diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 3a9e2de..a33638a 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -480,7 +480,9 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key); int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key); int dsa_verify_key(dsa_key *key, int *stat); #ifdef LTC_SOURCE -int dsa_int_validate_key(dsa_key *key, int *stat); +int dsa_int_validate_xy(dsa_key *key, int *stat); +int dsa_int_validate_pqg(dsa_key *key, int *stat); +int dsa_int_validate_primes(dsa_key *key, int *stat); #endif int dsa_shared_secret(void *private_key, void *base, dsa_key *public_key, diff --git a/src/pk/dsa/dsa_set.c b/src/pk/dsa/dsa_set.c index 5cf4f6d..ff5e006 100644 --- a/src/pk/dsa/dsa_set.c +++ b/src/pk/dsa/dsa_set.c @@ -27,7 +27,7 @@ int dsa_set_pqg(const unsigned char *p, unsigned long plen, const unsigned char *g, unsigned long glen, dsa_key *key) { - int err; + int err, stat; LTC_ARGCHK(p != NULL); LTC_ARGCHK(q != NULL); @@ -50,6 +50,14 @@ int dsa_set_pqg(const unsigned char *p, unsigned long plen, err = CRYPT_INVALID_PACKET; goto LBL_ERR; } + + /* do only a quick validation, without primality testing */ + if ((err = dsa_int_validate_pqg(key, &stat)) != CRYPT_OK) { goto LBL_ERR; } + if (stat == 0) { + err = CRYPT_INVALID_ARG; + goto LBL_ERR; + } + return CRYPT_OK; LBL_ERR: @@ -90,8 +98,7 @@ int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key if ((err = mp_read_unsigned_bin(key->y, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; } } - /* do only a quick validation, without primality testing */ - if ((err = dsa_int_validate_key(key, &stat)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = dsa_int_validate_xy(key, &stat)) != CRYPT_OK) { goto LBL_ERR; } if (stat == 0) { err = CRYPT_INVALID_ARG; goto LBL_ERR; diff --git a/src/pk/dsa/dsa_verify_key.c b/src/pk/dsa/dsa_verify_key.c index 3d507fa..c429ce0 100644 --- a/src/pk/dsa/dsa_verify_key.c +++ b/src/pk/dsa/dsa_verify_key.c @@ -28,15 +28,81 @@ */ int dsa_verify_key(dsa_key *key, int *stat) { - int res, err; + int err; + err = dsa_int_validate_primes(key, stat); + if (err != CRYPT_OK || *stat == 0) return err; + + err = dsa_int_validate_pqg(key, stat); + if (err != CRYPT_OK || *stat == 0) return err; + + return dsa_int_validate_xy(key, stat); +} + +/** + Non-complex part (no primality testing) of the validation + of DSA params (p, q, g) + + @param key The key to validate + @param stat [out] Result of test, 1==valid, 0==invalid + @return CRYPT_OK if successful +*/ +int dsa_int_validate_pqg(dsa_key *key, int *stat) +{ + void *tmp, *tmp2; + int err; + + *stat = 0; LTC_ARGCHK(key != NULL); LTC_ARGCHK(stat != NULL); - /* default to an invalid key */ - *stat = 0; + /* now make sure that g is not -1, 0 or 1 and

g, 0) == LTC_MP_EQ || mp_cmp_d(key->g, 1) == LTC_MP_EQ) { + return CRYPT_OK; + } + if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != