diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 3171efd4..8e0b1913 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -479,7 +479,9 @@ int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key); int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key); int dsa_verify_key(dsa_key *key, int *stat); - +#ifdef LTC_SOURCE +int dsa_verify_key_ex(dsa_key *key, int *stat, int mode); +#endif int dsa_shared_secret(void *private_key, void *base, dsa_key *public_key, unsigned char *out, unsigned long *outlen); diff --git a/src/pk/dsa/dsa_set.c b/src/pk/dsa/dsa_set.c index d85ae8cd..11ad6501 100644 --- a/src/pk/dsa/dsa_set.c +++ b/src/pk/dsa/dsa_set.c @@ -45,12 +45,6 @@ int dsa_set_pqg(const unsigned char *p, unsigned long plen, key->qord = mp_unsigned_bin_size(key->q); - /* just a quick, basic test - use dsa_verify_key if you want more */ - if (mp_cmp_d(key->p, 1) != LTC_MP_GT || mp_cmp_d(key->g, 1) != LTC_MP_GT || mp_cmp_d(key->q, 1) != LTC_MP_GT) { - err= CRYPT_INVALID_ARG; - goto LBL_ERR; - } - if (key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 || (unsigned long)key->qord >= mp_unsigned_bin_size(key->p) || (mp_unsigned_bin_size(key->p) - key->qord) >= LTC_MDSA_DELTA) { err = CRYPT_INVALID_PACKET; @@ -76,7 +70,7 @@ LBL_ERR: */ int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key *key) { - int err; + int err, stat = 0; LTC_ARGCHK(key != NULL); LTC_ARGCHK(key->x != NULL); @@ -89,19 +83,17 @@ int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key if (type == PK_PRIVATE) { key->type = PK_PRIVATE; if ((err = mp_read_unsigned_bin(key->x, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; } - if (mp_cmp_d(key->x, 1) != LTC_MP_GT) { - err= CRYPT_INVALID_ARG; - goto LBL_ERR; - } if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { goto LBL_ERR; } } else { key->type = PK_PUBLIC; if ((err = mp_read_unsigned_bin(key->y, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; } - if (mp_cmp_d(key->y, 1) != LTC_MP_GT || mp_cmp(key->y, key->p) != LTC_MP_LT) { - err= CRYPT_INVALID_ARG; - goto LBL_ERR; - } + } + + if ((err = dsa_verify_key_ex(key, &stat, 0)) != CRYPT_OK) { goto LBL_ERR; } + if (stat == 0) { + err = CRYPT_INVALID_ARG; + goto LBL_ERR; } return CRYPT_OK; diff --git a/src/pk/dsa/dsa_verify_key.c b/src/pk/dsa/dsa_verify_key.c index d263d4e1..c5cdff7f 100644 --- a/src/pk/dsa/dsa_verify_key.c +++ b/src/pk/dsa/dsa_verify_key.c @@ -22,6 +22,11 @@ @return CRYPT_OK if successful */ int dsa_verify_key(dsa_key *key, int *stat) +{ + return dsa_verify_key_ex(key, stat, 1); /* 1 = full check */ +} + +int dsa_verify_key_ex(dsa_key *key, int *stat, int mode) { void *tmp, *tmp2; int res, err; @@ -32,19 +37,21 @@ int dsa_verify_key(dsa_key *key, int *stat) /* default to an invalid key */ *stat = 0; - /* first make sure key->q and key->p are prime */ - if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) { - return err; - } - if (res == 0) { - return CRYPT_OK; - } + if (mode == 1) { + /* first make sure key->q and key->p are prime */ + if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) { + return err; + } + if (res == 0) { + return CRYPT_OK; + } - if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) { - return err; - } - if (res == 0) { - return CRYPT_OK; + if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) { + return err; + } + if (res == 0) { + return CRYPT_OK; + } } /* now make sure that g is not -1, 0 or 1 and