TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

another approach for dsa_int_validate_*

Browse Source
This commit is contained in:
Karel Miko 2017-09-14 10:39:51 +02:00
parent aa5b9dafc4
commit 5fb4c9f89b
3 changed files with 108 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/headers/tomcrypt_pk.h
View File

@ -480,7 +480,9 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key);
int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key); int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key);
int dsa_verify_key(dsa_key *key, int *stat); int dsa_verify_key(dsa_key *key, int *stat);
#ifdef LTC_SOURCE #ifdef LTC_SOURCE
int dsa_int_validate_key(dsa_key *key, int *stat); int dsa_int_validate_xy(dsa_key *key, int *stat);
int dsa_int_validate_pqg(dsa_key *key, int *stat);
int dsa_int_validate_primes(dsa_key *key, int *stat);
#endif #endif
int dsa_shared_secret(void *private_key, void *base, int dsa_shared_secret(void *private_key, void *base,
dsa_key *public_key, dsa_key *public_key,

13
src/pk/dsa/dsa_set.c
View File

@ -27,7 +27,7 @@ int dsa_set_pqg(const unsigned char *p, unsigned long plen,
const unsigned char *g, unsigned long glen, const unsigned char *g, unsigned long glen,
dsa_key *key) dsa_key *key)
{ {
int err; int err, stat;
LTC_ARGCHK(p != NULL); LTC_ARGCHK(p != NULL);
LTC_ARGCHK(q != NULL); LTC_ARGCHK(q != NULL);
@ -50,6 +50,14 @@ int dsa_set_pqg(const unsigned char *p, unsigned long plen,
err = CRYPT_INVALID_PACKET; err = CRYPT_INVALID_PACKET;
goto LBL_ERR; goto LBL_ERR;
} }
/* do only a quick validation, without primality testing */
if ((err = dsa_int_validate_pqg(key, &stat)) != CRYPT_OK) { goto LBL_ERR; }
if (stat == 0) {
err = CRYPT_INVALID_ARG;
goto LBL_ERR;
}
return CRYPT_OK; return CRYPT_OK;
LBL_ERR: LBL_ERR:
@ -90,8 +98,7 @@ int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key
if ((err = mp_read_unsigned_bin(key->y, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; } if ((err = mp_read_unsigned_bin(key->y, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; }
} }
/* do only a quick validation, without primality testing */ if ((err = dsa_int_validate_xy(key, &stat)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = dsa_int_validate_key(key, &stat)) != CRYPT_OK) { goto LBL_ERR; }
if (stat == 0) { if (stat == 0) {
err = CRYPT_INVALID_ARG; err = CRYPT_INVALID_ARG;
goto LBL_ERR; goto LBL_ERR;

