Mercurial > dropbear
comparison dsa_verify_hash.c @ 3:7faae8f46238 libtomcrypt-orig
Branch renaming
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 31 May 2004 18:25:41 +0000 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 3:7faae8f46238 |
---|---|
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
2 * | |
3 * LibTomCrypt is a library that provides various cryptographic | |
4 * algorithms in a highly modular and flexible manner. | |
5 * | |
6 * The library is free for all purposes without any express | |
7 * guarantee it works. | |
8 * | |
9 * Tom St Denis, [email protected], http://libtomcrypt.org | |
10 */ | |
11 #include "mycrypt.h" | |
12 | |
13 #ifdef MDSA | |
14 | |
15 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, | |
16 const unsigned char *hash, unsigned long inlen, | |
17 int *stat, dsa_key *key) | |
18 { | |
19 mp_int r, s, w, v, u1, u2; | |
20 unsigned long x, y; | |
21 int err; | |
22 | |
23 _ARGCHK(sig != NULL); | |
24 _ARGCHK(hash != NULL); | |
25 _ARGCHK(stat != NULL); | |
26 _ARGCHK(key != NULL); | |
27 | |
28 /* default to invalid signature */ | |
29 *stat = 0; | |
30 | |
31 if (siglen < PACKET_SIZE+2+2) { | |
32 return CRYPT_INVALID_PACKET; | |
33 } | |
34 | |
35 /* is the message format correct? */ | |
36 if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DSA, PACKET_SUB_SIGNED)) != CRYPT_OK) { | |
37 return err; | |
38 } | |
39 | |
40 /* skip over header */ | |
41 y = PACKET_SIZE; | |
42 | |
43 /* init our variables */ | |
44 if ((err = mp_init_multi(&r, &s, &w, &v, &u1, &u2, NULL)) != MP_OKAY) { | |
45 return mpi_to_ltc_error(err); | |
46 } | |
47 | |
48 /* read in r followed by s */ | |
49 x = ((unsigned)sig[y]<<8)|((unsigned)sig[y+1]); | |
50 y += 2; | |
51 if (y + x > siglen) { | |
52 err = CRYPT_INVALID_PACKET; | |
53 goto done; | |
54 } | |
55 if ((err = mp_read_unsigned_bin(&r, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; } | |
56 y += x; | |
57 | |
58 /* load s */ | |
59 x = ((unsigned)sig[y]<<8)|((unsigned)sig[y+1]); | |
60 y += 2; | |
61 if (y + x > siglen) { | |
62 err = CRYPT_INVALID_PACKET; | |
63 goto done; | |
64 } | |
65 if ((err = mp_read_unsigned_bin(&s, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; } | |
66 | |
67 /* w = 1/s mod q */ | |
68 if ((err = mp_invmod(&s, &key->q, &w)) != MP_OKAY) { goto error; } | |
69 | |
70 /* u1 = m * w mod q */ | |
71 if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, inlen)) != MP_OKAY) { goto error; } | |
72 if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; } | |
73 | |
74 /* u2 = r*w mod q */ | |
75 if ((err = mp_mulmod(&r, &w, &key->q, &u2)) != MP_OKAY) { goto error; } | |
76 | |
77 /* v = g^u1 * y^u2 mod p mod q */ | |
78 if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; } | |
79 if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; } | |
80 if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; } | |
81 if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; } | |
82 | |
83 /* if r = v then we're set */ | |
84 if (mp_cmp(&r, &v) == MP_EQ) { | |
85 *stat = 1; | |
86 } | |
87 | |
88 err = CRYPT_OK; | |
89 goto done; | |
90 | |
91 error : err = mpi_to_ltc_error(err); | |
92 done : mp_clear_multi(&r, &s, &w, &v, &u1, &u2, NULL); | |
93 return err; | |
94 } | |
95 | |
96 #endif | |
97 |