Mercurial > dropbear
comparison dsa_verify_hash.c @ 0:d7da3b1e1540 libtomcrypt
put back the 0.95 makefile which was inadvertently merged over
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 31 May 2004 18:21:40 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:d7da3b1e1540 |
|---|---|
| 1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
| 2 * | |
| 3 * LibTomCrypt is a library that provides various cryptographic | |
| 4 * algorithms in a highly modular and flexible manner. | |
| 5 * | |
| 6 * The library is free for all purposes without any express | |
| 7 * guarantee it works. | |
| 8 * | |
| 9 * Tom St Denis, [email protected], http://libtomcrypt.org | |
| 10 */ | |
| 11 #include "mycrypt.h" | |
| 12 | |
| 13 #ifdef MDSA | |
| 14 | |
| 15 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, | |
| 16 const unsigned char *hash, unsigned long inlen, | |
| 17 int *stat, dsa_key *key) | |
| 18 { | |
| 19 mp_int r, s, w, v, u1, u2; | |
| 20 unsigned long x, y; | |
| 21 int err; | |
| 22 | |
| 23 _ARGCHK(sig != NULL); | |
| 24 _ARGCHK(hash != NULL); | |
| 25 _ARGCHK(stat != NULL); | |
| 26 _ARGCHK(key != NULL); | |
| 27 | |
| 28 /* default to invalid signature */ | |
| 29 *stat = 0; | |
| 30 | |
| 31 if (siglen < PACKET_SIZE+2+2) { | |
| 32 return CRYPT_INVALID_PACKET; | |
| 33 } | |
| 34 | |
| 35 /* is the message format correct? */ | |
| 36 if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DSA, PACKET_SUB_SIGNED)) != CRYPT_OK) { | |
| 37 return err; | |
| 38 } | |
| 39 | |
| 40 /* skip over header */ | |
| 41 y = PACKET_SIZE; | |
| 42 | |
| 43 /* init our variables */ | |
| 44 if ((err = mp_init_multi(&r, &s, &w, &v, &u1, &u2, NULL)) != MP_OKAY) { | |
| 45 return mpi_to_ltc_error(err); | |
| 46 } | |
| 47 | |
| 48 /* read in r followed by s */ | |
| 49 x = ((unsigned)sig[y]<<8)|((unsigned)sig[y+1]); | |
| 50 y += 2; | |
| 51 if (y + x > siglen) { | |
| 52 err = CRYPT_INVALID_PACKET; | |
| 53 goto done; | |
| 54 } | |
| 55 if ((err = mp_read_unsigned_bin(&r, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; } | |
| 56 y += x; | |
| 57 | |
| 58 /* load s */ | |
| 59 x = ((unsigned)sig[y]<<8)|((unsigned)sig[y+1]); | |
| 60 y += 2; | |
| 61 if (y + x > siglen) { | |
| 62 err = CRYPT_INVALID_PACKET; | |
| 63 goto done; | |
| 64 } | |
| 65 if ((err = mp_read_unsigned_bin(&s, (unsigned char *)sig+y, x)) != MP_OKAY) { goto error; } | |
| 66 | |
| 67 /* w = 1/s mod q */ | |
| 68 if ((err = mp_invmod(&s, &key->q, &w)) != MP_OKAY) { goto error; } | |
| 69 | |
| 70 /* u1 = m * w mod q */ | |
| 71 if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, inlen)) != MP_OKAY) { goto error; } | |
| 72 if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; } | |
| 73 | |
| 74 /* u2 = r*w mod q */ | |
| 75 if ((err = mp_mulmod(&r, &w, &key->q, &u2)) != MP_OKAY) { goto error; } | |
| 76 | |
| 77 /* v = g^u1 * y^u2 mod p mod q */ | |
| 78 if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; } | |
| 79 if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; } | |
| 80 if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; } | |
| 81 if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; } | |
| 82 | |
| 83 /* if r = v then we're set */ | |
| 84 if (mp_cmp(&r, &v) == MP_EQ) { | |
| 85 *stat = 1; | |
| 86 } | |
| 87 | |
| 88 err = CRYPT_OK; | |
| 89 goto done; | |
| 90 | |
| 91 error : err = mpi_to_ltc_error(err); | |
| 92 done : mp_clear_multi(&r, &s, &w, &v, &u1, &u2, NULL); | |
| 93 return err; | |
| 94 } | |
| 95 | |
| 96 #endif | |
| 97 |