79 lines
2.6 KiB
C
79 lines
2.6 KiB
C
|
/* dsa_verify.c */
|
||
|
/*
|
||
|
This file is part of the ARM-Crypto-Lib.
|
||
|
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
|
||
|
|
||
|
This program is free software: you can redistribute it and/or modify
|
||
|
it under the terms of the GNU General Public License as published by
|
||
|
the Free Software Foundation, either version 3 of the License, or
|
||
|
(at your option) any later version.
|
||
|
|
||
|
This program is distributed in the hope that it will be useful,
|
||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
GNU General Public License for more details.
|
||
|
|
||
|
You should have received a copy of the GNU General Public License
|
||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||
|
*/
|
||
|
|
||
|
#include <stdint.h>
|
||
|
#include <string.h>
|
||
|
#include "bigint.h"
|
||
|
#include "dsa.h"
|
||
|
#include "hfal-basic.h"
|
||
|
|
||
|
uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
|
||
|
const dsa_ctx_t* ctx){
|
||
|
if(s->r.length_W==0 || s->s.length_W==0){
|
||
|
return DSA_SIGNATURE_FAIL;
|
||
|
}
|
||
|
if(bigint_cmp_u(&(s->r), &(ctx->domain.q))>=0 || bigint_cmp_u(&(s->s), &(ctx->domain.q))>=0){
|
||
|
return DSA_SIGNATURE_FAIL;
|
||
|
}
|
||
|
bigint_t w, u1, u2, v1, v2;
|
||
|
bigint_word_t w_b[ctx->domain.q.length_W], u1_b[ctx->domain.q.length_W*2], u2_b[ctx->domain.q.length_W*2];
|
||
|
bigint_word_t v1_b[ctx->domain.p.length_W*2], v2_b[ctx->domain.p.length_W];
|
||
|
w.wordv = w_b;
|
||
|
u1.wordv = u1_b;
|
||
|
u2.wordv = u2_b;
|
||
|
v1.wordv = v1_b;
|
||
|
v2.wordv = v2_b;
|
||
|
bigint_inverse(&w, &(s->s), &(ctx->domain.q));
|
||
|
bigint_mul_u(&u1, &w, m);
|
||
|
bigint_reduce(&u1, &(ctx->domain.q));
|
||
|
bigint_mul_u(&u2, &w, &(s->r));
|
||
|
bigint_reduce(&u2, &(ctx->domain.q));
|
||
|
bigint_expmod_u(&v1, &(ctx->domain.g), &u1, &(ctx->domain.p));
|
||
|
bigint_expmod_u(&v2, &(ctx->pub), &u2, &(ctx->domain.p));
|
||
|
bigint_mul_u(&v1, &v1, &v2);
|
||
|
bigint_reduce(&v1, &(ctx->domain.p));
|
||
|
bigint_reduce(&v1, &(ctx->domain.q));
|
||
|
if(bigint_cmp_u(&v1, &(s->r))==0){
|
||
|
return DSA_SIGNATURE_OK;
|
||
|
}
|
||
|
return DSA_SIGNATURE_FAIL;
|
||
|
}
|
||
|
|
||
|
uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b,
|
||
|
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx){
|
||
|
bigint_t z;
|
||
|
uint16_t n_B = ctx->domain.q.length_W;
|
||
|
unsigned hash_length = (hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8);
|
||
|
bigint_word_t hash_value[hash_length];
|
||
|
memset(hash_value, 0, hash_length*sizeof(bigint_word_t));
|
||
|
hfal_hash_mem(hash_desc, hash_value, m, m_len_b);
|
||
|
z.wordv = hash_value;
|
||
|
z.length_W = n_B;
|
||
|
bigint_changeendianess(&z);
|
||
|
bigint_adjust(&z);
|
||
|
return dsa_verify_bigint(s, &z, ctx);
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|