int test_builtin(BIO *out) { EC_builtin_curve *curves = NULL; size_t crv_len = 0, n = 0; EC_KEY *eckey = NULL, *wrong_eckey = NULL; EC_GROUP *group; ECDSA_SIG *ecdsa_sig = NULL; unsigned char digest[20], wrong_digest[20]; unsigned char *signature = NULL; const unsigned char *sig_ptr; unsigned char *sig_ptr2; unsigned char *raw_buf = NULL; unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; int nid, ret = 0; /* fill digest values with some random data */ if (!RAND_pseudo_bytes(digest, 20) || !RAND_pseudo_bytes(wrong_digest, 20)) { BIO_printf(out, "ERROR: unable to get random data\n"); goto builtin_err; } /* * create and verify a ecdsa signature with every availble curve (with ) */ BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " "with some internal curves:\n"); /* get a list of all internal curves */ crv_len = EC_get_builtin_curves(NULL, 0); curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); if (curves == NULL) { BIO_printf(out, "malloc error\n"); goto builtin_err; } if (!EC_get_builtin_curves(curves, crv_len)) { BIO_printf(out, "unable to get internal curves\n"); goto builtin_err; } /* now create and verify a signature for every curve */ for (n = 0; n < crv_len; n++) { unsigned char dirt, offset; nid = curves[n].nid; if (nid == NID_ipsec4) continue; /* create new ecdsa key (== EC_KEY) */ if ((eckey = EC_KEY_new()) == NULL) goto builtin_err; group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) goto builtin_err; if (EC_KEY_set_group(eckey, group) == 0) goto builtin_err; EC_GROUP_free(group); degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); if (degree < 160) /* drop the curve */ { EC_KEY_free(eckey); eckey = NULL; continue; } BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); /* create key */ if (!EC_KEY_generate_key(eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } /* create second key */ if ((wrong_eckey = EC_KEY_new()) == NULL) goto builtin_err; group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) goto builtin_err; if (EC_KEY_set_group(wrong_eckey, group) == 0) goto builtin_err; EC_GROUP_free(group); if (!EC_KEY_generate_key(wrong_eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* check key */ if (!EC_KEY_check_key(eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* create signature */ sig_len = ECDSA_size(eckey); if ((signature = OPENSSL_malloc(sig_len)) == NULL) goto builtin_err; if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* verify signature */ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* verify signature with the wrong key */ if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* wrong digest */ if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* wrong length */ if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* * Modify a single byte of the signature: to ensure we don't garble * the ASN1 structure, we read the raw signature and modify a byte in * one of the bignums directly. */ sig_ptr = signature; if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL) { BIO_printf(out, " failed\n"); goto builtin_err; } /* Store the two BIGNUMs in raw_buf. */ r_len = BN_num_bytes(ecdsa_sig->r); s_len = BN_num_bytes(ecdsa_sig->s); bn_len = (degree + 7) / 8; if ((r_len > bn_len) || (s_len > bn_len)) { BIO_printf(out, " failed\n"); goto builtin_err; } buf_len = 2 * bn_len; if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL) goto builtin_err; /* Pad the bignums with leading zeroes. */ memset(raw_buf, 0, buf_len); BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len); BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len); /* Modify