28 | 28 |
@return CRYPT_OK if successful (even if the signature is invalid)
|
29 | 29 |
*/
|
30 | 30 |
int dsa_verify_hash_raw( void *r, void *s,
|
31 | |
const unsigned char *hash, unsigned long hashlen,
|
|
31 |
const unsigned char *hash, unsigned long hashlen,
|
32 | 32 |
int *stat, dsa_key *key)
|
33 | 33 |
{
|
34 | 34 |
void *w, *v, *u1, *u2;
|
|
54 | 54 |
}
|
55 | 55 |
|
56 | 56 |
/* FIPS 186-4 4.7: use leftmost min(bitlen(q), bitlen(hash)) bits of 'hash' */
|
57 | |
if (hashlen > (unsigned long)key->qord) hashlen = (unsigned long)key->qord;
|
|
57 |
hashlen = MIN(hashlen, (unsigned long)(key->qord));
|
58 | 58 |
|
59 | 59 |
/* w = 1/s mod q */
|
60 | 60 |
if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; }
|
|
64 | 64 |
if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; }
|
65 | 65 |
|
66 | 66 |
/* u2 = r*w mod q */
|
67 | |
if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; }
|
|
67 |
if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; }
|
68 | 68 |
|
69 | 69 |
/* v = g^u1 * y^u2 mod p mod q */
|
70 | 70 |
if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; }
|
|
94 | 94 |
@return CRYPT_OK if successful (even if the signature is invalid)
|
95 | 95 |
*/
|
96 | 96 |
int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
|
97 | |
const unsigned char *hash, unsigned long hashlen,
|
|
97 |
const unsigned char *hash, unsigned long hashlen,
|
98 | 98 |
int *stat, dsa_key *key)
|
99 | 99 |
{
|
100 | 100 |
int err;
|
|
106 | 106 |
|
107 | 107 |
/* decode the sequence */
|
108 | 108 |
if ((err = der_decode_sequence_multi(sig, siglen,
|
109 | |
LTC_ASN1_INTEGER, 1UL, r,
|
110 | |
LTC_ASN1_INTEGER, 1UL, s,
|
|
109 |
LTC_ASN1_INTEGER, 1UL, r,
|
|
110 |
LTC_ASN1_INTEGER, 1UL, s,
|
111 | 111 |
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
|
112 | 112 |
goto LBL_ERR;
|
113 | 113 |
}
|