Select Git revision
dsa-verify.c
Niels Möller authored
config.h. Rev: src/nettle/ChangeLog:1.195 Rev: src/nettle/aes-decrypt-table.c:1.4 Rev: src/nettle/aes-decrypt.c:1.5 Rev: src/nettle/aes-encrypt-table.c:1.4 Rev: src/nettle/aes-encrypt.c:1.5 Rev: src/nettle/aes-meta.c:1.3 Rev: src/nettle/aes-set-decrypt-key.c:1.2 Rev: src/nettle/aes-set-encrypt-key.c:1.2 Rev: src/nettle/aes.c:1.12 Rev: src/nettle/aesdata.c:1.2 Rev: src/nettle/arcfour-meta.c:1.2 Rev: src/nettle/arcfour.c:1.3 Rev: src/nettle/base16-decode.c:1.2 Rev: src/nettle/base16-encode.c:1.2 Rev: src/nettle/base16-meta.c:1.3 Rev: src/nettle/base64-decode.c:1.5 Rev: src/nettle/base64-encode.c:1.3 Rev: src/nettle/base64-meta.c:1.4 Rev: src/nettle/bignum-random.c:1.3 Rev: src/nettle/bignum.c:1.7 Rev: src/nettle/blowfish.c:1.4 Rev: src/nettle/buffer-init.c:1.3 Rev: src/nettle/buffer.c:1.8 Rev: src/nettle/cast128-meta.c:1.3 Rev: src/nettle/cast128.c:1.4 Rev: src/nettle/cbc.c:1.6 Rev: src/nettle/des-compat.c:1.10 Rev: src/nettle/des.c:1.7 Rev: src/nettle/des3.c:1.2 Rev: src/nettle/dsa-keygen.c:1.6 Rev: src/nettle/dsa-sign.c:1.7 Rev: src/nettle/dsa-verify.c:1.4 Rev: src/nettle/dsa.c:1.5 Rev: src/nettle/examples/io.c:1.4 Rev: src/nettle/examples/nettle-benchmark.c:1.8 Rev: src/nettle/examples/nettle-openssl.c:1.2 Rev: src/nettle/examples/rsa-keygen.c:1.10 Rev: src/nettle/examples/rsa-sign.c:1.5 Rev: src/nettle/examples/rsa-verify.c:1.4 Rev: src/nettle/hmac-md5.c:1.5 Rev: src/nettle/hmac-sha1.c:1.2 Rev: src/nettle/hmac-sha256.c:1.2 Rev: src/nettle/hmac.c:1.4 Rev: src/nettle/knuth-lfib.c:1.2 Rev: src/nettle/md5-compat.c:1.3 Rev: src/nettle/md5-meta.c:1.2 Rev: src/nettle/md5.c:1.6 Rev: src/nettle/memxor.c:1.2 Rev: src/nettle/nettle-internal.c:1.3 Rev: src/nettle/pgp-encode.c:1.4 Rev: src/nettle/pkcs1-rsa-md5.c:1.2 Rev: src/nettle/pkcs1-rsa-sha1.c:1.2 Rev: src/nettle/pkcs1.c:1.2 Rev: src/nettle/realloc.c:1.3 Rev: src/nettle/rsa-compat.c:1.8 Rev: src/nettle/rsa-decrypt.c:1.4 Rev: src/nettle/rsa-encrypt.c:1.5 Rev: src/nettle/rsa-keygen.c:1.5 Rev: src/nettle/rsa-md5-sign.c:1.2 Rev: src/nettle/rsa-md5-verify.c:1.2 Rev: src/nettle/rsa-sha1-sign.c:1.2 Rev: src/nettle/rsa-sha1-verify.c:1.2 Rev: src/nettle/rsa-sign.c:1.3 Rev: src/nettle/rsa-verify.c:1.2 Rev: src/nettle/rsa.c:1.12 Rev: src/nettle/rsa2openpgp.c:1.2 Rev: src/nettle/rsa2sexp.c:1.7 Rev: src/nettle/serpent-meta.c:1.2 Rev: src/nettle/serpent.c:1.4 Rev: src/nettle/sexp-format.c:1.9 Rev: src/nettle/sexp-transport-format.c:1.2 Rev: src/nettle/sexp-transport.c:1.4 Rev: src/nettle/sexp.c:1.14 Rev: src/nettle/sexp2bignum.c:1.5 Rev: src/nettle/sexp2dsa.c:1.4 Rev: src/nettle/sexp2rsa.c:1.11 Rev: src/nettle/sha1-meta.c:1.2 Rev: src/nettle/sha1.c:1.8 Rev: src/nettle/sha256-meta.c:1.2 Rev: src/nettle/sha256.c:1.3 Rev: src/nettle/tools/input.c:1.2 Rev: src/nettle/tools/misc.c:1.2 Rev: src/nettle/tools/output.c:1.3 Rev: src/nettle/tools/parse.c:1.2 Rev: src/nettle/tools/sexp-conv.c:1.14 Rev: src/nettle/twofish-meta.c:1.2 Rev: src/nettle/twofish.c:1.6 Rev: src/nettle/yarrow256.c:1.17 Rev: src/nettle/yarrow_key_event.c:1.4
dsa-verify.c 2.58 KiB
/* dsa-verify.c
*
* The DSA publickey algorithm.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002, 2003 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#if WITH_PUBLIC_KEY
#include <stdlib.h>
#include "dsa.h"
#include "bignum.h"
int
dsa_verify_digest(const struct dsa_public_key *key,
const uint8_t *digest,
const struct dsa_signature *signature)
{
mpz_t w;
mpz_t tmp;
mpz_t v;
int res;
/* Check that r and s are in the proper range */
if (mpz_sgn(signature->r) <= 0 || mpz_cmp(signature->r, key->q) >= 0)
return 0;
if (mpz_sgn(signature->s) <= 0 || mpz_cmp(signature->s, key->q) >= 0)
return 0;
mpz_init(w);
/* Compute w = s^-1 (mod q) */
/* NOTE: In gmp-2, mpz_invert sometimes generates negative inverses,
* so we need gmp-3 or better. */
if (!mpz_invert(w, signature->s, key->q))
{
mpz_clear(w);
return 0;
}
mpz_init(tmp);
mpz_init(v);
/* The message digest */
nettle_mpz_set_str_256_u(tmp, SHA1_DIGEST_SIZE, digest);
/* v = g^{w * h (mod q)} (mod p) */
mpz_mul(tmp, tmp, w);
mpz_fdiv_r(tmp, tmp, key->q);
mpz_powm(v, key->g, tmp, key->p);
/* y^{w * r (mod q) } (mod p) */
mpz_mul(tmp, signature->r, w);
mpz_fdiv_r(tmp, tmp, key->q);
mpz_powm(tmp, key->y, tmp, key->p);
/* v = (g^{w * h} * y^{w * r} (mod p) ) (mod q) */
mpz_mul(v, v, tmp);
mpz_fdiv_r(v, v, key->p);
mpz_fdiv_r(v, v, key->q);
res = !mpz_cmp(v, signature->r);
mpz_clear(w);
mpz_clear(tmp);
mpz_clear(v);
return res;
}
int
dsa_verify(const struct dsa_public_key *key,
struct sha1_ctx *hash,
const struct dsa_signature *signature)
{
uint8_t digest[SHA1_DIGEST_SIZE];
sha1_digest(hash, sizeof(digest), digest);
return dsa_verify_digest(key, digest, signature);
}
#endif /* WITH_PUBLIC_KEY */