Mercurial > dropbear
comparison libtomcrypt/src/pk/dsa/dsa_verify_hash.c @ 1471:6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 09 Feb 2018 21:44:05 +0800 |
| parents | f849a5ca2efc |
| children |
comparison
equal
deleted
inserted
replaced
| 1470:8bba51a55704 | 1471:6dba84798cd5 |
|---|---|
| 3 * LibTomCrypt is a library that provides various cryptographic | 3 * LibTomCrypt is a library that provides various cryptographic |
| 4 * algorithms in a highly modular and flexible manner. | 4 * algorithms in a highly modular and flexible manner. |
| 5 * | 5 * |
| 6 * The library is free for all purposes without any express | 6 * The library is free for all purposes without any express |
| 7 * guarantee it works. | 7 * guarantee it works. |
| 8 * | |
| 9 * Tom St Denis, [email protected], http://libtom.org | |
| 10 */ | 8 */ |
| 11 #include "tomcrypt.h" | 9 #include "tomcrypt.h" |
| 12 | 10 |
| 13 /** | 11 /** |
| 14 @file dsa_verify_hash.c | 12 @file dsa_verify_hash.c |
| 23 @param r DSA "r" parameter | 21 @param r DSA "r" parameter |
| 24 @param s DSA "s" parameter | 22 @param s DSA "s" parameter |
| 25 @param hash The hash that was signed | 23 @param hash The hash that was signed |
| 26 @param hashlen The length of the hash that was signed | 24 @param hashlen The length of the hash that was signed |
| 27 @param stat [out] The result of the signature verification, 1==valid, 0==invalid | 25 @param stat [out] The result of the signature verification, 1==valid, 0==invalid |
| 28 @param key The corresponding public DH key | 26 @param key The corresponding public DSA key |
| 29 @return CRYPT_OK if successful (even if the signature is invalid) | 27 @return CRYPT_OK if successful (even if the signature is invalid) |
| 30 */ | 28 */ |
| 31 int dsa_verify_hash_raw( void *r, void *s, | 29 int dsa_verify_hash_raw( void *r, void *s, |
| 32 const unsigned char *hash, unsigned long hashlen, | 30 const unsigned char *hash, unsigned long hashlen, |
| 33 int *stat, dsa_key *key) | 31 int *stat, dsa_key *key) |
| 34 { | 32 { |
| 35 void *w, *v, *u1, *u2; | 33 void *w, *v, *u1, *u2; |
| 36 int err; | 34 int err; |
| 37 | 35 |
| 47 if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) { | 45 if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) { |
| 48 return err; | 46 return err; |
| 49 } | 47 } |
| 50 | 48 |
| 51 /* neither r or s can be null or >q*/ | 49 /* neither r or s can be null or >q*/ |
| 52 if (mp_iszero(r) == LTC_MP_YES || mp_iszero(s) == LTC_MP_YES || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) { | 50 if (mp_cmp_d(r, 0) != LTC_MP_GT || mp_cmp_d(s, 0) != LTC_MP_GT || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) { |
| 53 err = CRYPT_INVALID_PACKET; | 51 err = CRYPT_INVALID_PACKET; |
| 54 goto error; | 52 goto error; |
| 55 } | 53 } |
| 56 | 54 |
| 55 /* FIPS 186-4 4.7: use leftmost min(bitlen(q), bitlen(hash)) bits of 'hash' */ | |
| 56 hashlen = MIN(hashlen, (unsigned long)(key->qord)); | |
| 57 | |
| 57 /* w = 1/s mod q */ | 58 /* w = 1/s mod q */ |
| 58 if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; } | 59 if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; } |
| 59 | 60 |
| 60 /* u1 = m * w mod q */ | 61 /* u1 = m * w mod q */ |
| 61 if ((err = mp_read_unsigned_bin(u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; } | 62 if ((err = mp_read_unsigned_bin(u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; } |
| 62 if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; } | 63 if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; } |
