Difference between revisions of "83Plus:BCALLs:80A5"
m (→Comments) |
(→Inputs) |
||
| Line 10: | Line 10: | ||
=== Inputs === | === Inputs === | ||
| − | * [[83Plus:RAM:8291|8291]]: The MD5 hash as a big integer | + | * [[83Plus:RAM:8291|8291]]: The MD5 hash as a [[83Plus:OS:Big Integers|big integer]] |
* [[83Plus:RAM:83E6|83E6]]: The parameter ''f'' as a big integer | * [[83Plus:RAM:83E6|83E6]]: The parameter ''f'' as a big integer | ||
* [[83Plus:RAM:8000|8000]]: The modulus | * [[83Plus:RAM:8000|8000]]: The modulus | ||
Revision as of 10:32, 29 March 2005
Synopsis
Official Name: TransformHash
BCALL Address: 80A5
Applies one of the four f-transformations as appropriate for the application to be validated.
Inputs
- 8291: The MD5 hash as a big integer
- 83E6: The parameter f as a big integer
- 8000: The modulus
Outputs
- MD5Buffer: The MD5 hash appropriately transformed.
Destroys
- 8100: 130-byte area which the multiplication routine uses to store its result
- 8182: 65-byte area used as the first argument to the multiplication routine
- 81C3: 65-byte area used as the second argument to the multiplication routine
Comments
Given p, q prime, p = 3 mod 8, q = 7 mod 8, and m and relatively prime to both, exactly one of the following is a quadratic residue modulo pq:
- pq-2m
- pq-m
- m
- 2m
Which of the transformations is used is specified by the parameter f. In order to ensure that the message is nonzero, or perhaps just to make life difficult, m is defined to be the MD5 of the application, multiplied by 256, plus 1. Therefore:
- If f=0, the result is n-2*(MD5*256+1)
- If f=1, the result is n-(MD5*256+1)
- If f=2, the result is MD5*256+1
- If f=3, the result is 2*(MD5*256+1)
If the signature is valid, that number is a quadratic residue mod n, and more to the point, it is the square of the Rabin signature. That square is computed by the Rabin B_CALL, and only if the two numbers match is the application considered valid.