a single byte in the buffer. */ offset = raw_buf[10] % buf_len; dirt = raw_buf[11] ? raw_buf[11] : 1; raw_buf[offset] ^= dirt; /* Now read the BIGNUMs back in from raw_buf. */ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) goto builtin_err; sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } /* * Sanity check: undo the modification and verify signature. */ raw_buf[offset] ^= dirt; if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) goto builtin_err; sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); BIO_printf(out, " ok\n"); /* cleanup */ /* clean bogus errors */ ERR_clear_error(); OPENSSL_free(signature); signature = NULL; EC_KEY_free(eckey); eckey = NULL; EC_KEY_free(wrong_eckey); wrong_eckey = NULL; ECDSA_SIG_free(ecdsa_sig); ecdsa_sig = NULL; OPENSSL_free(raw_buf); raw_buf = NULL; } ret = 1; builtin_err: if (eckey) EC_KEY_free(eckey); if (wrong_eckey) EC_KEY_free(wrong_eckey); if (ecdsa_sig) ECDSA_SIG_free(ecdsa_sig); if (signature) OPENSSL_free(signature); if (raw_buf) OPENSSL_free(raw_buf); if (curves) OPENSSL_free(curves); return ret; }
static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen) { int ret, type; unsigned int sltmp; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; if (!sig) { *siglen = ECDSA_size(ec); return 1; } else if (*siglen < (size_t)ECDSA_size(ec)) { ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL); return 0; } if (dctx->md) type = EVP_MD_type(dctx->md); else type = NID_sha1; ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); if (ret <= 0) return ret; *siglen = (size_t)sltmp; return 1; }
static int pkey_ec_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, const uint8_t *tbs, size_t tbslen) { int type; unsigned int sltmp; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; if (!sig) { *siglen = ECDSA_size(ec); return 1; } else if (*siglen < (size_t)ECDSA_size(ec)) { OPENSSL_PUT_ERROR(EVP, pkey_ec_sign, EVP_R_BUFFER_TOO_SMALL); return 0; } type = NID_sha1; if (dctx->md) { type = EVP_MD_type(dctx->md); } if (!ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec)) { return 0; } *siglen = (size_t)sltmp; return 1; }
void openssl_ec_crypt() { BIO *berr; EC_KEY *key1, *key2; unsigned int sig_len; int clen, len1, len2; EC_builtin_curve *curves; EC_GROUP *group1, *group2; const EC_KEY *key3, *key4; const EC_GROUP *group3, *group4; const EC_POINT *pubkey1, *pubkey2; unsigned char shareKey1[COMM_LEN], shareKey2[COMM_LEN]; unsigned char *signature, cont[COMM_LEN] = "123456"; key1 = EC_KEY_new(); key2 = EC_KEY_new(); clen = EC_get_builtin_curves(NULL, 0); curves = (EC_builtin_curve *) malloc(sizeof(EC_builtin_curve) * clen); EC_get_builtin_curves(curves, clen); group1 = EC_GROUP_new_by_curve_name(curves[25].nid); group2 = EC_GROUP_new_by_curve_name(curves[25].nid); group3 = group1; group4 = group2; EC_KEY_set_group(key1, group3); EC_KEY_set_group(key2, group4); EC_KEY_generate_key(key1); EC_KEY_generate_key(key2); EC_KEY_check_key(key1); key3 = key1; key4 = key2; printf("\nECDSA_size: %d\n", ECDSA_size(key3)); signature = (unsigned char *)malloc(ECDSA_size(key3)); ERR_load_crypto_strings(); berr = BIO_new(BIO_s_file()); BIO_set_fp(berr, stdout, BIO_NOCLOSE); ECDSA_sign(0, cont, 8, signature, &sig_len, key1); ECDSA_verify(0, cont, 8, signature, sig_len, key1); pubkey1 = EC_KEY_get0_public_key(key1); pubkey2 = EC_KEY_get0_public_key(key2); len1 = ECDH_compute_key(shareKey1, COMM_LEN, pubkey2, key1, NULL); len2 = ECDH_compute_key(shareKey2, COMM_LEN, pubkey1, key1, NULL); if (len1 != len2 || memcmp(shareKey1, shareKey2, len1) != 0) { printf("ECDH_compute_key err!\n"); return; } BIO_free(berr); EC_KEY_free(key1); EC_KEY_free(key2); free(signature); free(curves); }
