introducing dsa_verify_key_ex

2017-09-11 23:36:03 +02:00 · 2017-09-11 23:36:03 +02:00 · 053ba6d600
commit 053ba6d600
parent 2505e3b609
3 changed files with 29 additions and 28 deletions
--- a/src/headers/tomcrypt_pk.h
+++ b/src/headers/tomcrypt_pk.h
@ -479,7 +479,9 @@ int dsa_decrypt_key(const unsigned char *in,  unsigned long  inlen,
 int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key);
 int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key);
 int dsa_verify_key(dsa_key *key, int *stat);
-
+#ifdef LTC_SOURCE
 int dsa_verify_key_ex(dsa_key *key, int *stat, int mode);
 #endif
 int dsa_shared_secret(void          *private_key, void *base,
                      dsa_key       *public_key,
                      unsigned char *out,         unsigned long *outlen);
--- a/src/pk/dsa/dsa_set.c
+++ b/src/pk/dsa/dsa_set.c
@ -45,12 +45,6 @@ int dsa_set_pqg(const unsigned char *p,  unsigned long plen,
   key->qord = mp_unsigned_bin_size(key->q);
   /* just a quick, basic test - use dsa_verify_key if you want more */
   if (mp_cmp_d(key->p, 1) != LTC_MP_GT || mp_cmp_d(key->g, 1) != LTC_MP_GT || mp_cmp_d(key->q, 1) != LTC_MP_GT) {
      err= CRYPT_INVALID_ARG;
      goto LBL_ERR;
   }
   if (key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 ||
      (unsigned long)key->qord >= mp_unsigned_bin_size(key->p) || (mp_unsigned_bin_size(key->p) - key->qord) >= LTC_MDSA_DELTA) {
      err = CRYPT_INVALID_PACKET;
@ -76,7 +70,7 @@ LBL_ERR:
 */
 int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key *key)
 {
-   int err;
+   int err, stat = 0;
   LTC_ARGCHK(key         != NULL);
   LTC_ARGCHK(key->x      != NULL);
@ -89,19 +83,17 @@ int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key
   if (type == PK_PRIVATE) {
      key->type = PK_PRIVATE;
      if ((err = mp_read_unsigned_bin(key->x, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; }
      if (mp_cmp_d(key->x, 1) != LTC_MP_GT) {
         err= CRYPT_INVALID_ARG;
         goto LBL_ERR;
      }
      if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK)               { goto LBL_ERR; }
   }
   else {
      key->type = PK_PUBLIC;
      if ((err = mp_read_unsigned_bin(key->y, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; }
-      if (mp_cmp_d(key->y, 1) != LTC_MP_GT || mp_cmp(key->y, key->p) != LTC_MP_LT) {
+   }
-         err= CRYPT_INVALID_ARG;
+
-         goto LBL_ERR;
+   if ((err = dsa_verify_key_ex(key, &stat, 0)) != CRYPT_OK)                            { goto LBL_ERR; }
-      }
+   if (stat == 0) {
      err = CRYPT_INVALID_ARG;
      goto LBL_ERR;
   }
   return CRYPT_OK;
--- a/src/pk/dsa/dsa_verify_key.c
+++ b/src/pk/dsa/dsa_verify_key.c
@ -22,6 +22,11 @@
   @return CRYPT_OK if successful
 */
 int dsa_verify_key(dsa_key *key, int *stat)
 {
   return dsa_verify_key_ex(key, stat, 1); /* 1 = full check */
 }
 int dsa_verify_key_ex(dsa_key *key, int *stat, int mode)
 {
   void   *tmp, *tmp2;
   int    res, err;
@ -32,19 +37,21 @@ int dsa_verify_key(dsa_key *key, int *stat)
   /* default to an invalid key */
   *stat = 0;
-   /* first make sure key->q and key->p are prime */
+   if (mode == 1) {
-   if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) {
+      /* first make sure key->q and key->p are prime */
-      return err;
+      if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) {
-   }
+         return err;
-   if (res == 0) {
+      }
-      return CRYPT_OK;
+      if (res == 0) {
-   }
+         return CRYPT_OK;
      }
-   if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) {
+      if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) {
-      return err;
+         return err;
-   }
+      }
-   if (res == 0) {
+      if (res == 0) {
-      return CRYPT_OK;
+         return CRYPT_OK;
      }
   }
   /* now make sure that g is not -1, 0 or 1 and <p */