1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
10 */
11 #include "tomcrypt.h"
12
13 /**
14 @file dsa_verify_hash.c
15 DSA implementation, verify a signature, Tom St Denis
16 */
17
18
19 #ifdef MDSA
20
21 /**
22 Verify a DSA signature
23 @param r DSA "r" parameter
24 @param s DSA "s" parameter
25 @param hash The hash that was signed
26 @param hashlen The length of the hash that was signed
27 @param stat [out] The result of the signature verification, 1==valid, 0==invalid
28 @param key The corresponding public DH key
29 @return CRYPT_OK if successful (even if the signature is invalid)
30 */
dsa_verify_hash_raw(void * r,void * s,const unsigned char * hash,unsigned long hashlen,int * stat,dsa_key * key)31 int dsa_verify_hash_raw( void *r, void *s,
32 const unsigned char *hash, unsigned long hashlen,
33 int *stat, dsa_key *key)
34 {
35 void *w, *v, *u1, *u2;
36 int err;
37
38 LTC_ARGCHK(r != NULL);
39 LTC_ARGCHK(s != NULL);
40 LTC_ARGCHK(stat != NULL);
41 LTC_ARGCHK(key != NULL);
42
43 /* default to invalid signature */
44 *stat = 0;
45
46 /* init our variables */
47 if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) {
48 return err;
49 }
50
51 /* neither r or s can be null or >q*/
52 if (mp_iszero(r) == LTC_MP_YES || mp_iszero(s) == LTC_MP_YES || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) {
53 err = CRYPT_INVALID_PACKET;
54 goto error;
55 }
56
57 /* w = 1/s mod q */
58 if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; }
59
60 /* u1 = m * w mod q */
61 if ((err = mp_read_unsigned_bin(u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; }
62 if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; }
63
64 /* u2 = r*w mod q */
65 if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; }
66
67 /* v = g^u1 * y^u2 mod p mod q */
68 if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; }
69 if ((err = mp_exptmod(key->y, u2, key->p, u2)) != CRYPT_OK) { goto error; }
70 if ((err = mp_mulmod(u1, u2, key->p, v)) != CRYPT_OK) { goto error; }
71 if ((err = mp_mod(v, key->q, v)) != CRYPT_OK) { goto error; }
72
73 /* if r = v then we're set */
74 if (mp_cmp(r, v) == LTC_MP_EQ) {
75 *stat = 1;
76 }
77
78 err = CRYPT_OK;
79 error:
80 mp_clear_multi(w, v, u1, u2, NULL);
81 return err;
82 }
83
84 /**
85 Verify a DSA signature
86 @param sig The signature
87 @param siglen The length of the signature (octets)
88 @param hash The hash that was signed
89 @param hashlen The length of the hash that was signed
90 @param stat [out] The result of the signature verification, 1==valid, 0==invalid
91 @param key The corresponding public DH key
92 @return CRYPT_OK if successful (even if the signature is invalid)
93 */
dsa_verify_hash(const unsigned char * sig,unsigned long siglen,const unsigned char * hash,unsigned long hashlen,int * stat,dsa_key * key)94 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
95 const unsigned char *hash, unsigned long hashlen,
96 int *stat, dsa_key *key)
97 {
98 int err;
99 void *r, *s;
100
101 if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) {
102 return CRYPT_MEM;
103 }
104
105 /* decode the sequence */
106 if ((err = der_decode_sequence_multi(sig, siglen,
107 LTC_ASN1_INTEGER, 1UL, r,
108 LTC_ASN1_INTEGER, 1UL, s,
109 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
110 goto LBL_ERR;
111 }
112
113 /* do the op */
114 err = dsa_verify_hash_raw(r, s, hash, hashlen, stat, key);
115
116 LBL_ERR:
117 mp_clear_multi(r, s, NULL);
118 return err;
119 }
120
121 #endif
122
123
124 /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_verify_hash.c,v $ */
125 /* $Revision: 1.13 $ */
126 /* $Date: 2006/12/04 03:18:43 $ */
127