Skip to content
Snippets Groups Projects
Select Git revision
  • 1d7b373ae7da47cac00fb8f413e90e70a9dcf688
  • master default protected
  • 9.0
  • 8.0
  • 7.8
  • 7.6
  • 7.4
  • 7.2
  • 7.0
  • 0.6
  • rosuav/latex-markdown-renderer
  • rxnpatch/rxnpatch
  • marcus/gobject-introspection
  • rxnpatch/8.0
  • rosuav/pre-listening-ports
  • nt-tools
  • rosuav/async-annotations
  • rosuav/pgsql-ssl
  • rxnpatch/rxnpatch-broken/2023-10-06T094250
  • grubba/fdlib
  • grubba/wip/sakura/8.0
  • v8.0.2000
  • v8.0.1998
  • v8.0.1996
  • v8.0.1994
  • v8.0.1992
  • v8.0.1990
  • v8.0.1988
  • v8.0.1986
  • rxnpatch/clusters/8.0/2025-04-29T124414
  • rxnpatch/2025-04-29T124414
  • v8.0.1984
  • v8.0.1982
  • v8.0.1980
  • v8.0.1978
  • v8.0.1976
  • v8.0.1974
  • v8.0.1972
  • v8.0.1970
  • v8.0.1968
  • v8.0.1966
41 results

fdlib.c

Blame
  • dsa-verify.c 2.58 KiB
    /* dsa-verify.c
     *
     * The DSA publickey algorithm.
     */
    
    /* nettle, low-level cryptographics library
     *
     * Copyright (C) 2002, 2003 Niels Mller
     *  
     * The nettle library is free software; you can redistribute it and/or modify
     * it under the terms of the GNU Lesser General Public License as published by
     * the Free Software Foundation; either version 2.1 of the License, or (at your
     * option) any later version.
     * 
     * The nettle library is distributed in the hope that it will be useful, but
     * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
     * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
     * License for more details.
     * 
     * You should have received a copy of the GNU Lesser General Public License
     * along with the nettle library; see the file COPYING.LIB.  If not, write to
     * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
     * MA 02111-1307, USA.
     */
    
    #if HAVE_CONFIG_H
    # include "config.h"
    #endif
    
    #if WITH_PUBLIC_KEY
    
    #include <stdlib.h>
    
    #include "dsa.h"
    
    #include "bignum.h"
    
    int
    dsa_verify_digest(const struct dsa_public_key *key,
    		  const uint8_t *digest,
    		  const struct dsa_signature *signature)
    {
      mpz_t w;
      mpz_t tmp;
      mpz_t v;
    
      int res;
      
      /* Check that r and s are in the proper range */
      if (mpz_sgn(signature->r) <= 0 || mpz_cmp(signature->r, key->q) >= 0)
        return 0;
    
      if (mpz_sgn(signature->s) <= 0 || mpz_cmp(signature->s, key->q) >= 0)
        return 0;
    
      mpz_init(w);
    
      /* Compute w = s^-1 (mod q) */
    
      /* NOTE: In gmp-2, mpz_invert sometimes generates negative inverses,
       * so we need gmp-3 or better. */
      if (!mpz_invert(w, signature->s, key->q))
        {
          mpz_clear(w);
          return 0;
        }
    
      mpz_init(tmp);
      mpz_init(v);
    
      /* The message digest */
      nettle_mpz_set_str_256_u(tmp, SHA1_DIGEST_SIZE, digest);
      
      /* v = g^{w * h (mod q)} (mod p)  */
      mpz_mul(tmp, tmp, w);
      mpz_fdiv_r(tmp, tmp, key->q);
    
      mpz_powm(v, key->g, tmp, key->p);
    
      /* y^{w * r (mod q) } (mod p) */
      mpz_mul(tmp, signature->r, w);
      mpz_fdiv_r(tmp, tmp, key->q);
    
      mpz_powm(tmp, key->y, tmp, key->p);
    
      /* v = (g^{w * h} * y^{w * r} (mod p) ) (mod q) */
      mpz_mul(v, v, tmp);
      mpz_fdiv_r(v, v, key->p);
    
      mpz_fdiv_r(v, v, key->q);
    
      res = !mpz_cmp(v, signature->r);
    
      mpz_clear(w);
      mpz_clear(tmp);
      mpz_clear(v);
    
      return res;
    }
    
    int
    dsa_verify(const struct dsa_public_key *key,
    	   struct sha1_ctx *hash,
    	   const struct dsa_signature *signature)
    {
      uint8_t digest[SHA1_DIGEST_SIZE];
      sha1_digest(hash, sizeof(digest), digest);
    
      return dsa_verify_digest(key, digest, signature);
    }
    
    #endif /* WITH_PUBLIC_KEY */