3 * DSA signature verification
5 * (c) 1999 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
28 /*----- Header files ------------------------------------------------------*/
34 /*----- Main code ---------------------------------------------------------*/
36 /* --- @dsa_vrfy@ --- *
38 * Arguments: @const dsa_param *dp@ = pointer to DSA parameters
39 * @mp *y@ = public verification key
40 * @mp *m@ = message which was signed
41 * @mp *r, *s@ = the signature
43 * Returns: Zero if the signature is a forgery, nonzero if it's valid.
45 * Use: Verifies a DSA digital signature.
48 int dsa_vrfy(const dsa_param *dp, mp *y, mp *m, mp *r, mp *s)
55 /* --- Ensure that all of the signature bits are in range --- */
57 if ((r->f | s->f) & MP_NEG)
59 if (MP_CMP(r, >=, dp->q) || MP_CMP(s, >=, dp->q))
62 /* --- Set up Montgomery contexts --- */
64 mpmont_create(&pm, dp->p);
65 mpmont_create(&qm, dp->q);
67 /* --- Compute %$w = s^{-1} \bmod q$% --- */
70 mp *z = mp_modinv(MP_NEW, s, dp->q);
71 w = mpmont_mul(&qm, MP_NEW, z, qm.r2);
75 /* --- Compute %$wr$% and %$wm$% --- */
77 f[0].exp = mpmont_mul(&qm, MP_NEW, w, m);
78 f[1].exp = mpmont_mul(&qm, MP_NEW, w, r);
82 /* --- Do the exponentiation and take residue mod @q@ --- */
86 w = mpmont_mexp(&pm, MP_NEW, f, 2);
87 mp_div(0, &w, w, dp->q);
99 /* --- @dsa_verify@ --- *
101 * Arguments: @const dsa_param *dp@ = pointer to DSA parameters
102 * @mp *y@ = public verification key
103 * @const void *m@ = pointer to message block
104 * @size_t msz@ = size of message block
105 * @const void *r@ = pointer to @r@ signature half
106 * @size_t rsz@ = size of @r@
107 * @const void *s@ = pointer to @s@ signature half
108 * @size_t ssz@ = size of @s@
110 * Returns: Zero if the signature is a forgery, nonzero if it's valid.
112 * Use: Verifies a DSA digital signature.
115 int dsa_verify(const dsa_param *dp, mp *y,
116 const void *m, size_t msz,
117 const void *r, size_t rsz,
118 const void *s, size_t ssz)
120 mp *mm = dsa_h2n(MP_NEW, dp->q, m, msz);
121 mp *rm = mp_loadb(MP_NEW, r, rsz);
122 mp *sm = mp_loadb(MP_NEW, s, ssz);
123 int ok = dsa_vrfy(dp, y, mm, rm, sm);
130 /*----- Test rig ----------------------------------------------------------*/
134 #include <mLib/testrig.h>
138 static int verify(int good, dstr *v)
143 octet hash[SHA_HASHSZ];
147 dp.q = *(mp **)v[0].buf;
148 dp.p = *(mp **)v[1].buf;
149 dp.g = *(mp **)v[2].buf;
150 y = *(mp **)v[3].buf;
153 sha_hash(&c, v[4].buf, v[4].len);
156 rc = dsa_verify(&dp, y, hash, sizeof(hash),
157 v[5].buf, v[5].len, v[6].buf, v[6].len);
161 fputs("\n*** verification failed", stderr);
163 fputs("\n*** verification succeeded", stderr);
164 fputs("\nq = ", stderr); mp_writefile(dp.q, stderr, 16);
165 fputs("\np = ", stderr); mp_writefile(dp.p, stderr, 16);
166 fputs("\ng = ", stderr); mp_writefile(dp.g, stderr, 16);
167 fputs("\ny = ", stderr); mp_writefile(y, stderr, 16);
168 fprintf(stderr, "\nmessage = `%s'", v[4].buf);
169 fputs("\nr = ", stderr); type_hex.dump(&v[5], stderr);
170 fputs("\ns = ", stderr); type_hex.dump(&v[6], stderr);
179 assert(mparena_count(MPARENA_GLOBAL) == 0);
183 static int vgood(dstr *v) { return verify(1, v); }
184 static int vbad(dstr *v) { return verify(0, v); }
186 static test_chunk tests[] = {
187 { "verify-good", vgood,
188 { &type_mp, &type_mp, &type_mp, &type_mp,
189 &type_string, &type_hex, &type_hex, 0 } },
190 { "verify-bad", vbad,
191 { &type_mp, &type_mp, &type_mp, &type_mp,
192 &type_string, &type_hex, &type_hex, 0 } },
196 int main(int argc, char *argv[])
199 test_run(argc, argv, tests, SRCDIR "/t/dsa");
205 /*----- That's all, folks -------------------------------------------------*/