bool CKey::Sign(uint256 hash, std::vector<unsigned char>& vchSig) { vchSig.clear(); ECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&hash, sizeof(hash), pkey); if (sig==NULL) return false; const EC_GROUP *group = EC_KEY_get0_group(pkey); CBigNum order, halforder; EC_GROUP_get_order(group, &order, NULL); BN_rshift1(&halforder, &order); // enforce low S values, by negating the value (modulo the order) if above order/2. if (BN_cmp(sig->s, &halforder) > 0) { BN_sub(sig->s, &order, sig->s); } unsigned int nSize = ECDSA_size(pkey); vchSig.resize(nSize); // Make sure it is big enough unsigned char *pos = &vchSig[0]; nSize = i2d_ECDSA_SIG(sig, &pos); ECDSA_SIG_free(sig); vchSig.resize(nSize); // Shrink to fit actual size // Testing our new signature if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1) { vchSig.clear(); return false; } return true; }
// for now a copy of how we sign in libraries/networking/src/DataServerAccountInfo - // we sha256 the text, read the private key from disk (for now!), and return the signed // sha256. Note later with multiple keys, we may need the key parameter (or something // similar) so I left it alone for now. Also this will probably change when we move // away from RSA keys anyways. Note that since this returns a QString, we better avoid // the horror of code pages and so on (changing the bytes) by just returning a base64 // encoded string representing the signature (suitable for http, etc...) QString Wallet::signWithKey(const QByteArray& text, const QString& key) { EC_KEY* ecPrivateKey = NULL; auto keyFilePathString = keyFilePath().toStdString(); if ((ecPrivateKey = readPrivateKey(keyFilePath().toStdString().c_str()))) { unsigned char* sig = new unsigned char[ECDSA_size(ecPrivateKey)]; unsigned int signatureBytes = 0; qCInfo(commerce) << "Hashing and signing plaintext" << text << "with key at address" << ecPrivateKey; QByteArray hashedPlaintext = QCryptographicHash::hash(text, QCryptographicHash::Sha256); int retrn = ECDSA_sign(0, reinterpret_cast<const unsigned char*>(hashedPlaintext.constData()), hashedPlaintext.size(), sig, &signatureBytes, ecPrivateKey); EC_KEY_free(ecPrivateKey); QByteArray signature(reinterpret_cast<const char*>(sig), signatureBytes); if (retrn != -1) { return signature.toBase64(); } } return QString(); }
int ECDSA_sign_ex(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, unsigned int *sig_len, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) { int ret = 0; ECDSA_SIG *s = NULL; s = ECDSA_do_sign_ex(digest, digest_len, kinv, r, eckey); if (s == NULL) { *sig_len = 0; goto err; } CBB cbb; CBB_zero(&cbb); size_t len; if (!CBB_init_fixed(&cbb, sig, ECDSA_size(eckey)) || !ECDSA_SIG_marshal(&cbb, s) || !CBB_finish(&cbb, NULL, &len)) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); CBB_cleanup(&cbb); *sig_len = 0; goto err; } *sig_len = (unsigned)len; ret = 1; err: ECDSA_SIG_free(s); return ret; }
bool CKey::Sign(uint256 hash, std::vector<unsigned char>& vchSig) { vchSig.clear(); ECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&hash, sizeof(hash), pkey); if (sig == NULL) return false; BN_CTX *ctx = BN_CTX_new(); BN_CTX_start(ctx); const EC_GROUP *group = EC_KEY_get0_group(pkey); BIGNUM *order = BN_CTX_get(ctx); BIGNUM *halforder = BN_CTX_get(ctx); EC_GROUP_get_order(group, order, ctx); BN_rshift1(halforder, order); if (BN_cmp(sig->s, halforder) > 0) { // enforce low S values, by negating the value (modulo the order) if above order/2. BN_sub(sig->s, order, sig->s); } BN_CTX_end(ctx); BN_CTX_free(ctx); unsigned int nSize = ECDSA_size(pkey); vchSig.resize(nSize); // Make sure it is big enough unsigned char *pos = &vchSig[0]; nSize = i2d_ECDSA_SIG(sig, &pos); ECDSA_SIG_free(sig); vchSig.resize(nSize); // Shrink to fit actual size return true; }
