/**
Verify a DSA signature
@param sig The signature
@param siglen The length of the signature (octets)
@param hash The hash that was signed
@param hashlen The length of the hash that was signed
@param stat [out] The result of the signature verification, 1==valid, 0==invalid
@param key The corresponding public DH key
@return CRYPT_OK if successful (even if the signature is invalid)
*/
int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
const unsigned char *hash, unsigned long hashlen,
int *stat, dsa_key *key)
{
int err;
mp_int r, s;
if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) {
return CRYPT_MEM;
}
/* decode the sequence */
if ((err = der_decode_sequence_multi(sig, siglen,
LTC_ASN1_INTEGER, 1UL, &r,
LTC_ASN1_INTEGER, 1UL, &s,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_ERR;
}
/* do the op */
err = dsa_verify_hash_raw(&r, &s, hash, hashlen, stat, key);
LBL_ERR:
mp_clear_multi(&r, &s, NULL);
return err;
}
static
int rpmltcVerifyDSA(pgpDig dig)
/*@*/
{
rpmltc ltc = dig->impl;
int rc = 0; /* assume failure. */
int xx;
if (ltc->digest == NULL || ltc->digestlen == 0) goto exit;
if (ltc->r == NULL || ltc->s == NULL) goto exit;
#ifdef DYING
rpmltcDumpDSA(__FUNCTION__, ltc);
#endif
xx = rpmltcErr(ltc, "dsa_verify_hash_raw",
dsa_verify_hash_raw(ltc->r, ltc->s,
ltc->digest, ltc->digestlen, &rc, <c->dsa));
exit:
SPEW(!rc, rc, dig);
return rc;
}
