bool ProfileSignatureValidate(PK_Signer &priv, PK_Verifier &pub, const byte *input,
const size_t inputLength, string description, bool thorough = false)
{
bool pass = true, fail;
fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
assert(pass && !fail);
SecByteBlock signature(priv.MaxSignatureLength());
std::chrono::steady_clock::time_point signStartTime = std::chrono::steady_clock::now();
size_t signatureLength = priv.SignMessage(GlobalRNG(), input, inputLength, signature);
std::chrono::steady_clock::time_point signEndTime = std::chrono::steady_clock::now();
size_t signNanoSeconds = std::chrono::duration_cast<std::chrono::nanoseconds>(signEndTime - signStartTime).count();
cout << generateCSVString(description, "sign", signNanoSeconds) << endl;
std::chrono::steady_clock::time_point verifyStartTime = std::chrono::steady_clock::now();
fail = !pub.VerifyMessage(input, inputLength, signature, signatureLength);
std::chrono::steady_clock::time_point verifyEndTime = std::chrono::steady_clock::now();
size_t verifyNanoSeconds = std::chrono::duration_cast<std::chrono::nanoseconds>(verifyEndTime - verifyStartTime).count();
cout << generateCSVString(description, "verify", verifyNanoSeconds) << endl;
assert(pass && !fail);
return pass;
}
void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false)
{
unsigned int len = 16;
AlignedSecByteBlock message(len), signature(pub.SignatureLength());
GlobalRNG().GenerateBlock(message, len);
priv.SignMessage(GlobalRNG(), message, len, signature);
const clock_t start = clock();
unsigned int i;
double timeTaken;
for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
{
// The return value is ignored because we are interested in throughput
bool unused = pub.VerifyMessage(message, len, signature, signature.size());
CRYPTOPP_UNUSED(unused);
}
OutputResultOperations(name, "Verification", pc, i, timeTaken);
if (!pc && pub.GetMaterial().SupportsPrecomputation())
{
pub.AccessMaterial().Precompute(16);
BenchMarkVerification(name, priv, pub, timeTotal, true);
}
}
bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub)
{
LC_RNG rng(9374);
const byte *message = (byte *)"test message";
const int messageLen = 12;
byte buffer[512];
bool pass = true, fail;
memset(buffer, 0, sizeof(buffer));
priv.SignMessage(rng, message, messageLen, buffer);
fail = !pub.VerifyMessage(message, messageLen, buffer);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "signature and verification\n";
++buffer[0];
fail = pub.VerifyMessage(message, messageLen, buffer);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "checking invalid signature" << endl;
return pass;
}
/*************************************************
* Get a PK_Verifier object *
*************************************************/
PK_Verifier* get_pk_verifier(const PK_Verifying_wo_MR_Key& key,
const std::string& encoding,
Signature_Format sig_format)
{
PK_Verifier* verifier = new PK_Verifier_wo_MR(key, encoding);
verifier->set_input_format(sig_format);
return verifier;
}
/*
* Get a PK_Verifier object
*/
PK_Verifier* get_pk_verifier(const PK_Verifying_with_MR_Key& key,
const std::string& emsa,
Signature_Format sig_format)
{
PK_Verifier* verifier = new PK_Verifier_with_MR(key, get_emsa(emsa));
verifier->set_input_format(sig_format);
return verifier;
}
bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false)
{
bool pass = true, fail;
fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "signature key validation\n";
static const byte message[] = "test message";
const unsigned int messageLen = COUNTOF(message);
SecByteBlock signature(priv.MaxSignatureLength());
size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature);
fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "signature and verification\n";
++signature[0];
fail = pub.VerifyMessage(message, messageLen, signature, signatureLength);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "checking invalid signature" << endl;
if (priv.MaxRecoverableLength() > 0)
{
signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature);
SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength));
DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
fail = !(result.isValidCoding && result.messageLength == messageLen && VerifyBufsEqual(recovered, message, messageLen));
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "signature and verification with recovery" << endl;
++signature[0];
result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
fail = result.isValidCoding;
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "recovery with invalid signature" << endl;
}
return pass;
}
void BenchMarkVerification(const char *name, PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false)
{
unsigned int len = 16;
LC_RNG rng(time(NULL));
SecByteBlock message(len), signature(pub.SignatureLength());
rng.GetBlock(message, len);
priv.SignMessage(rng, message, len, signature);
clock_t start = clock();
unsigned int i;
double timeTaken;
for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
pub.VerifyMessage(message, len, signature);
OutputResultOperations(name, "Verification", pc, i, timeTaken);
}
void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false)
{
unsigned int len = 16;
LC_RNG rng((word32)time(NULL));
AlignedSecByteBlock message(len), signature(pub.SignatureLength());
rng.GenerateBlock(message, len);
priv.SignMessage(rng, message, len, signature);
clock_t start = clock();
unsigned int i;
double timeTaken;
for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
pub.VerifyMessage(message, len, signature, signature.size());
OutputResultOperations(name, "Verification", pc, i, timeTaken);
if (!pc && pub.GetMaterial().SupportsPrecomputation())
{
pub.AccessMaterial().Precompute(16);
BenchMarkVerification(name, priv, pub, timeTotal, true);
}
}
bool ne7ssh_crypt::verifySig (Botan::SecureVector<Botan::byte> &hostKey, Botan::SecureVector<Botan::byte> &sig)
{
DSA_PublicKey *dsaKey = 0;
RSA_PublicKey *rsaKey = 0;
PK_Verifier *verifier;
ne7ssh_string signature (sig, 0);
SecureVector<Botan::byte> sigType, sigData;
bool result;
if (H.empty())
{
ne7ssh::errors()->push (session->getSshChannel(), "H was not initialzed.");
return false;
}
if (!signature.getString (sigType))
{
ne7ssh::errors()->push (session->getSshChannel(), "Signature without type.");
return false;
}
if (!signature.getString (sigData))
{
ne7ssh::errors()->push (session->getSshChannel(), "Signature without data.");
return false;
}
switch (hostkeyMethod)
{
case SSH_DSS:
dsaKey = getDSAKey (hostKey);
if (!dsaKey)
{
ne7ssh::errors()->push (session->getSshChannel(), "DSA key not generated.");
return false;
}
break;
case SSH_RSA:
rsaKey = getRSAKey (hostKey);
if (!rsaKey)
{
ne7ssh::errors()->push (session->getSshChannel(), "RSA key not generated.");
return false;
}
break;
default:
ne7ssh::errors()->push (session->getSshChannel(), "Hostkey algorithm: %i not supported.", hostkeyMethod);
return false;
}
switch (kexMethod)
{
case DH_GROUP1_SHA1:
case DH_GROUP14_SHA1:
if (dsaKey) verifier = get_pk_verifier (*dsaKey, "EMSA1(SHA-1)");
else if (rsaKey) verifier = get_pk_verifier (*rsaKey, "EMSA3(SHA-1)");
break;
default:
ne7ssh::errors()->push (session->getSshChannel(), "Key Exchange algorithm: %i not supported.", kexMethod);
return false;
}
result = verifier->verify_message (H, sigData);
delete verifier;
if (dsaKey) delete dsaKey;
if (rsaKey) delete dsaKey;
if (!result)
{
ne7ssh::errors()->push (session->getSshChannel(), "Failure to verify host signature.");
return false;
}
else return true;
}