ERL_NIF_TERM ucrypto_ec_sign_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) { unsigned int length; struct ec_key_handle *handle = NULL; ErlNifBinary data; ErlNifBinary signature; if (! enif_get_resource(env, argv[0], ec_key_resource, (void **)&handle)) return enif_make_badarg(env); if (! enif_inspect_iolist_as_binary(env, argv[1], &data)) return enif_make_badarg(env); if (! handle->key) return enif_make_tuple2(env, ATOM_ERROR, ATOM_UNINITIALIZED_KEY); length = ECDSA_size(handle->key); if (! enif_alloc_binary(length, &signature)) return ATOM_ERROR; if (! ECDSA_sign(0, data.data, data.size, signature.data, &length, handle->key)) return ATOM_ERROR; if (! enif_realloc_binary(&signature, length)) return ATOM_ERROR; return enif_make_binary(env, &signature); }
bool key_sign(struct key *k, const void *data, size_t datalen, uint8 **sig, size_t *siglen) { unsigned int len; uint8 *sig0; int res; ASSERT(sig); ASSERT(siglen); len = ECDSA_size(k->key); sig0 = safe_calloc(1, len); res = ECDSA_sign(0, data, datalen, sig0, &len, k->key); if (res != 1) { NOT_TESTED(); free(sig0); return 0; } *sig = sig0; *siglen = len; return 1; }
int main() { uint8_t priv[32]; EC_KEY *key; uint8_t *msg; size_t msg_len; uint8_t digest[32]; uint8_t *sig; unsigned int sig_len; /* */ /* keypair */ bbp_parse_hex(priv, "16260783e40b16731673622ac8a5b045fc3ea4af70f727f3f9e92bdd3a1ddc42"); key = bbp_ec_new_keypair(priv); /* message */ msg = bbp_alloc_hex("0100000001f3a27f485f9833c8318c490403307fef1397121b5dd8fe70777236e7371c4ef3000000001976a9146bf19e55f94d986b4640c154d86469934191951188acffffffff02e0fe7e01000000001976a91418ba14b3682295cb05230e31fecb00089240660888ace084b003000000001976a9146bf19e55f94d986b4640c154d86469934191951188ac0000000001000000", &msg_len); /* signature */ bbp_hash256(digest, msg, msg_len); sig_len = ECDSA_size(key); sig = malloc(sig_len); ECDSA_sign(0, digest, sizeof(digest), sig, &sig_len, key); /* */ bbp_print_hex("digest", digest, sizeof(digest)); bbp_print_hex("signature", sig, sig_len); free(sig); free(msg); EC_KEY_free(key); return 0; }
bool CKey::Sign(uint1024 hash, std::vector<unsigned char>& vchSig, int nBits) { unsigned int nSize = ECDSA_size(pkey); vchSig.resize(nSize); // Make sure it is big enough bool fSuccess = false; if(nBits == 256) { uint256 hash256 = hash.getuint256(); fSuccess = ECDSA_sign(0, (unsigned char*)&hash256, sizeof(hash256), &vchSig[0], &nSize, pkey); } else if(nBits == 512) { uint512 hash512 = hash.getuint512(); fSuccess = ECDSA_sign(0, (unsigned char*)&hash512, sizeof(hash512), &vchSig[0], &nSize, pkey); } else fSuccess = ECDSA_sign(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], &nSize, pkey); if(!fSuccess) { vchSig.clear(); return false; } vchSig.resize(nSize); // Shrink to fit actual size return true; }
int s2n_ecdsa_der_signature_size(const struct s2n_pkey *pkey) { const struct s2n_ecdsa_key *ecdsa_key = &pkey->key.ecdsa_key; notnull_check(ecdsa_key->ec_key); return ECDSA_size(ecdsa_key->ec_key); }
