bool ProfileSignatureValidate(PK_Signer &priv, PK_Verifier &pub, const byte *input, const size_t inputLength, string description, bool thorough = false) { bool pass = true, fail; fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2); assert(pass && !fail); SecByteBlock signature(priv.MaxSignatureLength()); std::chrono::steady_clock::time_point signStartTime = std::chrono::steady_clock::now(); size_t signatureLength = priv.SignMessage(GlobalRNG(), input, inputLength, signature); std::chrono::steady_clock::time_point signEndTime = std::chrono::steady_clock::now(); size_t signNanoSeconds = std::chrono::duration_cast<std::chrono::nanoseconds>(signEndTime - signStartTime).count(); cout << generateCSVString(description, "sign", signNanoSeconds) << endl; std::chrono::steady_clock::time_point verifyStartTime = std::chrono::steady_clock::now(); fail = !pub.VerifyMessage(input, inputLength, signature, signatureLength); std::chrono::steady_clock::time_point verifyEndTime = std::chrono::steady_clock::now(); size_t verifyNanoSeconds = std::chrono::duration_cast<std::chrono::nanoseconds>(verifyEndTime - verifyStartTime).count(); cout << generateCSVString(description, "verify", verifyNanoSeconds) << endl; assert(pass && !fail); return pass; }
void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false) { unsigned int len = 16; AlignedSecByteBlock message(len), signature(pub.SignatureLength()); GlobalRNG().GenerateBlock(message, len); priv.SignMessage(GlobalRNG(), message, len, signature); const clock_t start = clock(); unsigned int i; double timeTaken; for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) { // The return value is ignored because we are interested in throughput bool unused = pub.VerifyMessage(message, len, signature, signature.size()); CRYPTOPP_UNUSED(unused); } OutputResultOperations(name, "Verification", pc, i, timeTaken); if (!pc && pub.GetMaterial().SupportsPrecomputation()) { pub.AccessMaterial().Precompute(16); BenchMarkVerification(name, priv, pub, timeTotal, true); } }
bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub) { LC_RNG rng(9374); const byte *message = (byte *)"test message"; const int messageLen = 12; byte buffer[512]; bool pass = true, fail; memset(buffer, 0, sizeof(buffer)); priv.SignMessage(rng, message, messageLen, buffer); fail = !pub.VerifyMessage(message, messageLen, buffer); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "signature and verification\n"; ++buffer[0]; fail = pub.VerifyMessage(message, messageLen, buffer); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "checking invalid signature" << endl; return pass; }
/************************************************* * Get a PK_Verifier object * *************************************************/ PK_Verifier* get_pk_verifier(const PK_Verifying_wo_MR_Key& key, const std::string& encoding, Signature_Format sig_format) { PK_Verifier* verifier = new PK_Verifier_wo_MR(key, encoding); verifier->set_input_format(sig_format); return verifier; }
/* * Get a PK_Verifier object */ PK_Verifier* get_pk_verifier(const PK_Verifying_with_MR_Key& key, const std::string& emsa, Signature_Format sig_format) { PK_Verifier* verifier = new PK_Verifier_with_MR(key, get_emsa(emsa)); verifier->set_input_format(sig_format); return verifier; }
bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false) { bool pass = true, fail; fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "signature key validation\n"; static const byte message[] = "test message"; const unsigned int messageLen = COUNTOF(message); SecByteBlock signature(priv.MaxSignatureLength()); size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature); fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "signature and verification\n"; ++signature[0]; fail = pub.VerifyMessage(message, messageLen, signature, signatureLength); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "checking invalid signature" << endl; if (priv.MaxRecoverableLength() > 0) { signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature); SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength)); DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength); fail = !(result.isValidCoding && result.messageLength == messageLen && VerifyBufsEqual(recovered, message, messageLen)); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "signature and verification with recovery" << endl; ++signature[0]; result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength); fail = result.isValidCoding; pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "recovery with invalid signature" << endl; } return pass; }
void BenchMarkVerification(const char *name, PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false) { unsigned int len = 16; LC_RNG rng(time(NULL)); SecByteBlock message(len), signature(pub.SignatureLength()); rng.GetBlock(message, len); priv.SignMessage(rng, message, len, signature); clock_t start = clock(); unsigned int i; double timeTaken; for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) pub.VerifyMessage(message, len, signature); OutputResultOperations(name, "Verification", pc, i, timeTaken); }
void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false) { unsigned int len = 16; LC_RNG rng((word32)time(NULL)); AlignedSecByteBlock message(len), signature(pub.SignatureLength()); rng.GenerateBlock(message, len); priv.SignMessage(rng, message, len, signature); clock_t start = clock(); unsigned int i; double timeTaken; for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) pub.VerifyMessage(message, len, signature, signature.size()); OutputResultOperations(name, "Verification", pc, i, timeTaken); if (!pc && pub.GetMaterial().SupportsPrecomputation()) { pub.AccessMaterial().Precompute(16); BenchMarkVerification(name, priv, pub, timeTotal, true); } }
bool ne7ssh_crypt::verifySig (Botan::SecureVector<Botan::byte> &hostKey, Botan::SecureVector<Botan::byte> &sig) { DSA_PublicKey *dsaKey = 0; RSA_PublicKey *rsaKey = 0; PK_Verifier *verifier; ne7ssh_string signature (sig, 0); SecureVector<Botan::byte> sigType, sigData; bool result; if (H.empty()) { ne7ssh::errors()->push (session->getSshChannel(), "H was not initialzed."); return false; } if (!signature.getString (sigType)) { ne7ssh::errors()->push (session->getSshChannel(), "Signature without type."); return false; } if (!signature.getString (sigData)) { ne7ssh::errors()->push (session->getSshChannel(), "Signature without data."); return false; } switch (hostkeyMethod) { case SSH_DSS: dsaKey = getDSAKey (hostKey); if (!dsaKey) { ne7ssh::errors()->push (session->getSshChannel(), "DSA key not generated."); return false; } break; case SSH_RSA: rsaKey = getRSAKey (hostKey); if (!rsaKey) { ne7ssh::errors()->push (session->getSshChannel(), "RSA key not generated."); return false; } break; default: ne7ssh::errors()->push (session->getSshChannel(), "Hostkey algorithm: %i not supported.", hostkeyMethod); return false; } switch (kexMethod) { case DH_GROUP1_SHA1: case DH_GROUP14_SHA1: if (dsaKey) verifier = get_pk_verifier (*dsaKey, "EMSA1(SHA-1)"); else if (rsaKey) verifier = get_pk_verifier (*rsaKey, "EMSA3(SHA-1)"); break; default: ne7ssh::errors()->push (session->getSshChannel(), "Key Exchange algorithm: %i not supported.", kexMethod); return false; } result = verifier->verify_message (H, sigData); delete verifier; if (dsaKey) delete dsaKey; if (rsaKey) delete dsaKey; if (!result) { ne7ssh::errors()->push (session->getSshChannel(), "Failure to verify host signature."); return false; } else return true; }