]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/dsa/dsa_vrf.c
1 /* crypto/dsa/dsa_vrf.c */
2 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
59 /* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
69 /* data has already been hashed (probably with SHA or SHA-1). */
71 * 1: correct signature
72 * 0: incorrect signature
75 int DSA_verify(type
,dgst
,dgst_len
,sigbuf
,siglen
, dsa
)
79 unsigned char *sigbuf
;
83 /* The next 3 are used by the M_ASN1 macros */
86 unsigned char **pp
= &sigbuf
;
89 BIGNUM
*t1
=NULL
,*t2
=NULL
;
90 BIGNUM
*u1
=NULL
,*u2
=NULL
;
91 ASN1_INTEGER
*bs
=NULL
;
95 if (ctx
== NULL
) goto err
;
99 if (t1
== NULL
|| t2
== NULL
) goto err
;
102 M_ASN1_D2I_start_sequence();
103 M_ASN1_D2I_get(bs
,d2i_ASN1_INTEGER
);
104 if ((r
=BN_bin2bn(bs
->data
,bs
->length
,NULL
)) == NULL
) goto err_bn
;
105 M_ASN1_D2I_get(bs
,d2i_ASN1_INTEGER
);
106 if ((u1
=BN_bin2bn(bs
->data
,bs
->length
,NULL
)) == NULL
) goto err_bn
;
107 if (!asn1_Finish(&c
)) goto err
;
109 /* Calculate W = inv(S) mod Q
111 if ((u2
=BN_mod_inverse(u1
,dsa
->q
,ctx
)) == NULL
) goto err_bn
;
114 if (BN_bin2bn(dgst
,dgst_len
,u1
) == NULL
) goto err_bn
;
116 /* u1 = M * w mod q */
117 if (!BN_mod_mul(u1
,u1
,u2
,dsa
->q
,ctx
)) goto err_bn
;
119 /* u2 = r * w mod q */
120 if (!BN_mod_mul(u2
,r
,u2
,dsa
->q
,ctx
)) goto err_bn
;
122 /* v = ( g^u1 * y^u2 mod p ) mod q */
123 /* let t1 = g ^ u1 mod p */
124 if (!BN_mod_exp(t1
,dsa
->g
,u1
,dsa
->p
,ctx
)) goto err_bn
;
125 /* let t2 = y ^ u2 mod p */
126 if (!BN_mod_exp(t2
,dsa
->pub_key
,u2
,dsa
->p
,ctx
)) goto err_bn
;
127 /* let u1 = t1 * t2 mod p */
128 if (!BN_mod_mul(u1
,t1
,t2
,dsa
->p
,ctx
)) goto err_bn
;
129 /* let u1 = u1 mod q */
130 if (!BN_mod(u1
,u1
,dsa
->q
,ctx
)) goto err_bn
;
131 /* V is now in u1. If the signature is correct, it will be
133 ret
=(BN_ucmp(u1
, r
) == 0);
136 err
: /* ASN1 error */
137 DSAerr(DSA_F_DSA_VERIFY
,c
.error
);
141 err_bn
: /* BN error */
142 DSAerr(DSA_F_DSA_VERIFY
,ERR_R_BN_LIB
);
144 if (ctx
!= NULL
) BN_CTX_free(ctx
);
145 if (r
!= NULL
) BN_free(r
);
146 if (t1
!= NULL
) BN_free(t1
);
147 if (t2
!= NULL
) BN_free(t2
);
148 if (u1
!= NULL
) BN_free(u1
);
149 if (u2
!= NULL
) BN_free(u2
);
150 if (bs
!= NULL
) ASN1_BIT_STRING_free(bs
);