static int sign_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params, const uint8_t* data, const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) { if (sign_params->digest_type != DIGEST_NONE) { ALOGW("Cannot handle digest type %d", sign_params->digest_type); return -1; } Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey)); if (eckey.get() == NULL) { logOpenSSLError("openssl_sign_ec"); return -1; } unsigned int ecdsaSize = ECDSA_size(eckey.get()); UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(ecdsaSize))); if (signedDataPtr.get() == NULL) { logOpenSSLError("openssl_sign_ec"); return -1; } unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get()); if (ECDSA_sign(0, data, dataLength, tmp, &ecdsaSize, eckey.get()) <= 0) { logOpenSSLError("openssl_sign_ec"); return -1; } *signedDataLength = ecdsaSize; *signedData = signedDataPtr.release(); return 0; }
STDMETHODIMP CBECC::get_DSASize(short *pVal) { if (m_pECC == NULL) return E_NOTIMPL; *pVal = ECDSA_size((EC_KEY*)m_pECC); return S_OK; }
static int pkey_ec_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, const uint8_t *tbs, size_t tbslen) { unsigned int sltmp; EC_KEY *ec = ctx->pkey->pkey.ec; if (!sig) { *siglen = ECDSA_size(ec); return 1; } else if (*siglen < (size_t)ECDSA_size(ec)) { OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL); return 0; } if (!ECDSA_sign(0, tbs, tbslen, sig, &sltmp, ec)) { return 0; } *siglen = (size_t)sltmp; return 1; }
bool CKey::Sign(uint256 hash, std::vector<unsigned char> &vchSig) { unsigned int nSize = ECDSA_size(pkey); vchSig.resize(nSize); // Make sure it is big enough if (!ECDSA_sign(0, (unsigned char *)&hash, sizeof(hash), &vchSig[0], &nSize, pkey)) { vchSig.clear(); return false; } vchSig.resize(nSize); // Shrink to fit actual size return true; }
static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *dgst, size_t dgstlen) { int ret; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec_key = ctx->pkey->pkey.ec; int type; unsigned int len; if (!sig) { *siglen = ECDSA_size(ec_key); return 1; } else if (*siglen < (size_t)ECDSA_size(ec_key)) { ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL); return 0; } if (dctx->sign_type != NID_secg_scheme && dctx->sign_type != NID_sm_scheme) { return 0; } if (dctx->md) type = EVP_MD_type(dctx->md); else if (dctx->sign_type == NID_secg_scheme) type = NID_sha1; else if (dctx->sign_type == NID_sm_scheme) type = NID_sm3; if (dctx->sign_type == NID_secg_scheme) { ret = ECDSA_sign(type, dgst, dgstlen, sig, &len, ec_key); } else if (dctx->sign_type == NID_sm_scheme) { ret = SM2_sign(type, dgst, dgstlen, sig, &len, ec_key); } if (ret <= 0) return ret; *siglen = len; return 1; }
data_chunk elliptic_curve_key::sign(hash_digest hash) const { BITCOIN_ASSERT(key_ != nullptr); // SSL likes a reversed hash std::reverse(hash.begin(), hash.end()); data_chunk signature(ECDSA_size(key_)); unsigned int signature_length = signature.size(); if (!ECDSA_sign(0, hash.data(), hash.size(), signature.data(), &signature_length, key_)) return data_chunk(); signature.resize(signature_length); return signature; }
int main(int argc, const char **argv) { BIO *in; EC_KEY *eckey; char challenge[BUFSIZE]; const unsigned char *workbuf_p; unsigned char *sig_buf, *sig_buf_p; size_t len; unsigned int buf_len, i; if (argv[1] == NULL || argv[2] == NULL) { fprintf(stderr, "usage: %s [keyfile] [base64challenge]\n", argv[0]); return EXIT_FAILURE; } in = BIO_new(BIO_s_file()); BIO_read_filename(in, argv[1]); eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, NULL); BIO_free(in); if (!EC_KEY_check_key(eckey)) { fprintf(stderr, "Key data for %s is inconsistent.\n", argv[1]); return EXIT_FAILURE; } memset(challenge, '\0', sizeof challenge); len = base64_decode(argv[2], challenge, BUFSIZE); workbuf_p = (unsigned char *) challenge; buf_len = ECDSA_size(eckey); sig_buf = mowgli_alloc(buf_len); sig_buf_p = sig_buf; if (!ECDSA_sign(0, challenge, len, sig_buf_p, &buf_len, eckey)) { fprintf(stderr, "Failed to sign challenge!\n"); return EXIT_FAILURE; } base64_encode(sig_buf, buf_len, challenge, BUFSIZE); printf("%s\n", challenge); mowgli_free(sig_buf); return EXIT_SUCCESS; }
