bool ProfileSignatureValidate(PK_Signer &priv, PK_Verifier &pub, const byte *input, 
	const size_t inputLength, string description, bool thorough = false)
{
	bool pass = true, fail;

	fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
	assert(pass && !fail);

	SecByteBlock signature(priv.MaxSignatureLength());

	std::chrono::steady_clock::time_point signStartTime = std::chrono::steady_clock::now();
	size_t signatureLength = priv.SignMessage(GlobalRNG(), input, inputLength, signature);
	std::chrono::steady_clock::time_point signEndTime = std::chrono::steady_clock::now();
	size_t signNanoSeconds = std::chrono::duration_cast<std::chrono::nanoseconds>(signEndTime - signStartTime).count();

	cout << generateCSVString(description, "sign", signNanoSeconds) << endl;

	std::chrono::steady_clock::time_point verifyStartTime = std::chrono::steady_clock::now();
	fail = !pub.VerifyMessage(input, inputLength, signature, signatureLength);
	std::chrono::steady_clock::time_point verifyEndTime = std::chrono::steady_clock::now();
	size_t verifyNanoSeconds = std::chrono::duration_cast<std::chrono::nanoseconds>(verifyEndTime - verifyStartTime).count();

	cout << generateCSVString(description, "verify", verifyNanoSeconds) << endl;

	assert(pass && !fail);
	return pass;
}
Exemple #2
0
void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false)
{
	unsigned int len = 16;
	AlignedSecByteBlock message(len), signature(pub.SignatureLength());
	GlobalRNG().GenerateBlock(message, len);
	priv.SignMessage(GlobalRNG(), message, len, signature);

	const clock_t start = clock();
	unsigned int i;
	double timeTaken;
	for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
	{
		// The return value is ignored because we are interested in throughput
		bool unused = pub.VerifyMessage(message, len, signature, signature.size());
		CRYPTOPP_UNUSED(unused);
	}

	OutputResultOperations(name, "Verification", pc, i, timeTaken);

	if (!pc && pub.GetMaterial().SupportsPrecomputation())
	{
		pub.AccessMaterial().Precompute(16);
		BenchMarkVerification(name, priv, pub, timeTotal, true);
	}
}
Exemple #3
0
bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub)
{
	LC_RNG rng(9374);
	const byte *message = (byte *)"test message";
	const int messageLen = 12;
	byte buffer[512];
	bool pass = true, fail;

	memset(buffer, 0, sizeof(buffer));
	priv.SignMessage(rng, message, messageLen, buffer);
	fail = !pub.VerifyMessage(message, messageLen, buffer);
	pass = pass && !fail;

	cout << (fail ? "FAILED    " : "passed    ");
	cout << "signature and verification\n";

	++buffer[0];
	fail = pub.VerifyMessage(message, messageLen, buffer);
	pass = pass && !fail;

	cout << (fail ? "FAILED    " : "passed    ");
	cout << "checking invalid signature" << endl;

	return pass;
}
Exemple #4
0
/*************************************************
* Get a PK_Verifier object                       *
*************************************************/
PK_Verifier* get_pk_verifier(const PK_Verifying_wo_MR_Key& key,
                             const std::string& encoding,
                             Signature_Format sig_format)
   {
   PK_Verifier* verifier = new PK_Verifier_wo_MR(key, encoding);
   verifier->set_input_format(sig_format);
   return verifier;
   }
Exemple #5
0
/*
* Get a PK_Verifier object
*/
PK_Verifier* get_pk_verifier(const PK_Verifying_with_MR_Key& key,
                             const std::string& emsa,
                             Signature_Format sig_format)
   {
   PK_Verifier* verifier = new PK_Verifier_with_MR(key, get_emsa(emsa));
   verifier->set_input_format(sig_format);
   return verifier;
   }
Exemple #6
0
bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false)
{
	bool pass = true, fail;

	fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2);
	pass = pass && !fail;

	cout << (fail ? "FAILED    " : "passed    ");
	cout << "signature key validation\n";

	static const byte message[] = "test message";
	const unsigned int messageLen = COUNTOF(message);

	SecByteBlock signature(priv.MaxSignatureLength());
	size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature);
	fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength);
	pass = pass && !fail;

	cout << (fail ? "FAILED    " : "passed    ");
	cout << "signature and verification\n";