| 63 | 64 |
| 64 /* u2 = r*w mod q */ | 65 /* u2 = r*w mod q */ |
| 65 if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; } | 66 if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; } |
| 66 | 67 |
| 67 /* v = g^u1 * y^u2 mod p mod q */ | 68 /* v = g^u1 * y^u2 mod p mod q */ |
| 68 if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; } | 69 if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; } |
| 69 if ((err = mp_exptmod(key->y, u2, key->p, u2)) != CRYPT_OK) { goto error; } | 70 if ((err = mp_exptmod(key->y, u2, key->p, u2)) != CRYPT_OK) { goto error; } |
| 70 if ((err = mp_mulmod(u1, u2, key->p, v)) != CRYPT_OK) { goto error; } | 71 if ((err = mp_mulmod(u1, u2, key->p, v)) != CRYPT_OK) { goto error; } |
| 86 @param sig The signature | 87 @param sig The signature |
| 87 @param siglen The length of the signature (octets) | 88 @param siglen The length of the signature (octets) |
| 88 @param hash The hash that was signed | 89 @param hash The hash that was signed |
| 89 @param hashlen The length of the hash that was signed | 90 @param hashlen The length of the hash that was signed |
| 90 @param stat [out] The result of the signature verification, 1==valid, 0==invalid | 91 @param stat [out] The result of the signature verification, 1==valid, 0==invalid |
| 91 @param key The corresponding public DH key | 92 @param key The corresponding public DSA key |
| 92 @return CRYPT_OK if successful (even if the signature is invalid) | 93 @return CRYPT_OK if successful (even if the signature is invalid) |
| 93 */ | 94 */ |
| 94 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, | 95 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, |
| 95 const unsigned char *hash, unsigned long hashlen, | 96 const unsigned char *hash, unsigned long hashlen, |
| 96 int *stat, dsa_key *key) | 97 int *stat, dsa_key *key) |
| 97 { | 98 { |
| 98 int err; | 99 int err; |
| 99 void *r, *s; | 100 void *r, *s; |
| 101 ltc_asn1_list sig_seq[2]; | |
| 102 unsigned long reallen = 0; | |
| 103 | |
| 104 LTC_ARGCHK(stat != NULL); | |
| 105 *stat = 0; /* must be set before the first return */ | |
| 100 | 106 |
| 101 if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) { | 107 if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) { |
| 102 return CRYPT_MEM; | 108 return err; |
| 103 } | 109 } |
| 104 | 110 |
| 105 /* decode the sequence */ | 111 LTC_SET_ASN1(sig_seq, 0, LTC_ASN1_INTEGER, r, 1UL); |
| 106 if ((err = der_decode_sequence_multi(sig, siglen, | 112 LTC_SET_ASN1(sig_seq, 1, LTC_ASN1_INTEGER, s, 1UL); |
| 107 LTC_ASN1_INTEGER, 1UL, r, | 113 |
| 108 LTC_ASN1_INTEGER, 1UL, s, | 114 err = der_decode_sequence(sig, siglen, sig_seq, 2); |
| 109 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { | 115 if (err != CRYPT_OK) { |
| 116 goto LBL_ERR; | |
| 117 } | |
| 118 | |
| 119 err = der_length_sequence(sig_seq, 2, &reallen); | |
| 120 if (err != CRYPT_OK || reallen != siglen) { | |
| 110 goto LBL_ERR; | 121 goto LBL_ERR; |
| 111 } | 122 } |
| 112 | 123 |
| 113 /* do the op */ | 124 /* do the op */ |
| 114 err = dsa_verify_hash_raw(r, s, hash, hashlen, stat, key); | 125 err = dsa_verify_hash_raw(r, s, hash, hashlen, stat, key); |
| 119 } | 130 } |
| 120 | 131 |
| 121 #endif | 132 #endif |
| 122 | 133 |
| 123 | 134 |
| 124 /* $Source$ */ | 135 /* ref: $Format:%D$ */ |
| 125 /* $Revision$ */ | 136 /* git commit: $Format:%H$ */ |
| 126 /* $Date$ */ | 137 /* commit time: $Format:%ai$ */ |