suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Correctly check parameters range in DSA verify.

Browse Source
This commit is contained in:
Krzysztof Kotowicz 2015-02-10 12:01:22 +01:00
parent 168b184a1a
commit 587127acd1
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/crypto/public_key/dsa.js
View File

@ -102,14 +102,18 @@ function DSA() {
function verify(hashalgo, s1, s2, m, p, q, g, y) { function verify(hashalgo, s1, s2, m, p, q, g, y) {
var hashed_data = util.getLeftNBits(hashModule.digest(hashalgo, m), q.bitLength()); var hashed_data = util.getLeftNBits(hashModule.digest(hashalgo, m), q.bitLength());
var hash = new BigInteger(util.hexstrdump(hashed_data), 16); var hash = new BigInteger(util.hexstrdump(hashed_data), 16);
if (BigInteger.ZERO.compareTo(s1) > 0 || if (BigInteger.ZERO.compareTo(s1) >= 0 ||
s1.compareTo(q) > 0 || s1.compareTo(q) >= 0 ||
BigInteger.ZERO.compareTo(s2) > 0 || BigInteger.ZERO.compareTo(s2) >= 0 ||
s2.compareTo(q) > 0) { s2.compareTo(q) >= 0) {
util.print_debug("invalid DSA Signature"); util.print_debug("invalid DSA Signature");
return null; return null;
} }
var w = s2.modInverse(q); var w = s2.modInverse(q);
if (BigInteger.ZERO.compareTo(w) == 0) {
util.print_debug("invalid DSA Signature");
return null;
}
var u1 = hash.multiply(w).mod(q); var u1 = hash.multiply(w).mod(q);
var u2 = s1.multiply(w).mod(q); var u2 = s1.multiply(w).mod(q);
return g.modPow(u1, p).multiply(y.modPow(u2, p)).mod(p).mod(q); return g.modPow(u1, p).multiply(y.modPow(u2, p)).mod(p).mod(q);