	++signature[0];
	fail = pub.VerifyMessage(message, messageLen, signature, signatureLength);
	pass = pass && !fail;

	cout << (fail ? "FAILED    " : "passed    ");
	cout << "checking invalid signature" << endl;

	if (priv.MaxRecoverableLength() > 0)
	{
		signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature);
		SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength));
		DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
		fail = !(result.isValidCoding && result.messageLength == messageLen && VerifyBufsEqual(recovered, message, messageLen));
		pass = pass && !fail;

		cout << (fail ? "FAILED    " : "passed    ");
		cout << "signature and verification with recovery" << endl;

		++signature[0];
		result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
		fail = result.isValidCoding;
		pass = pass && !fail;

		cout << (fail ? "FAILED    " : "passed    ");
		cout << "recovery with invalid signature" << endl;
	}

	return pass;
}
Exemple #7
0
void BenchMarkVerification(const char *name, PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false)
{
	unsigned int len = 16;
	LC_RNG rng(time(NULL));
	SecByteBlock message(len), signature(pub.SignatureLength());
	rng.GetBlock(message, len);
	priv.SignMessage(rng, message, len, signature);

	clock_t start = clock();
	unsigned int i;
	double timeTaken;
	for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
		pub.VerifyMessage(message, len, signature);

	OutputResultOperations(name, "Verification", pc, i, timeTaken);
}
Exemple #8
0
void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false)
{
	unsigned int len = 16;
	LC_RNG rng((word32)time(NULL));
	AlignedSecByteBlock message(len), signature(pub.SignatureLength());
	rng.GenerateBlock(message, len);
	priv.SignMessage(rng, message, len, signature);

	clock_t start = clock();
	unsigned int i;
	double timeTaken;
	for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
		pub.VerifyMessage(message, len, signature, signature.size());

	OutputResultOperations(name, "Verification", pc, i, timeTaken);

	if (!pc && pub.GetMaterial().SupportsPrecomputation())
	{
		pub.AccessMaterial().Precompute(16);
		BenchMarkVerification(name, priv, pub, timeTotal, true);
	}
}
Exemple #9
0
bool ne7ssh_crypt::verifySig (Botan::SecureVector<Botan::byte> &hostKey, Botan::SecureVector<Botan::byte> &sig)
{
  DSA_PublicKey *dsaKey = 0;
	RSA_PublicKey *rsaKey = 0;
  PK_Verifier *verifier;
  ne7ssh_string signature (sig, 0);
  SecureVector<Botan::byte> sigType, sigData;
  bool result;
  
  if (H.empty())
  {
    ne7ssh::errors()->push (session->getSshChannel(), "H was not initialzed.");
    return false;
  }
  
  if (!signature.getString (sigType))
  {
    ne7ssh::errors()->push (session->getSshChannel(), "Signature without type.");
    return false;
  }
  if (!signature.getString (sigData))
  {
    ne7ssh::errors()->push (session->getSshChannel(), "Signature without data.");
    return false;
  }
    
  switch (hostkeyMethod)
  {
    case SSH_DSS:
      dsaKey = getDSAKey (hostKey);
      if (!dsaKey)
      {
        ne7ssh::errors()->push (session->getSshChannel(), "DSA key not generated.");
        return false;
      }
      break;

    case SSH_RSA:
      rsaKey = getRSAKey (hostKey);
      if (!rsaKey)
      {
	ne7ssh::errors()->push (session->getSshChannel(), "RSA key not generated.");
        return false;
      }
      break;
     
    default:
      ne7ssh::errors()->push (session->getSshChannel(), "Hostkey algorithm: %i not supported.", hostkeyMethod);
      return false;
  }
  
  switch (kexMethod)
  {
    case DH_GROUP1_SHA1:
    case DH_GROUP14_SHA1:
      if (dsaKey) verifier = get_pk_verifier (*dsaKey, "EMSA1(SHA-1)");
      else if (rsaKey) verifier = get_pk_verifier (*rsaKey, "EMSA3(SHA-1)");
      break;
      
    default:
      ne7ssh::errors()->push (session->getSshChannel(), "Key Exchange algorithm: %i not supported.", kexMethod);
      return false;
  }
  
  result = verifier->verify_message (H, sigData);
  delete verifier;
  if (dsaKey) delete dsaKey;
  if (rsaKey) delete dsaKey;
  
  if (!result)
  {
    ne7ssh::errors()->push (session->getSshChannel(), "Failure to verify host signature.");
    return false;
  }
  else return true;
}