1/* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 * 3 * LibTomCrypt is a library that provides various cryptographic 4 * algorithms in a highly modular and flexible manner. 5 * 6 * The library is free for all purposes without any express 7 * guarantee it works. 8 * 9 * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com 10 */ 11#include "tomcrypt.h" 12 13/** 14 @file dsa_verify_hash.c 15 DSA implementation, verify a signature, Tom St Denis 16*/ 17 18 19#ifdef MDSA 20 21/** 22 Verify a DSA signature 23 @param r DSA "r" parameter 24 @param s DSA "s" parameter 25 @param hash The hash that was signed 26 @param hashlen The length of the hash that was signed 27 @param stat [out] The result of the signature verification, 1==valid, 0==invalid 28 @param key The corresponding public DH key 29 @return CRYPT_OK if successful (even if the signature is invalid) 30*/ 31int dsa_verify_hash_raw( void *r, void *s, 32 const unsigned char *hash, unsigned long hashlen, 33 int *stat, dsa_key *key) 34{ 35 void *w, *v, *u1, *u2; 36 int err; 37 38 LTC_ARGCHK(r != NULL); 39 LTC_ARGCHK(s != NULL); 40 LTC_ARGCHK(stat != NULL); 41 LTC_ARGCHK(key != NULL); 42 43 /* default to invalid signature */ 44 *stat = 0; 45 46 /* init our variables */ 47 if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) { 48 return err; 49 } 50 51 /* neither r or s can be null or >q*/ 52 if (mp_iszero(r) == LTC_MP_YES || mp_iszero(s) == LTC_MP_YES || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) { 53 err = CRYPT_INVALID_PACKET; 54 goto error; 55 } 56 57 /* w = 1/s mod q */ 58 if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; } 59 60 /* u1 = m * w mod q */ 61 if ((err = mp_read_unsigned_bin(u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; } 62 if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; } 63 64 /* u2 = r*w mod q */ 65 if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; } 66 67 /* v = g^u1 * y^u2 mod p mod q */ 68 if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; } 69 if ((err = mp_exptmod(key->y, u2, key->p, u2)) != CRYPT_OK) { goto error; } 70 if ((err = mp_mulmod(u1, u2, key->p, v)) != CRYPT_OK) { goto error; } 71 if ((err = mp_mod(v, key->q, v)) != CRYPT_OK) { goto error; } 72 73 /* if r = v then we're set */ 74 if (mp_cmp(r, v) == LTC_MP_EQ) { 75 *stat = 1; 76 } 77 78 err = CRYPT_OK; 79error: 80 mp_clear_multi(w, v, u1, u2, NULL); 81 return err; 82} 83 84/** 85 Verify a DSA signature 86 @param sig The signature 87 @param siglen The length of the signature (octets) 88 @param hash The hash that was signed 89 @param hashlen The length of the hash that was signed 90 @param stat [out] The result of the signature verification, 1==valid, 0==invalid 91 @param key The corresponding public DH key 92 @return CRYPT_OK if successful (even if the signature is invalid) 93*/ 94int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, 95 const unsigned char *hash, unsigned long hashlen, 96 int *stat, dsa_key *key) 97{ 98 int err; 99 void *r, *s; 100 101 if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) { 102 return CRYPT_MEM; 103 } 104 105 /* decode the sequence */ 106 if ((err = der_decode_sequence_multi(sig, siglen, 107 LTC_ASN1_INTEGER, 1UL, r, 108 LTC_ASN1_INTEGER, 1UL, s, 109 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { 110 goto LBL_ERR; 111 } 112 113 /* do the op */ 114 err = dsa_verify_hash_raw(r, s, hash, hashlen, stat, key); 115 116LBL_ERR: 117 mp_clear_multi(r, s, NULL); 118 return err; 119} 120 121#endif 122 123 124/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_verify_hash.c,v $ */ 125/* $Revision: 1.13 $ */ 126/* $Date: 2006/12/04 03:18:43 $ */ 127