Path: blob/master/libs/tomcrypt/src/pk/dsa/dsa_verify_hash.c
4396 views
/* LibTomCrypt, modular cryptographic library -- Tom St Denis1*2* LibTomCrypt is a library that provides various cryptographic3* algorithms in a highly modular and flexible manner.4*5* The library is free for all purposes without any express6* guarantee it works.7*/8#include "tomcrypt.h"910/**11@file dsa_verify_hash.c12DSA implementation, verify a signature, Tom St Denis13*/141516#ifdef LTC_MDSA1718/**19Verify a DSA signature20@param r DSA "r" parameter21@param s DSA "s" parameter22@param hash The hash that was signed23@param hashlen The length of the hash that was signed24@param stat [out] The result of the signature verification, 1==valid, 0==invalid25@param key The corresponding public DSA key26@return CRYPT_OK if successful (even if the signature is invalid)27*/28int dsa_verify_hash_raw( void *r, void *s,29const unsigned char *hash, unsigned long hashlen,30int *stat, dsa_key *key)31{32void *w, *v, *u1, *u2;33int err;3435LTC_ARGCHK(r != NULL);36LTC_ARGCHK(s != NULL);37LTC_ARGCHK(stat != NULL);38LTC_ARGCHK(key != NULL);3940/* default to invalid signature */41*stat = 0;4243/* init our variables */44if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) {45return err;46}4748/* neither r or s can be null or >q*/49if (mp_cmp_d(r, 0) != LTC_MP_GT || mp_cmp_d(s, 0) != LTC_MP_GT || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) {50err = CRYPT_INVALID_PACKET;51goto error;52}5354/* FIPS 186-4 4.7: use leftmost min(bitlen(q), bitlen(hash)) bits of 'hash' */55hashlen = MIN(hashlen, (unsigned long)(key->qord));5657/* w = 1/s mod q */58if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; }5960/* u1 = m * w mod q */61if ((err = mp_read_unsigned_bin(u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; }62if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; }6364/* u2 = r*w mod q */65if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; }6667/* v = g^u1 * y^u2 mod p mod q */68if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; }69if ((err = mp_exptmod(key->y, u2, key->p, u2)) != CRYPT_OK) { goto error; }70if ((err = mp_mulmod(u1, u2, key->p, v)) != CRYPT_OK) { goto error; }71if ((err = mp_mod(v, key->q, v)) != CRYPT_OK) { goto error; }7273/* if r = v then we're set */74if (mp_cmp(r, v) == LTC_MP_EQ) {75*stat = 1;76}7778err = CRYPT_OK;79error:80mp_clear_multi(w, v, u1, u2, NULL);81return err;82}8384/**85Verify a DSA signature86@param sig The signature87@param siglen The length of the signature (octets)88@param hash The hash that was signed89@param hashlen The length of the hash that was signed90@param stat [out] The result of the signature verification, 1==valid, 0==invalid91@param key The corresponding public DSA key92@return CRYPT_OK if successful (even if the signature is invalid)93*/94int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,95const unsigned char *hash, unsigned long hashlen,96int *stat, dsa_key *key)97{98int err;99void *r, *s;100ltc_asn1_list sig_seq[2];101unsigned long reallen = 0;102103LTC_ARGCHK(stat != NULL);104*stat = 0; /* must be set before the first return */105106if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) {107return err;108}109110LTC_SET_ASN1(sig_seq, 0, LTC_ASN1_INTEGER, r, 1UL);111LTC_SET_ASN1(sig_seq, 1, LTC_ASN1_INTEGER, s, 1UL);112113err = der_decode_sequence(sig, siglen, sig_seq, 2);114if (err != CRYPT_OK) {115goto LBL_ERR;116}117118err = der_length_sequence(sig_seq, 2, &reallen);119if (err != CRYPT_OK || reallen != siglen) {120goto LBL_ERR;121}122123/* do the op */124err = dsa_verify_hash_raw(r, s, hash, hashlen, stat, key);125126LBL_ERR:127mp_clear_multi(r, s, NULL);128return err;129}130131#endif132133134