Mercurial > dropbear

comparison src/pk/dsa/dsa_verify_hash.c @ 209:39d5d58461d6 libtomcrypt-orig LTC_1.05

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Import of libtomcrypt 1.05
author Matt Johnston <matt@ucc.asn.au>
date Wed, 06 Jul 2005 03:53:40 +0000
parents 1c15b283127b
children
comparison
equal deleted inserted replaced
191:1c15b283127b 209:39d5d58461d6
18 18
19 #ifdef MDSA 19 #ifdef MDSA
20 20
21 /** 21 /**
22 Verify a DSA signature 22 Verify a DSA signature
23 @param r DSA "r" parameter
24 @param s DSA "s" parameter
25 @param hash The hash that was signed
26 @param hashlen The length of the hash that was signed
27 @param stat [out] The result of the signature verification, 1==valid, 0==invalid
28 @param key The corresponding public DH key
29 @return CRYPT_OK if successful (even if the signature is invalid)
30 */
31 int dsa_verify_hash_raw( mp_int *r, mp_int *s,
32 const unsigned char *hash, unsigned long hashlen,
33 int *stat, dsa_key *key)
34 {
35 mp_int w, v, u1, u2;
36 int err;
37
38 LTC_ARGCHK(r != NULL);
39 LTC_ARGCHK(s != NULL);
40 LTC_ARGCHK(stat != NULL);
41 LTC_ARGCHK(key != NULL);
42
43 /* default to invalid signature */
44 *stat = 0;
45
46 /* init our variables */
47 if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != MP_OKAY) {
48 return mpi_to_ltc_error(err);
49 }
50
51 /* neither r or s can be null or >q*/
52 if (mp_iszero(r) == MP_YES || mp_iszero(s) == MP_YES || mp_cmp(r, &key->q) != MP_LT || mp_cmp(s, &key->q) != MP_LT) {
53 err = CRYPT_INVALID_PACKET;
54 goto done;
55 }
56
57 /* w = 1/s mod q */
58 if ((err = mp_invmod(s, &key->q, &w)) != MP_OKAY) { goto error; }
59
60 /* u1 = m * w mod q */
61 if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error; }
62 if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; }
63
64 /* u2 = r*w mod q */
65 if ((err = mp_mulmod(r, &w, &key->q, &u2)) != MP_OKAY) { goto error; }
66
67 /* v = g^u1 * y^u2 mod p mod q */
68 if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; }
69 if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; }
70 if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; }
71 if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; }
72
73 /* if r = v then we're set */
74 if (mp_cmp(r, &v) == MP_EQ) {
75 *stat = 1;
76 }
77
78 err = CRYPT_OK;
79 goto done;
80
81 error : err = mpi_to_ltc_error(err);
82 done : mp_clear_multi(&w, &v, &u1, &u2, NULL);
83 return err;
84 }
85
86 /**
87 Verify a DSA signature
23 @param sig The signature 88 @param sig The signature
24 @param siglen The length of the signature (octets) 89 @param siglen The length of the signature (octets)
25 @param hash The hash that was signed 90 @param hash The hash that was signed
26 @param hashlen The length of the hash that was signed 91 @param hashlen The length of the hash that was signed
27 @param stat [out] The result of the signature verification, 1==valid, 0==invalid 92 @param stat [out] The result of the signature verification, 1==valid, 0==invalid
30 */ 95 */
31 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, 96 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
32 const unsigned char *hash, unsigned long hashlen, 97 const unsigned char *hash, unsigned long hashlen,
33 int *stat, dsa_key *key) 98 int *stat, dsa_key *key)
34 { 99 {
35 mp_int r, s, w, v, u1, u2; 100 int err;
36 int err; 101 mp_int r, s;
37 102
38 LTC_ARGCHK(sig != NULL); 103 if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) {
39 LTC_ARGCHK(hash != NULL); 104 return CRYPT_MEM;
40 LTC_ARGCHK(stat != NULL);
41 LTC_ARGCHK(key != NULL);
42
43 /* default to invalid signature */
44 *stat = 0;
45
46 /* init our variables */
47 if ((err = mp_init_multi(&r, &s, &w, &v, &u1, &u2, NULL)) != MP_OKAY) {
48 return mpi_to_ltc_error(err);
49 } 105 }
50 106
51 /* read in r followed by s */ 107 /* decode the sequence */
52 if ((err = der_get_multi_integer(sig, &siglen, &r, &s, NULL)) != CRYPT_OK) { goto done; } 108 if ((err = der_decode_sequence_multi(sig, siglen,
53 109 LTC_ASN1_INTEGER, 1UL, &r,
54 /* neither r or s can be null */ 110 LTC_ASN1_INTEGER, 1UL, &s,
55 if (mp_iszero(&r) == MP_YES || mp_iszero(&s) == MP_YES) { 111 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
56 err = CRYPT_INVALID_PACKET; 112 goto LBL_ERR;
57 goto done;
58 }
59
60 /* w = 1/s mod q */
61 if ((err = mp_invmod(&s, &key->q, &w)) != MP_OKAY) { goto error; }
62
63 /* u1 = m * w mod q */
64 if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error; }
65 if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; }
66
67 /* u2 = r*w mod q */
68 if ((err = mp_mulmod(&r, &w, &key->q, &u2)) != MP_OKAY) { goto error; }
69
70 /* v = g^u1 * y^u2 mod p mod q */
71 if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; }
72 if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; }
73 if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; }
74 if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; }
75
76 /* if r = v then we're set */
77 if (mp_cmp(&r, &v) == MP_EQ) {
78 *stat = 1;
79 } 113 }
80 114
81 err = CRYPT_OK; 115 /* do the op */
82 goto done; 116 err = dsa_verify_hash_raw(&r, &s, hash, hashlen, stat, key);
83 117
84 error : err = mpi_to_ltc_error(err); 118 LBL_ERR:
85 done : mp_clear_multi(&r, &s, &w, &v, &u1, &u2, NULL); 119 mp_clear_multi(&r, &s, NULL);
86 return err; 120 return err;
87 } 121 }
88 122
89 #endif 123 #endif
90 124
125
126 /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_verify_hash.c,v $ */
127 /* $Revision: 1.8 $ */
128 /* $Date: 2005/05/15 21:48:59 $ */