1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
6 * The library is free for all purposes without any express
12 @file dsa_verify_hash.c
13 DSA implementation, verify a signature, Tom St Denis
20 Verify a DSA signature
21 @param r DSA "r" parameter
22 @param s DSA "s" parameter
23 @param hash The hash that was signed
24 @param hashlen The length of the hash that was signed
25 @param stat [out] The result of the signature verification, 1==valid, 0==invalid
26 @param key The corresponding public DSA key
27 @return CRYPT_OK if successful (even if the signature is invalid)
29 int dsa_verify_hash_raw( void *r, void *s,
30 const unsigned char *hash, unsigned long hashlen,
31 int *stat, dsa_key *key)
33 void *w, *v, *u1, *u2;
36 LTC_ARGCHK(r != NULL);
37 LTC_ARGCHK(s != NULL);
38 LTC_ARGCHK(stat != NULL);
39 LTC_ARGCHK(key != NULL);
41 /* default to invalid signature */
44 /* init our variables */
45 if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) {
49 /* neither r or s can be null or >q*/
50 if (mp_cmp_d(r, 0) != LTC_MP_GT || mp_cmp_d(s, 0) != LTC_MP_GT || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) {
51 err = CRYPT_INVALID_PACKET;
55 /* FIPS 186-4 4.7: use leftmost min(bitlen(q), bitlen(hash)) bits of 'hash' */
56 hashlen = MIN(hashlen, (unsigned long)(key->qord));
59 if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; }
61 /* u1 = m * w mod q */
62 if ((err = mp_read_unsigned_bin(u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; }
63 if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; }
66 if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; }
68 /* v = g^u1 * y^u2 mod p mod q */
69 if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; }
70 if ((err = mp_exptmod(key->y, u2, key->p, u2)) != CRYPT_OK) { goto error; }
71 if ((err = mp_mulmod(u1, u2, key->p, v)) != CRYPT_OK) { goto error; }
72 if ((err = mp_mod(v, key->q, v)) != CRYPT_OK) { goto error; }
74 /* if r = v then we're set */
75 if (mp_cmp(r, v) == LTC_MP_EQ) {
81 mp_clear_multi(w, v, u1, u2, NULL);
86 Verify a DSA signature
87 @param sig The signature
88 @param siglen The length of the signature (octets)
89 @param hash The hash that was signed
90 @param hashlen The length of the hash that was signed
91 @param stat [out] The result of the signature verification, 1==valid, 0==invalid
92 @param key The corresponding public DSA key
93 @return CRYPT_OK if successful (even if the signature is invalid)
95 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
96 const unsigned char *hash, unsigned long hashlen,
97 int *stat, dsa_key *key)
101 ltc_asn1_list sig_seq[2];
102 unsigned long reallen = 0;
104 LTC_ARGCHK(stat != NULL);
105 *stat = 0; /* must be set before the first return */
107 if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) {
111 LTC_SET_ASN1(sig_seq, 0, LTC_ASN1_INTEGER, r, 1UL);
112 LTC_SET_ASN1(sig_seq, 1, LTC_ASN1_INTEGER, s, 1UL);
114 err = der_decode_sequence(sig, siglen, sig_seq, 2);
115 if (err != CRYPT_OK) {
119 err = der_length_sequence(sig_seq, 2, &reallen);
120 if (err != CRYPT_OK || reallen != siglen) {
125 err = dsa_verify_hash_raw(r, s, hash, hashlen, stat, key);
128 mp_clear_multi(r, s, NULL);
135 /* ref: $Format:%D$ */
136 /* git commit: $Format:%H$ */
137 /* commit time: $Format:%ai$ */