */ | |
| 44 *stat = 0; | |
| 45 | |
| 46 /* init our variables */ | |
| 47 if ((err = mp_init_multi(&r, &s, &w, &v, &u1, &u2, NULL)) != MP_OKAY) { | |
| 48 return mpi_to_ltc_error(err); | |
| 49 } | |
| 50 | |
| 51 /* read in r followed by s */ | |
| 52 if ((err = der_get_multi_integer(sig, &siglen, &r, &s, NULL)) != CRYPT_OK) { goto done; } | |
| 53 | |
| 54 /* neither r or s can be null */ | |
| 55 if (mp_iszero(&r) == MP_YES || mp_iszero(&s) == MP_YES) { | |
| 56 err = CRYPT_INVALID_PACKET; | |
| 57 goto done; | |
| 58 } | |
| 59 | |
| 60 /* w = 1/s mod q */ | |
| 61 if ((err = mp_invmod(&s, &key->q, &w)) != MP_OKAY) { goto error; } | |
| 62 | |
| 63 /* u1 = m * w mod q */ | |
| 64 if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error; } | |
| 65 if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; } | |
| 66 | |
| 67 /* u2 = r*w mod q */ | |
| 68 if ((err = mp_mulmod(&r, &w, &key->q, &u2)) != MP_OKAY) { goto error; } | |
| 69 | |
| 70 /* v = g^u1 * y^u2 mod p mod q */ | |
| 71 if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; } | |
| 72 if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; } | |
| 73 if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; } | |
| 74 if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; } | |
| 75 | |
| 76 /* if r = v then we're set */ | |
| 77 if (mp_cmp(&r, &v) == MP_EQ) { | |
| 78 *stat = 1; | |
| 79 } | |
| 80 | |
| 81 err = CRYPT_OK; | |
| 82 goto done; | |
| 83 | |
| 84 error : err = mpi_to_ltc_error(err); | |
| 85 done : mp_clear_multi(&r, &s, &w, &v, &u1, &u2, NULL); | |
| 86 return err; | |
| 87 } | |
| 88 | |
| 89 #endif | |
| 90 |