bool bp_sign(struct bp_key *key, const void *data, size_t data_len, void **sig_, size_t *sig_len_) { size_t sig_sz = ECDSA_size(key->k); void *sig = calloc(1, sig_sz); unsigned int sig_sz_out = sig_sz; int src = ECDSA_sign(0, data, data_len, sig, &sig_sz_out, key->k); if (src != 1) { free(sig); return false; } *sig_ = sig; *sig_len_ = sig_sz_out; return true; }
int EVP_PKEY_size(EVP_PKEY *pkey) { if (pkey == NULL) return(0); #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) return(RSA_size(pkey->pkey.rsa)); else #endif #ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) return(DSA_size(pkey->pkey.dsa)); #endif #ifndef OPENSSL_NO_ECDSA if (pkey->type == EVP_PKEY_EC) return(ECDSA_size(pkey->pkey.ec)); #endif return(0); }
STDMETHODIMP CBECC::DSASign(VARIANT varData, VARIANT *pVal) { if(m_pECC == NULL)return E_NOTIMPL; if (!EC_KEY_check_key((EC_KEY*)m_pECC)) return E_NOTIMPL; CBVarPtr varPtr; HRESULT hr = varPtr.Attach(varData); if(FAILED(hr))return hr; int nSize = ECDSA_size((EC_KEY*)m_pECC); CBVarPtr varVal; varVal.Create(nSize); if (!ECDSA_sign(0, varPtr.m_pData, varPtr.m_nSize, varVal.m_pData, (unsigned int *)&nSize, (EC_KEY*)m_pECC)) return E_INVALIDARG; return varVal.GetVariant(pVal, nSize); }
int VNEcdsa_ORG_Sign( const VNAsymCryptCtx_t * ctx, const unsigned char * plainText, int length, struct vn_iovec * signText ) { int ret = 0; VNEcdsa_ORG_Ctx_t * orgCtx = VN_CONTAINER_OF( ctx, VNEcdsa_ORG_Ctx_t, mCtx ); assert( VN_TYPE_VNEcdsaSign_ORG == ctx->mType ); signText->i.iov_len = ECDSA_size( orgCtx->mEcKey ); signText->i.iov_base = malloc( signText->i.iov_len ); ret = ECDSA_sign( 0, plainText, length, signText->i.iov_base, (unsigned int *)&( signText->i.iov_len ), orgCtx->mEcKey ); if( 1 != ret ) { char buff[ 1024 ] = { 0 }; printf( "ECDSA_sign %d, %s\n", ret, ERR_error_string( ERR_get_error(), buff ) ); } return 1 == ret ? 0 : -1; }
/* * Sign a challenge. */ bool libecdsaauth_sign(libecdsaauth_key_t *key, unsigned char *in, size_t inlen, unsigned char **out, size_t *outlen) { unsigned char *sig_buf, *sig_buf_p; unsigned int sig_len; if (key->eckey == NULL) return false; sig_len = ECDSA_size(key->eckey); sig_buf = malloc(sig_len); sig_buf_p = sig_buf; if (!ECDSA_sign(0, in, inlen, sig_buf_p, &sig_len, key->eckey)) { free(sig_buf); return false; } *out = sig_buf; *outlen = (size_t) sig_len; return true; }
int test_builtin(BIO *out) { EC_builtin_curve *curves = NULL; size_t crv_len = 0, n = 0; EC_KEY *eckey = NULL, *wrong_eckey = NULL; EC_GROUP *group; unsigned char digest[20], wrong_digest[20]; unsigned char *signature = NULL; unsigned int sig_len; int nid, ret = 0; /* fill digest values with some random data */ if (!RAND_pseudo_bytes(digest, 20) || !RAND_pseudo_bytes(wrong_digest, 20)) { BIO_printf(out, "ERROR: unable to get random data\n"); goto builtin_err; } /* create and verify a ecdsa signature with every availble curve * (with ) */ BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " "with some internal curves:\n"); /* get a list of all internal curves */ crv_len = EC_get_builtin_curves(NULL, 0); curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); if (curves == NULL) { BIO_printf(out, "malloc error\n"); goto builtin_err; } if (!EC_get_builtin_curves(curves, crv_len)) { BIO_printf(out, "unable to get internal curves\n"); goto builtin_err; } /* now create and verify a signature for every curve */ for (n = 0; n < crv_len; n++) { unsigned char dirt, offset; nid = curves[n].nid; if (nid == NID_ipsec4) continue; /* create new ecdsa key (== EC_KEY) */ if ((eckey = EC_KEY_new()) == NULL) goto builtin_err; group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) goto builtin_err; if (EC_KEY_set_group(eckey, group) == 0) goto builtin_err; EC_GROUP_free(group); if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160) /* drop the curve */ { EC_KEY_free(eckey); eckey = NULL; continue; } BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); /* create key */ if (!EC_KEY_generate_key(eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } /* create second key */ if ((wrong_eckey = EC_KEY_new()) == NULL) goto builtin_err; group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) goto builtin_err; if (EC_KEY_set_group(wrong_eckey, group) == 0) goto builtin_err; EC_GROUP_free(group); if (!EC_KEY_generate_key(wrong_eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* check key */ if (!EC_KEY_check_key(eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* create signature */ sig_len = ECDSA_size(eckey); if ((signature = OPENSSL_malloc(sig_len)) == NULL) goto builtin_err; if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* verify signature */ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* verify signature with the wrong key */ if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* wrong digest */ if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* modify a single byte of the signature */ offset = signature[10] % sig_len; dirt = signature[11]; signature[offset] ^= dirt ? dirt : 1; if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); BIO_printf(out, " ok\n"); /* cleanup */ OPENSSL_free(signature); signature = NULL; EC_KEY_free(eckey); eckey = NULL; EC_KEY_free(wrong_eckey); wrong_eckey = NULL; } ret = 1; builtin_err: if (eckey) EC_KEY_free(eckey); if (wrong_eckey) EC_KEY_free(wrong_eckey); if (signature) OPENSSL_free(signature); if (curves) OPENSSL_free(curves); return ret; }
extern "C" int32_t CryptoNative_EcDsaSize(const EC_KEY* key) { return ECDSA_size(key); }
int test_builtin(BIO *out) { size_t n = 0; EC_KEY *eckey = NULL, *wrong_eckey = NULL; EC_GROUP *group; BIGNUM *order = NULL; ECDSA_SIG *ecdsa_sig = NULL; unsigned char digest[20], wrong_digest[20]; unsigned char *signature = NULL; const unsigned char *sig_ptr; unsigned char *sig_ptr2; unsigned char *raw_buf = NULL; unsigned int sig_len, r_len, s_len, bn_len, buf_len; int nid, ret = 0; /* fill digest values with some random data */ if (!RAND_pseudo_bytes(digest, 20) || !RAND_pseudo_bytes(wrong_digest, 20)) { BIO_printf(out, "ERROR: unable to get random data\n"); goto builtin_err; } order = BN_new(); if (order == NULL) { goto builtin_err; } /* create and verify a ecdsa signature with every availble curve * (with ) */ BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " "with some internal curves:\n"); static const int kCurveNIDs[] = {NID_secp224r1, NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, NID_undef}; /* now create and verify a signature for every curve */ for (n = 0; kCurveNIDs[n] != NID_undef; n++) { unsigned char dirt, offset; nid = kCurveNIDs[n]; /* create new ecdsa