Codebase list libcryptx-perl / 21c6b17
better dsa fix Karel Miko 7 years ago
2 changed file(s) with 12 addition(s) and 12 deletion(s). Raw diff Collapse all Expand all
8383
8484 if (mp_iszero(r) == LTC_MP_YES) { goto retry; }
8585
86 /* FIPS 186-4 4.6: use leftmost min(bitlen(q), bitlen(hash)) */
87 if (inlen > (unsigned long)key->qord) inlen = (unsigned long)key->qord;
86 /* FIPS 186-4 4.6: use leftmost min(bitlen(q), bitlen(hash)) bits of 'hash'*/
87 inlen = MIN(inlen, (unsigned long)(key->qord));
8888
8989 /* now find s = (in + xr)/k mod q */
9090 if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, inlen)) != CRYPT_OK) { goto error; }
9595 if (mp_iszero(s) == LTC_MP_YES) { goto retry; }
9696
9797 err = CRYPT_OK;
98 error:
98 error:
9999 mp_clear_multi(k, kinv, tmp, NULL);
100100 ERRBUF:
101101 #ifdef LTC_CLEAN_STACK
136136 goto error;
137137 }
138138
139 err = der_encode_sequence_multi(out, outlen,
140 LTC_ASN1_INTEGER, 1UL, r,
141 LTC_ASN1_INTEGER, 1UL, s,
139 err = der_encode_sequence_multi(out, outlen,
140 LTC_ASN1_INTEGER, 1UL, r,
141 LTC_ASN1_INTEGER, 1UL, s,
142142 LTC_ASN1_EOL, 0UL, NULL);
143143
144144 error:
2828 @return CRYPT_OK if successful (even if the signature is invalid)
2929 */
3030 int dsa_verify_hash_raw( void *r, void *s,
31 const unsigned char *hash, unsigned long hashlen,
31 const unsigned char *hash, unsigned long hashlen,
3232 int *stat, dsa_key *key)
3333 {
3434 void *w, *v, *u1, *u2;
5454 }
5555
5656 /* FIPS 186-4 4.7: use leftmost min(bitlen(q), bitlen(hash)) bits of 'hash' */
57 if (hashlen > (unsigned long)key->qord) hashlen = (unsigned long)key->qord;
57 hashlen = MIN(hashlen, (unsigned long)(key->qord));
5858
5959 /* w = 1/s mod q */
6060 if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; }
6464 if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; }
6565
6666 /* u2 = r*w mod q */
67 if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; }
67 if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; }
6868
6969 /* v = g^u1 * y^u2 mod p mod q */
7070 if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; }
9494 @return CRYPT_OK if successful (even if the signature is invalid)
9595 */
9696 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
97 const unsigned char *hash, unsigned long hashlen,
97 const unsigned char *hash, unsigned long hashlen,
9898 int *stat, dsa_key *key)
9999 {
100100 int err;
106106
107107 /* decode the sequence */
108108 if ((err = der_decode_sequence_multi(sig, siglen,
109 LTC_ASN1_INTEGER, 1UL, r,
110 LTC_ASN1_INTEGER, 1UL, s,
109 LTC_ASN1_INTEGER, 1UL, r,
110 LTC_ASN1_INTEGER, 1UL, s,
111111 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
112112 goto LBL_ERR;
113113 }