summaryrefslogtreecommitdiff
path: root/src/pkg/crypto/dsa/dsa.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/pkg/crypto/dsa/dsa.go')
-rw-r--r--src/pkg/crypto/dsa/dsa.go54
1 files changed, 24 insertions, 30 deletions
diff --git a/src/pkg/crypto/dsa/dsa.go b/src/pkg/crypto/dsa/dsa.go
index a5f96fe94..05766a2f1 100644
--- a/src/pkg/crypto/dsa/dsa.go
+++ b/src/pkg/crypto/dsa/dsa.go
@@ -2,13 +2,13 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// Package dsa implements the Digital Signature Algorithm, as defined in FIPS 186-3
+// Package dsa implements the Digital Signature Algorithm, as defined in FIPS 186-3.
package dsa
import (
- "big"
+ "errors"
"io"
- "os"
+ "math/big"
)
// Parameters represents the domain parameters for a key. These parameters can
@@ -29,17 +29,11 @@ type PrivateKey struct {
X *big.Int
}
-type invalidPublicKeyError int
-
-func (invalidPublicKeyError) String() string {
- return "crypto/dsa: invalid public key"
-}
-
-// InvalidPublicKeyError results when a public key is not usable by this code.
+// ErrInvalidPublicKey results when a public key is not usable by this code.
// FIPS is quite strict about the format of DSA keys, but other code may be
// less so. Thus, when using keys which may have been generated by other code,
// this error must be handled.
-var InvalidPublicKeyError = invalidPublicKeyError(0)
+var ErrInvalidPublicKey = errors.New("crypto/dsa: invalid public key")
// ParameterSizes is a enumeration of the acceptable bit lengths of the primes
// in a set of DSA parameters. See FIPS 186-3, section 4.2.
@@ -58,7 +52,7 @@ const numMRTests = 64
// GenerateParameters puts a random, valid set of DSA parameters into params.
// This function takes many seconds, even on fast machines.
-func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes) (err os.Error) {
+func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes) (err error) {
// This function doesn't follow FIPS 186-3 exactly in that it doesn't
// use a verification seed to generate the primes. The verification
// seed doesn't appear to be exported or used by other code and
@@ -79,7 +73,7 @@ func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes
L = 3072
N = 256
default:
- return os.NewError("crypto/dsa: invalid ParameterSizes")
+ return errors.New("crypto/dsa: invalid ParameterSizes")
}
qBytes := make([]byte, N/8)
@@ -102,7 +96,7 @@ GeneratePrimes:
qBytes[0] |= 0x80
q.SetBytes(qBytes)
- if !big.ProbablyPrime(q, numMRTests) {
+ if !q.ProbablyPrime(numMRTests) {
continue
}
@@ -123,7 +117,7 @@ GeneratePrimes:
continue
}
- if !big.ProbablyPrime(p, numMRTests) {
+ if !p.ProbablyPrime(numMRTests) {
continue
}
@@ -156,9 +150,9 @@ GeneratePrimes:
// GenerateKey generates a public&private key pair. The Parameters of the
// PrivateKey must already be valid (see GenerateParameters).
-func GenerateKey(priv *PrivateKey, rand io.Reader) os.Error {
+func GenerateKey(priv *PrivateKey, rand io.Reader) error {
if priv.P == nil || priv.Q == nil || priv.G == nil {
- return os.NewError("crypto/dsa: parameters not set up before generating key")
+ return errors.New("crypto/dsa: parameters not set up before generating key")
}
x := new(big.Int)
@@ -185,12 +179,16 @@ func GenerateKey(priv *PrivateKey, rand io.Reader) os.Error {
// larger message) using the private key, priv. It returns the signature as a
// pair of integers. The security of the private key depends on the entropy of
// rand.
-func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err os.Error) {
+//
+// Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated
+// to the byte-length of the subgroup. This function does not perform that
+// truncation itself.
+func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) {
// FIPS 186-3, section 4.6
n := priv.Q.BitLen()
if n&7 != 0 {
- err = InvalidPublicKeyError
+ err = ErrInvalidPublicKey
return
}
n >>= 3
@@ -218,10 +216,7 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err os.
continue
}
- if n > len(hash) {
- n = len(hash)
- }
- z := k.SetBytes(hash[:n])
+ z := k.SetBytes(hash)
s = new(big.Int).Mul(priv.X, r)
s.Add(s, z)
@@ -238,7 +233,11 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err os.
}
// Verify verifies the signature in r, s of hash using the public key, pub. It
-// returns true iff the signature is valid.
+// reports whether the signature is valid.
+//
+// Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated
+// to the byte-length of the subgroup. This function does not perform that
+// truncation itself.
func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
// FIPS 186-3, section 4.7
@@ -255,12 +254,7 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
if n&7 != 0 {
return false
}
- n >>= 3
-
- if n > len(hash) {
- n = len(hash)
- }
- z := new(big.Int).SetBytes(hash[:n])
+ z := new(big.Int).SetBytes(hash)
u1 := new(big.Int).Mul(z, w)
u1.Mod(u1, pub.Q)
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-12 04:08:48 +0000