Cryptography Reference
In-Depth Information
copy_huge( &q, ¶ms->q );
divide( &u1, &q, NULL ); // u1 is “v” now
// Check to see if v & s match
match = !compare( &u1, &signature->r );
free_huge( &w );
free_huge( &z );
free_huge( &u1 );
free_huge( &u2 );
return match;
}
As with the signing algorithm, I've added comments so that you can match
what the code is doing with the algorithm. Notice that this doesn't use
u1
and
u2
exactly as they're shown in the algorithm, instead putting
u1
and
u2
into
z
and
w
because you don't need them again, and then using
u1
and
u2
to hold
the
mod_pow
values later on.
Also notice how:
( ( g
u1
y
u2
) % p ) % q
is put together. You don't want to compute g
u1
, then compute y
u2
and then mul-
tiply them by each other to fi nally fi gure out “mod p” of the whole mess. You
want to be able to use your
mod_pow
algorithm to keep the memory constraints
manageable. So instead, factor the
v
computation out into
v
v
( ( ( g
u1
% p ) * ( y
u2
% p ) ) % p ) % q
by the distributivity of the modulus operator. Now you can use
mod_pow
to
compute (g
u1
) % p and ( y
u2
% p), multiply these together, which results in at
most 2
p
bits, and then apply the modulus operation twice.
You can put together a main routine to test this but, like RSA's
e
,
d
, and
n
, the
DSA parameters
g
,
p
,
q
,
x
, and
y
must be specifi cally related and you haven't yet
seen how. So just hardcode a sample set in the routine in Listing 4-34 to show
how it can be called.
Listing 4-34:
“dsa.c” test main routine
#ifdef TEST_DSA
int main( int argc, char *argv[] )
{
unsigned char priv[] = {
0x53, 0x61, 0xae, 0x4f, 0x6f, 0x25, 0x98, 0xde, 0xc4, 0xbf, 0x0b, 0xbe, 0x09,
0x5f, 0xdf, 0x90, 0x2f, 0x4c, 0x8e, 0x09 };
unsigned char pub[] = {
0x1b, 0x91, 0x4c, 0xa9, 0x73, 0xdc, 0x06, 0x0d, 0x21, 0xc6, 0xff, 0xab, 0xf6,
(Continued)
Search WWH ::
Custom Search