CRYPT_OK) { return err; } + if ((err = mp_sub_d(key->p, 1, tmp)) != CRYPT_OK) { goto error; } + if (mp_cmp(tmp, key->g) == LTC_MP_EQ || mp_cmp(key->g, key->p) != LTC_MP_LT) { + err = CRYPT_OK; + goto error; + } - /* first make sure key->q and key->p are prime */ + /* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */ + if ((err = mp_div(tmp, key->q, tmp, tmp2)) != CRYPT_OK) { goto error; } + if (mp_iszero(tmp2) != LTC_MP_YES) { + err = CRYPT_OK; + goto error; + } + + if ((err = mp_exptmod(key->g, key->q, key->p, tmp)) != CRYPT_OK) { goto error; } + if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) { + err = CRYPT_OK; + goto error; + } + + err = CRYPT_OK; + *stat = 1; +error: + mp_clear_multi(tmp, tmp2, NULL); + return err; +} + +/** + Primality testing of DSA params p and q + + @param key The key to validate + @param stat [out] Result of test, 1==valid, 0==invalid + @return CRYPT_OK if successful +*/ +int dsa_int_validate_primes(dsa_key *key, int *stat) +{ + int err, res; + + *stat = 0; + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(stat != NULL); + + /* key->q prime? */ if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) { return err; } @@ -44,6 +110,7 @@ int dsa_verify_key(dsa_key *key, int *stat) return CRYPT_OK; } + /* key->p prime? */ if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) { return err; } @@ -51,74 +118,62 @@ int dsa_verify_key(dsa_key *key, int *stat) return CRYPT_OK; } - return dsa_int_validate_key(key, stat); + *stat = 1; + return CRYPT_OK; } /** - Non-complex part of the validation of a DSA key - - This is the computation-wise 'non-complex' part of the - DSA key validation + Validation of a DSA key (x and y values) @param key The key to validate @param stat [out] Result of test, 1==valid, 0==invalid @return CRYPT_OK if successful */ -int dsa_int_validate_key(dsa_key *key, int *stat) +int dsa_int_validate_xy(dsa_key *key, int *stat) { - void *tmp, *tmp2; - int err; + void *tmp; + int err; + *stat = 0; LTC_ARGCHK(key != NULL); LTC_ARGCHK(stat != NULL); - /* default to an invalid key */ - *stat = 0; - - /* now make sure that g is not -1, 0 or 1 and

g, 0) == LTC_MP_EQ || mp_cmp_d(key->g, 1) == LTC_MP_EQ) { - return CRYPT_OK; + /* 1 < y < p-1 */ + if ((err = mp_init(&tmp)) != CRYPT_OK) { + return err; } - if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != CRYPT_OK) { return err; } - if ((err = mp_sub_d(key->p, 1, tmp)) != CRYPT_OK) { goto error; } - if (mp_cmp(tmp, key->g) == LTC_MP_EQ || mp_cmp(key->g, key->p) != LTC_MP_LT) { - err = CRYPT_OK; + if ((err = mp_sub_d(key->p, 1, tmp)) != CRYPT_OK) { goto error; } - - /* 1 < y < p-1 */ if (!(mp_cmp_d(key->y, 1) == LTC_MP_GT && mp_cmp(key->y, tmp) == LTC_MP_LT)) { err = CRYPT_OK; goto error; } - /* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */ - if ((err = mp_div(tmp, key->q, tmp, tmp2)) != CRYPT_OK) { goto error; } - if (mp_iszero(tmp2) != LTC_MP_YES) { - err = CRYPT_OK; - goto error; - } - - if ((err = mp_exptmod(key->g, key->q, key->p, tmp)) != CRYPT_OK) { goto error; } - if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) { - err = CRYPT_OK; - goto error; - } - /* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */ - if ((err = mp_exptmod(key->y, key->q, key->p, tmp)) != CRYPT_OK) { goto error; } + if ((err = mp_exptmod(key->y, key->q, key->p, tmp)) != CRYPT_OK) { + goto error; + } if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) { err = CRYPT_OK; goto error; } - /* at this point we are out of tests ;-( */ + if (key->type == PK_PRIVATE) { + /* x > 1 */ + if (!(mp_cmp_d(key->x, 1) == LTC_MP_GT)) { + err = CRYPT_OK; + goto error; + } + } + err = CRYPT_OK; *stat = 1; error: - mp_clear_multi(tmp, tmp2, NULL); + mp_clear(tmp); return err; } + #endif /* ref: $Format:%D$ */