qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-21 22:54:40 -07:00
Code Releases Activity

crypto/dsa: don't truncate input hashes.

Browse Source 
Although FIPS 186-3 says that we should truncate the hashes, at least
one other library (libgcrypt) doesn't. This means that it's impossible
to interoperate with code using gcrypt if we enforce the truncation
inside of crypto/dsa.

This change shouldn't actually affect anything because nearly
everybody pairs DSA with SHA1, which doesn't need to be truncated in
either case.

R=golang-dev, bradfitz, rsc
CC=golang-dev
https://golang.org/cl/5471043
This commit is contained in:
Adam Langley 2011-12-08 16:46:19 -05:00
parent 9d59c40eab
commit 60f564fc37
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/pkg/crypto/dsa/dsa.go
View File

@ -185,6 +185,10 @@ func GenerateKey(priv *PrivateKey, rand io.Reader) error {
// larger message) using the private key, priv. It returns the signature as a
// pair of integers. The security of the private key depends on the entropy of
// rand.
//
// Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated
// to the byte-length of the subgroup. This function does not perform that
// truncation itself.
func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) {
// FIPS 186-3, section 4.6
@ -218,10 +222,7 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err
continue
}
if n > len(hash) {
n = len(hash)
}
z := k.SetBytes(hash[:n])
z := k.SetBytes(hash)
s = new(big.Int).Mul(priv.X, r)
s.Add(s, z)
@ -238,7 +239,11 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err
}
// Verify verifies the signature in r, s of hash using the public key, pub. It
// returns true iff the signature is valid.
// reports whether the signature is valid.
//
// Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated
// to the byte-length of the subgroup. This function does not perform that
// truncation itself.
func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
// FIPS 186-3, section 4.7
@ -255,12 +260,7 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
if n&7 != 0 {
return false
}
n >>= 3
if n > len(hash) {
n = len(hash)
}
z := new(big.Int).SetBytes(hash[:n])
z := new(big.Int).SetBytes(hash)
u1 := new(big.Int).Mul(z, w)
u1.Mod(u1, pub.Q)