bool ProfileSignatureValidate(PK_Signer &priv, PK_Verifier &pub, const byte *input, const size_t inputLength, string description, bool thorough = false) { bool pass = true, fail; fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2); assert(pass && !fail); SecByteBlock signature(priv.MaxSignatureLength()); std::chrono::steady_clock::time_point signStartTime = std::chrono::steady_clock::now(); size_t signatureLength = priv.SignMessage(GlobalRNG(), input, inputLength, signature); std::chrono::steady_clock::time_point signEndTime = std::chrono::steady_clock::now(); size_t signNanoSeconds = std::chrono::duration_cast<std::chrono::nanoseconds>(signEndTime - signStartTime).count(); cout << generateCSVString(description, "sign", signNanoSeconds) << endl; std::chrono::steady_clock::time_point verifyStartTime = std::chrono::steady_clock::now(); fail = !pub.VerifyMessage(input, inputLength, signature, signatureLength); std::chrono::steady_clock::time_point verifyEndTime = std::chrono::steady_clock::now(); size_t verifyNanoSeconds = std::chrono::duration_cast<std::chrono::nanoseconds>(verifyEndTime - verifyStartTime).count(); cout << generateCSVString(description, "verify", verifyNanoSeconds) << endl; assert(pass && !fail); return pass; }
SecureVector<Botan::byte> ne7ssh_keys::generateRSASignature (Botan::SecureVector<Botan::byte>& sessionID, Botan::SecureVector<Botan::byte>& signingData) { SecureVector<Botan::byte> sigRaw; ne7ssh_string sigData, sig; sigData.addVectorField (sessionID); sigData.addVector (signingData); if (!rsaPrivateKey) { ne7ssh::errors()->push (-1, "Private RSA key not initialized."); return sig.value(); } PK_Signer *RSASigner = get_pk_signer (*rsaPrivateKey, "EMSA3(SHA-1)"); #if BOTAN_PRE_18 || BOTAN_PRE_15 sigRaw = RSASigner->sign_message(sigData.value()); #else sigRaw = RSASigner->sign_message(sigData.value(), *ne7ssh::rng); #endif if (!sigRaw.size()) { ne7ssh::errors()->push (-1, "Failure while generating RSA signature."); delete RSASigner; return sig.value(); } delete RSASigner; sig.addString ("ssh-rsa"); sig.addVectorField (sigRaw); return (sig.value()); }
/************************************************* * Get a PK_Signer object * *************************************************/ PK_Signer* get_pk_signer(const PK_Signing_Key& key, const std::string& encoding, Signature_Format sig_format) { PK_Signer* signer = new PK_Signer(key, encoding); signer->set_output_format(sig_format); return signer; }
void BenchMarkSigning(const char *name, PK_Signer &key, double timeTotal, bool pc=false) { unsigned int len = 16; LC_RNG rng(time(NULL)); SecByteBlock message(len), signature(key.SignatureLength()); rng.GetBlock(message, len); clock_t start = clock(); unsigned int i; double timeTaken; for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) key.SignMessage(rng, message, len, signature); OutputResultOperations(name, "Signature", pc, i, timeTaken); }
void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false) { unsigned int len = 16; AlignedSecByteBlock message(len), signature(pub.SignatureLength()); GlobalRNG().GenerateBlock(message, len); priv.SignMessage(GlobalRNG(), message, len, signature); const clock_t start = clock(); unsigned int i; double timeTaken; for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) { // The return value is ignored because we are interested in throughput bool unused = pub.VerifyMessage(message, len, signature, signature.size()); CRYPTOPP_UNUSED(unused); } OutputResultOperations(name, "Verification", pc, i, timeTaken); if (!pc && pub.GetMaterial().SupportsPrecomputation()) { pub.AccessMaterial().Precompute(16); BenchMarkVerification(name, priv, pub, timeTotal, true); } }
bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub) { LC_RNG rng(9374); const byte *message = (byte *)"test message"; const int messageLen = 12; byte buffer[512]; bool pass = true, fail; memset(buffer, 0, sizeof(buffer)); priv.SignMessage(rng, message, messageLen, buffer); fail = !pub.VerifyMessage(message, messageLen, buffer); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "signature and verification\n"; ++buffer[0]; fail = pub.VerifyMessage(message, messageLen, buffer); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "checking invalid signature" << endl; return pass; }
