int
dsa_sha256_verify_digest(const struct dsa_public_key *key,
const uint8_t *digest,
const struct dsa_signature *signature)
{
return _dsa_verify(key, SHA256_DIGEST_SIZE, digest, signature);
}
int
dsa_sha256_verify(const struct dsa_public_key *key,
struct sha256_ctx *hash,
const struct dsa_signature *signature)
{
uint8_t digest[SHA256_DIGEST_SIZE];
sha256_digest(hash, sizeof(digest), digest);
return _dsa_verify(key, sizeof(digest), digest, signature);
}
static int
_wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
const gnutls_datum_t * vdata,
const gnutls_datum_t * signature,
const gnutls_pk_params_st * pk_params)
{
int ret;
unsigned int hash_len;
bigint_t tmp[2] = { NULL, NULL };
switch (algo)
{
case GNUTLS_PK_EC: /* ECDSA */
{
ecc_key pub;
struct dsa_signature sig;
int stat;
int curve_id = pk_params->flags;
if (is_supported_curve(curve_id) == 0)
return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
_ecc_params_to_pubkey(pk_params, &pub);
memcpy (&sig.r, tmp[0], sizeof (sig.r));
memcpy (&sig.s, tmp[1], sizeof (sig.s));
_gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
if (hash_len > vdata->size)
hash_len = vdata->size;
ret = ecc_verify_hash(&sig, vdata->data, hash_len, &stat, &pub, curve_id);
if (ret != 0 || stat != 1)
{
gnutls_assert();
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
else
ret = 0;
_gnutls_mpi_release (&tmp[0]);
_gnutls_mpi_release (&tmp[1]);
_ecc_params_clear( &pub);
break;
}
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
struct dsa_signature sig;
ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
memset(&pub, 0, sizeof(pub));
_dsa_params_to_pubkey (pk_params, &pub);
memcpy (&sig.r, tmp[0], sizeof (sig.r));
memcpy (&sig.s, tmp[1], sizeof (sig.s));
_gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
if (hash_len > vdata->size)
hash_len = vdata->size;
ret = _dsa_verify (&pub, hash_len, vdata->data, &sig);
if (ret == 0)
{
gnutls_assert();
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
else
ret = 0;
_gnutls_mpi_release (&tmp[0]);
_gnutls_mpi_release (&tmp[1]);
break;
}
case GNUTLS_PK_RSA:
{
struct rsa_public_key pub;
_rsa_params_to_pubkey (pk_params, &pub);
ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
ret = rsa_pkcs1_verify (&pub, vdata->size, vdata->data, TOMPZ(tmp[0]));
if (ret == 0)
ret = gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED);
else ret = 0;
_gnutls_mpi_release (&tmp[0]);
break;
}
default:
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
cleanup:
return ret;
}
static int
_wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
const gnutls_datum_t * vdata,
const gnutls_datum_t * signature,
const gnutls_pk_params_st * pk_params)
{
int ret;
unsigned int hash_len;
bigint_t tmp[2] = { NULL, NULL };
switch (algo)
{
case GNUTLS_PK_EC: /* ECDSA */
{
ecc_key pub;
struct dsa_signature sig;
int stat;
ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
_ecc_params_to_pubkey(pk_params, &pub);
memcpy (&sig.r, tmp[0], sizeof (sig.r));
memcpy (&sig.s, tmp[1], sizeof (sig.s));
_gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
if (hash_len > vdata->size)
hash_len = vdata->size;
ret = ecc_verify_hash(&sig, vdata->data, hash_len, &stat, &pub);
if (ret != 0 || stat != 1)
{
gnutls_assert();
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
else
ret = 0;
_gnutls_mpi_release (&tmp[0]);
_gnutls_mpi_release (&tmp[1]);
_ecc_params_clear( &pub);
break;
}
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
struct dsa_signature sig;
ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
memset(&pub, 0, sizeof(pub));
_dsa_params_to_pubkey (pk_params, &pub);
memcpy (&sig.r, tmp[0], sizeof (sig.r));
memcpy (&sig.s, tmp[1], sizeof (sig.s));
_gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
if (hash_len > vdata->size)
hash_len = vdata->size;
ret = _dsa_verify (&pub, hash_len, vdata->data, &sig);
if (ret == 0)
{
gnutls_assert();
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
else
ret = 0;
_gnutls_mpi_release (&tmp[0]);
_gnutls_mpi_release (&tmp[1]);
break;
}
case GNUTLS_PK_RSA:
{
bigint_t hash;
if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
{
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
}
ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
ret = _int_rsa_verify (pk_params, hash, tmp[0]);
_gnutls_mpi_release (&tmp[0]);
_gnutls_mpi_release (&hash);
break;
}
default:
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
cleanup:
return ret;
}
