re-factor & re-name internal dsa key validation

2017-09-12 00:25:21 +02:00 · 2017-09-12 00:25:21 +02:00 · 1625ce4001
commit 1625ce4001
parent 053ba6d600
3 changed files with 44 additions and 23 deletions
--- a/src/headers/tomcrypt_pk.h
+++ b/src/headers/tomcrypt_pk.h
@ -480,7 +480,7 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key);
 int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key);
 int dsa_verify_key(dsa_key *key, int *stat);
 #ifdef LTC_SOURCE
-int dsa_verify_key_ex(dsa_key *key, int *stat, int mode);
+int dsa_int_validate_key(dsa_key *key, int *stat, int mode);
 #endif
 int dsa_shared_secret(void          *private_key, void *base,
                      dsa_key       *public_key,
--- a/src/pk/dsa/dsa_set.c
+++ b/src/pk/dsa/dsa_set.c
@ -90,7 +90,7 @@ int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key
      if ((err = mp_read_unsigned_bin(key->y, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; }
   }

-   if ((err = dsa_verify_key_ex(key, &stat, 0)) != CRYPT_OK)                            { goto LBL_ERR; }
+   if ((err = dsa_int_validate_key(key, &stat, 0)) != CRYPT_OK)                            { goto LBL_ERR; }
   if (stat == 0) {
      err = CRYPT_INVALID_ARG;
      goto LBL_ERR;
--- a/src/pk/dsa/dsa_verify_key.c
+++ b/src/pk/dsa/dsa_verify_key.c
@ -16,17 +16,55 @@
 #ifdef LTC_MDSA

 /**
-   Verify a DSA key for validity
-   @param key   The key to verify
+   Validate a DSA key
+
+     Yeah, this function should've been called dsa_validate_key()
+     in the first place and for compat-reasons we keep it
+     as it was (for now).
+
+   @param key   The key to validate
   @param stat  [out]  Result of test, 1==valid, 0==invalid
   @return CRYPT_OK if successful
 */
 int dsa_verify_key(dsa_key *key, int *stat)
 {
-   return dsa_verify_key_ex(key, stat, 1); /* 1 = full check */
+   int    res, err;
+
+   LTC_ARGCHK(key  != NULL);
+   LTC_ARGCHK(stat != NULL);
+
+   /* default to an invalid key */
+   *stat = 0;
+
+   /* first make sure key->q and key->p are prime */
+   if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) {
+      return err;
+   }
+   if (res == LTC_MP_NO) {
+      return CRYPT_OK;
+   }
+
+   if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) {
+      return err;
+   }
+   if (res == LTC_MP_NO) {
+      return CRYPT_OK;
+   }
+
+   return dsa_int_validate_key(key, stat); /* 1 = full check */
 }

-int dsa_verify_key_ex(dsa_key *key, int *stat, int mode)
+/**
+   Non-complex part of the validation of a DSA key
+
+     This is the computation-wise 'non-complex' part of the
+     DSA key validation
+
+   @param key   The key to validate
+   @param stat  [out]  Result of test, 1==valid, 0==invalid
+   @return CRYPT_OK if successful
+*/
+int dsa_int_validate_key(dsa_key *key, int *stat)
 {
   void   *tmp, *tmp2;
   int    res, err;
@ -37,23 +75,6 @@ int dsa_verify_key_ex(dsa_key *key, int *stat, int mode)
   /* default to an invalid key */
   *stat = 0;

-   if (mode == 1) {
-      /* first make sure key->q and key->p are prime */
-      if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) {
-         return err;
-      }
-      if (res == 0) {
-         return CRYPT_OK;
-      }
-
-      if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) {
-         return err;
-      }
-      if (res == 0) {
-         return CRYPT_OK;
-      }
-   }
-
   /* now make sure that g is not -1, 0 or 1 and <p */
   if (mp_cmp_d(key->g, 0) == LTC_MP_EQ || mp_cmp_d(key->g, 1) == LTC_MP_EQ) {
      return CRYPT_OK;