void BenchMarkSigning(const char *name, PK_Signer &key, double timeTotal, bool pc=false) { unsigned int len = 16; AlignedSecByteBlock message(len), signature(key.SignatureLength()); GlobalRNG().GenerateBlock(message, len); const clock_t start = clock(); unsigned int i; double timeTaken; for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) key.SignMessage(GlobalRNG(), message, len, signature); OutputResultOperations(name, "Signature", pc, i, timeTaken); if (!pc && key.GetMaterial().SupportsPrecomputation()) { key.AccessMaterial().Precompute(16); BenchMarkSigning(name, key, timeTotal, true); } }
MemoryVector<byte> EAC1_1_ADO::make_signed(PK_Signer& signer, const MemoryRegion<byte>& tbs_bits, RandomNumberGenerator& rng) { SecureVector<byte> concat_sig = signer.sign_message(tbs_bits, rng); return DER_Encoder() .start_cons(ASN1_Tag(7), APPLICATION) .raw_bytes(tbs_bits) .encode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) .end_cons() .get_contents(); }
SecureVector<Botan::byte> ne7ssh_keys::generateDSASignature (Botan::SecureVector<Botan::byte>& sessionID, Botan::SecureVector<Botan::byte>& signingData) { SecureVector<Botan::byte> sigRaw; ne7ssh_string sigData, sig; sigData.addVectorField (sessionID); sigData.addVector (signingData); if (!dsaPrivateKey) { ne7ssh::errors()->push (-1, "Private DSA key not initialized."); return sig.value(); } PK_Signer *DSASigner = get_pk_signer (*dsaPrivateKey, "EMSA1(SHA-1)"); #if BOTAN_PRE_18 || BOTAN_PRE_15 sigRaw = DSASigner->sign_message(sigData.value()); #else sigRaw = DSASigner->sign_message(sigData.value(), *ne7ssh::rng); #endif if (!sigRaw.size()) { ne7ssh::errors()->push (-1, "Failure to generate DSA signature."); delete DSASigner; return sig.value(); } if (sigRaw.size() != 40) { ne7ssh::errors()->push (-1, "DSS signature block <> 320 bits. Make sure you are using 1024 bit keys for authentication!"); sig.clear(); return sig.value(); } delete DSASigner; sig.addString ("ssh-dss"); sig.addVectorField (sigRaw); return (sig.value()); }
bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false) { bool pass = true, fail; fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "signature key validation\n"; static const byte message[] = "test message"; const unsigned int messageLen = COUNTOF(message); SecByteBlock signature(priv.MaxSignatureLength()); size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature); fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "signature and verification\n"; ++signature[0]; fail = pub.VerifyMessage(message, messageLen, signature, signatureLength); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "checking invalid signature" << endl; if (priv.MaxRecoverableLength() > 0) { signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature); SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength)); DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength); fail = !(result.isValidCoding && result.messageLength == messageLen && VerifyBufsEqual(recovered, message, messageLen)); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "signature and verification with recovery" << endl; ++signature[0]; result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength); fail = result.isValidCoding; pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "recovery with invalid signature" << endl; } return pass; }
void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier) { try { RandomPool rng; StringSource( "test message", true, new SignerFilter( rng, signer, new VerifierFilter(verifier, NULL, VerifierFilter::THROW_EXCEPTION), true)); } catch (...) { throw SelfTestFailure(signer.AlgorithmName() + ": pairwise consistency test failed"); } }
void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false) { unsigned int len = 16; LC_RNG rng((word32)time(NULL)); AlignedSecByteBlock message(len), signature(pub.SignatureLength()); rng.GenerateBlock(message, len); priv.SignMessage(rng, message, len, signature); clock_t start = clock(); unsigned int i; double timeTaken; for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) pub.VerifyMessage(message, len, signature, signature.size()); OutputResultOperations(name, "Verification", pc, i, timeTaken); if (!pc && pub.GetMaterial().SupportsPrecomputation()) { pub.AccessMaterial().Precompute(16); BenchMarkVerification(name, priv, pub, timeTotal, true); } }
void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier) { try { #ifdef OS_RNG_AVAILABLE DefaultAutoSeededRNG rng; #else RandomNumberGenerator &rng = NullRNG(); #endif StringSource( "test message", true, new SignerFilter( rng, signer, new VerifierFilter(verifier, NULL, VerifierFilter::THROW_EXCEPTION), true)); } catch (...) { throw SelfTestFailure(signer.AlgorithmName() + ": pairwise consistency test failed"); } }