comparison dsa_verify_hash.c @ 3:7faae8f46238 libtomcrypt-orig

Branch renaming
author Matt Johnston <matt@ucc.asn.au>
date Mon, 31 May 2004 18:25:41 +0000
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 3:7faae8f46238
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11 #include "mycrypt.h"
12
13 #ifdef MDSA
14
15 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
16 const unsigned char *hash, unsigned long inlen,
17 int *stat, dsa_key *key)
18 {
19 mp_int r, s, w, v, u1, u2;
20 unsigned long x, y;
21 int err;
22
23 _ARGCHK(sig != NULL);
24 _ARGCHK(hash != NULL);
25 _ARGCHK(stat != NULL);
26 _ARGCHK(key != NULL);
27
28 /* default to invalid signature */
29 *stat = 0;
30
31 if (siglen < PACKET_SIZE+2+2) {
32 return CRYPT_INVALID_PACKET;
33 }
34
35 /* is the message format correct? */
36 if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DSA, PACKET_SUB_SIGNED)) != CRYPT_OK) {
37 return err;
38 }
39
40 /* skip over header */
41 y = PACKET_SIZE;
42
43 /* init our variables */
44 if ((err = mp_init_multi(&r, &s, &w, &v, &u1, &u2, NULL)) != MP_OKAY) {
45 return mpi_to_ltc_error(err);
46 }
47
48 /* read in r followed by s */
49 x = ((unsigned)sig[y]<<8)|((unsigned)sig[y+1]);
50 y += 2;
51 if (y + x > siglen) {
52 err = CRYPT_INVALID_PACKET;
53 goto done;
54 }
55 if ((err = mp_read_unsigned_bin(&r, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; }
56 y += x;
57
58 /* load s */
59 x = ((unsigned)sig[y]<<8)|((unsigned)sig[y+1]);
60 y += 2;
61 if (y + x > siglen) {
62 err = CRYPT_INVALID_PACKET;
63 goto done;
64 }
65 if ((err = mp_read_unsigned_bin(&s, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; }
66
67 /* w = 1/s mod q */
68 if ((err = mp_invmod(&s, &key->q, &w)) != MP_OKAY) { goto error; }
69
70 /* u1 = m * w mod q */
71 if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, inlen)) != MP_OKAY) { goto error; }
72 if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; }
73
74 /* u2 = r*w mod q */
75 if ((err = mp_mulmod(&r, &w, &key->q, &u2)) != MP_OKAY) { goto error; }
76
77 /* v = g^u1 * y^u2 mod p mod q */
78 if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; }
79 if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; }
80 if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; }
81 if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; }
82
83 /* if r = v then we're set */
84 if (mp_cmp(&r, &v) == MP_EQ) {
85 *stat = 1;
86 }
87
88 err = CRYPT_OK;
89 goto done;
90
91 error : err = mpi_to_ltc_error(err);
92 done : mp_clear_multi(&r, &s, &w, &v, &u1, &u2, NULL);
93 return err;
94 }
95
96 #endif
97