135
src/pk/dsa/dsa_verify_key.c
View File

@ -28,15 +28,81 @@
*/ */
int dsa_verify_key(dsa_key *key, int *stat) int dsa_verify_key(dsa_key *key, int *stat)
{ {
int res, err; int err;
err = dsa_int_validate_primes(key, stat);
if (err != CRYPT_OK || *stat == 0) return err;
err = dsa_int_validate_pqg(key, stat);
if (err != CRYPT_OK || *stat == 0) return err;
return dsa_int_validate_xy(key, stat);
}
/**
Non-complex part (no primality testing) of the validation
of DSA params (p, q, g)
@param key The key to validate
@param stat [out] Result of test, 1==valid, 0==invalid
@return CRYPT_OK if successful
*/
int dsa_int_validate_pqg(dsa_key *key, int *stat)
{
void *tmp, *tmp2;
int err;
*stat = 0;
LTC_ARGCHK(key != NULL); LTC_ARGCHK(key != NULL);
LTC_ARGCHK(stat != NULL); LTC_ARGCHK(stat != NULL);
/* default to an invalid key */ /* now make sure that g is not -1, 0 or 1 and <p */
*stat = 0; if (mp_cmp_d(key->g, 0) == LTC_MP_EQ || mp_cmp_d(key->g, 1) == LTC_MP_EQ) {
return CRYPT_OK;
}
if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != CRYPT_OK) { return err; }
if ((err = mp_sub_d(key->p, 1, tmp)) != CRYPT_OK) { goto error; }
if (mp_cmp(tmp, key->g) == LTC_MP_EQ || mp_cmp(key->g, key->p) != LTC_MP_LT) {
err = CRYPT_OK;
goto error;
}
/* first make sure key->q and key->p are prime */ /* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */
if ((err = mp_div(tmp, key->q, tmp, tmp2)) != CRYPT_OK) { goto error; }
if (mp_iszero(tmp2) != LTC_MP_YES) {
err = CRYPT_OK;
goto error;
}
if ((err = mp_exptmod(key->g, key->q, key->p, tmp)) != CRYPT_OK) { goto error; }
if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) {
err = CRYPT_OK;
goto error;
}
err = CRYPT_OK;
*stat = 1;
error:
mp_clear_multi(tmp, tmp2, NULL);
return err;
}
/**
Primality testing of DSA params p and q
@param key The key to validate
@param stat [out] Result of test, 1==valid, 0==invalid
@return CRYPT_OK if successful
*/
int dsa_int_validate_primes(dsa_key *key, int *stat)
{
int err, res;
*stat = 0;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(stat != NULL);
/* key->q prime? */
if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) { if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) {
return err; return err;
} }
@ -44,6 +110,7 @@ int dsa_verify_key(dsa_key *key, int *stat)
return CRYPT_OK; return CRYPT_OK;
} }
/* key->p prime? */
if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) { if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) {
return err; return err;
} }
@ -51,74 +118,62 @@ int dsa_verify_key(dsa_key *key, int *stat)
return CRYPT_OK; return CRYPT_OK;
} }
return dsa_int_validate_key(key, stat); *stat = 1;
return CRYPT_OK;
} }
/** /**
Non-complex part of the validation of a DSA key Validation of a DSA key (x and y values)
This is the computation-wise 'non-complex' part of the
DSA key validation
@param key The key to validate @param key The key to validate
@param stat [out] Result of test, 1==valid, 0==invalid @param stat [out] Result of test, 1==valid, 0==invalid
@return CRYPT_OK if successful @return CRYPT_OK if successful
*/ */
int dsa_int_validate_key(dsa_key *key, int *stat) int dsa_int_validate_xy(dsa_key *key, int *stat)
{ {
void *tmp, *tmp2; void *tmp;
int err; int err;
*stat = 0;
LTC_ARGCHK(key != NULL); LTC_ARGCHK(key != NULL);
LTC_ARGCHK(stat != NULL); LTC_ARGCHK(stat != NULL);
/* default to an invalid key */ /* 1 < y < p-1 */
*stat = 0; if ((err = mp_init(&tmp)) != CRYPT_OK) {
return err;
/* now make sure that g is not -1, 0 or 1 and <p */
if (mp_cmp_d(key->g, 0) == LTC_MP_EQ || mp_cmp_d(key->g, 1) == LTC_MP_EQ) {
return CRYPT_OK;
} }
if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != CRYPT_OK) { return err; } if ((err = mp_sub_d(key->p, 1, tmp)) != CRYPT_OK) {
if ((err = mp_sub_d(key->p, 1, tmp)) != CRYPT_OK) { goto error; }
if (mp_cmp(tmp, key->g) == LTC_MP_EQ || mp_cmp(key->g, key->p) != LTC_MP_LT) {
err = CRYPT_OK;
goto error; goto error;
} }
/* 1 < y < p-1 */
if (!(mp_cmp_d(key->y, 1) == LTC_MP_GT && mp_cmp(key->y, tmp) == LTC_MP_LT)) { if (!(mp_cmp_d(key->y, 1) == LTC_MP_GT && mp_cmp(key->y, tmp) == LTC_MP_LT)) {
err = CRYPT_OK; err = CRYPT_OK;
goto error; goto error;
} }
/* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */
if ((err = mp_div(tmp, key->q, tmp, tmp2)) != CRYPT_OK) { goto error; }
if (mp_iszero(tmp2) != LTC_MP_YES) {
err = CRYPT_OK;
goto error;
}
if ((err = mp_exptmod(key->g, key->q, key->p, tmp)) != CRYPT_OK) { goto error; }
if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) {
err = CRYPT_OK;
goto error;
}
/* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */ /* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */
if ((err = mp_exptmod(key->y, key->q, key->p, tmp)) != CRYPT_OK) { goto error; } if ((err = mp_exptmod(key->y, key->q, key->p, tmp)) != CRYPT_OK) {
goto error;
}
if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) { if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) {
err = CRYPT_OK; err = CRYPT_OK;
goto error; goto error;
} }
/* at this point we are out of tests ;-( */ if (key->type == PK_PRIVATE) {
/* x > 1 */
if (!(mp_cmp_d(key->x, 1) == LTC_MP_GT)) {
err = CRYPT_OK;
goto error;
}
}
err = CRYPT_OK; err = CRYPT_OK;
*stat = 1; *stat = 1;
error: error:
mp_clear_multi(tmp, tmp2, NULL); mp_clear(tmp);
return err; return err;
} }
#endif #endif
/* ref: $Format:%D$ */ /* ref: $Format:%D$ */