diff options
author | Matt Johnston <matt@ucc.asn.au> | 2018-02-17 19:29:51 +0800 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2018-02-17 19:29:51 +0800 |
commit | 104e39e9caf447cb416a6d83ea7eedd4481ce4c3 (patch) | |
tree | b8b33aaee9f7336e592da7a916ee05bae3412c22 /dss.c | |
parent | 2b551518f8625f87a22ea1fde40e3c7d841bf9d0 (diff) | |
parent | 769be133237df6d9a4028645e7e9924be8544c8f (diff) | |
download | dropbear-104e39e9caf447cb416a6d83ea7eedd4481ce4c3.tar.gz |
merge from main
Diffstat (limited to 'dss.c')
-rw-r--r-- | dss.c | 25 |
1 files changed, 25 insertions, 0 deletions
@@ -73,6 +73,18 @@ int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) { goto out; } + /* test 1 < g < p */ + if (mp_cmp_d(key->g, 1) != MP_GT) { + dropbear_log(LOG_WARNING, "Bad DSS g"); + ret = DROPBEAR_FAILURE; + goto out; + } + if (mp_cmp(key->g, key->p) != MP_LT) { + dropbear_log(LOG_WARNING, "Bad DSS g"); + ret = DROPBEAR_FAILURE; + goto out; + } + ret = DROPBEAR_SUCCESS; TRACE(("leave buf_get_dss_pub_key: success")) out: @@ -172,6 +184,13 @@ int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_ goto out; } +#if DEBUG_DSS_VERIFY + printmpint("dss verify p", key->p); + printmpint("dss verify q", key->q); + printmpint("dss verify g", key->g); + printmpint("dss verify y", key->y); +#endif + /* hash the data */ sha1_init(&hs); sha1_process(&hs, data_buf->data, data_buf->len); @@ -181,6 +200,9 @@ int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_ /* w = (s')-1 mod q */ /* let val1 = s' */ bytes_to_mp(&val1, (const unsigned char*) &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE); +#if DEBUG_DSS_VERIFY + printmpint("dss verify s'", &val1); +#endif if (mp_cmp(&val1, key->q) != MP_LT) { TRACE(("verify failed, s' >= q")) @@ -198,6 +220,9 @@ int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_ /* u1 = ((SHA(M')w) mod q */ /* let val1 = SHA(M') = msghash */ bytes_to_mp(&val1, msghash, SHA1_HASH_SIZE); +#if DEBUG_DSS_VERIFY + printmpint("dss verify r'", &val1); +#endif /* let val3 = u1 = ((SHA(M')w) mod q */ if (mp_mulmod(&val1, &val2, key->q, &val3) != MP_OKAY) { |