Add DL_Group functions to verify elements

3 files changed, 48 insertions, 31 deletions

diff --git a/src/lib/pubkey/dl_algo/dl_algo.cpp b/src/lib/pubkey/dl_algo/dl_algo.cpp
index c5fc1e082..d31f927d7 100644
--- a/src/lib/pubkey/dl_algo/dl_algo.cpp
+++ b/src/lib/pubkey/dl_algo/dl_algo.cpp
@@ -68,22 +68,7 @@ DL_Scheme_PrivateKey::DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id,
 bool DL_Scheme_PublicKey::check_key(RandomNumberGenerator& rng,
                                     bool strong) const
    {
-   const BigInt& p = group_p();
-
-   if(m_y < 2 || m_y >= p)
-      return false;
-   if(!m_group.verify_group(rng, strong))
-      return false;
-
-   const BigInt& q = group_q();
-
-   if(q.is_zero() == false)
-      {
-      if(power_mod(m_y, q, p) != 1)
-         return false;
-      }
-
-   return true;
+   return m_group.verify_group(rng, strong) && m_group.verify_public_element(m_y);
    }
 
 /*
@@ -92,20 +77,7 @@ bool DL_Scheme_PublicKey::check_key(RandomNumberGenerator& rng,
 bool DL_Scheme_PrivateKey::check_key(RandomNumberGenerator& rng,
                                      bool strong) const
    {
-   const BigInt& p = group_p();
-
-   if(m_y < 2 || m_y >= p || m_x < 2 || m_x >= p)
-      return false;
-   if(!m_group.verify_group(rng, strong))
-      return false;
-
-   if(!strong)
-      return true;
-
-   if(m_y != m_group.power_g_p(m_x))
-      return false;
-
-   return true;
+   return m_group.verify_group(rng, strong) && m_group.verify_element_pair(m_y, m_x);
    }
 
 }
diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp
index c96dea677..7d2ad15e9 100644
--- a/src/lib/pubkey/dl_group/dl_group.cpp
+++ b/src/lib/pubkey/dl_group/dl_group.cpp
@@ -292,6 +292,36 @@ const DL_Group_Data& DL_Group::data() const
    throw Invalid_State("DL_Group uninitialized");
    }
 
+bool DL_Group::verify_public_element(const BigInt& y) const
+   {
+   const BigInt& p = get_p();
+   const BigInt& q = get_q();
+
+   if(y <= 1 || y >= p)
+      return false;
+
+   if(q.is_zero() == false)
+      {
+      if(power_mod(y, q, p) != 1)
+         return false;
+      }
+
+   return true;
+   }
+
+bool DL_Group::verify_element_pair(const BigInt& y, const BigInt& x) const
+   {
+   const BigInt& p = get_p();
+
+   if(y <= 1 || y >= p || x <= 1 || x >= p)
+      return false;
+
+   if(y != power_g_p(x))
+      return false;
+
+   return true;
+   }
+
 /*
 * Verify the parameters
 */
diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h
index 2bd79e3dd..b9a7bb992 100644
--- a/src/lib/pubkey/dl_group/dl_group.h
+++ b/src/lib/pubkey/dl_group/dl_group.h
@@ -135,7 +135,22 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final
       * @param strong whether to perform stronger by lengthier tests
       * @return true if the object is consistent, false otherwise
       */
-      bool verify_group(RandomNumberGenerator& rng, bool strong) const;
+      bool verify_group(RandomNumberGenerator& rng, bool strong = true) const;
+
+      /**
+      * Verify a public element, ie check if y = g^x for some x.
+      *
+      * This is not a perfect test. It verifies that 1 < y < p and (if q is set)
+      * that y is in the subgroup of size q.
+      */
+      bool verify_public_element(const BigInt& y) const;
+
+      /**
+      * Verify a pair of elements y = g^x
+      *
+      * This verifies that 1 < x,y < p and that y=g^x mod p
+      */
+      bool verify_element_pair(const BigInt& y, const BigInt& x) const;
 
       /**
       * Encode this group into a string using PEM encoding.