key (== EC_KEY) */ eckey = EC_KEY_new(); if (eckey == NULL) { goto builtin_err; } group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) { goto builtin_err; } if (!EC_KEY_set_group(eckey, group)) { goto builtin_err; } EC_GROUP_free(group); if (!EC_GROUP_get_order(EC_KEY_get0_group(eckey), order, NULL)) { goto builtin_err; } if (BN_num_bits(order) < 160) { /* Too small to test. */ EC_KEY_free(eckey); eckey = NULL; continue; } BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); /* create key */ if (!EC_KEY_generate_key(eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } /* create second key */ wrong_eckey = EC_KEY_new(); if (wrong_eckey == NULL) { goto builtin_err; } group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) { goto builtin_err; } if (EC_KEY_set_group(wrong_eckey, group) == 0) { goto builtin_err; } EC_GROUP_free(group); if (!EC_KEY_generate_key(wrong_eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* check key */ if (!EC_KEY_check_key(eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* create signature */ sig_len = ECDSA_size(eckey); signature = OPENSSL_malloc(sig_len); if (signature == NULL) { goto builtin_err; } if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* verify signature */ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* verify signature with the wrong key */ if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* wrong digest */ if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* wrong length */ if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* Modify a single byte of the signature: to ensure we don't * garble the ASN1 structure, we read the raw signature and * modify a byte in one of the bignums directly. */ sig_ptr = signature; ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len); if (ecdsa_sig == NULL) { BIO_printf(out, " failed\n"); goto builtin_err; } /* Store the two BIGNUMs in raw_buf. */ r_len = BN_num_bytes(ecdsa_sig->r); s_len = BN_num_bytes(ecdsa_sig->s); bn_len = BN_num_bytes(order); if (r_len > bn_len || s_len > bn_len) { BIO_printf(out, " failed\n"); goto builtin_err; } buf_len = 2 * bn_len; raw_buf = OPENSSL_malloc(2 * bn_len); if (raw_buf == NULL) { goto builtin_err; } /* Pad the bignums with leading zeroes. */ if (!BN_bn2bin_padded(raw_buf, bn_len, ecdsa_sig->r) || !BN_bn2bin_padded(raw_buf + bn_len, bn_len, ecdsa_sig->s)) { goto builtin_err; } /* Modify a single byte in the buffer. */ offset = raw_buf[10] % buf_len; dirt = raw_buf[11] ? raw_buf[11] : 1; raw_buf[offset] ^= dirt; /* Now read the BIGNUMs back in from raw_buf. */ if (BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL || BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL) { goto builtin_err; } sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } /* Sanity check: undo the modification and verify signature. */ raw_buf[offset] ^= dirt; if (BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL || BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL) { goto builtin_err; } sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); BIO_printf(out, " ok\n"); /* cleanup */ /* clean bogus errors */ ERR_clear_error(); OPENSSL_free(signature); signature = NULL; EC_KEY_free(eckey); eckey = NULL; EC_KEY_free(wrong_eckey); wrong_eckey = NULL; ECDSA_SIG_free(ecdsa_sig); ecdsa_sig = NULL; OPENSSL_free(raw_buf); raw_buf = NULL; } ret = 1; builtin_err: if (eckey) { EC_KEY_free(eckey); } if (order) { BN_free(order); } if (wrong_eckey) { EC_KEY_free(wrong_eckey); } if (ecdsa_sig) { ECDSA_SIG_free(ecdsa_sig); } if (signature) { OPENSSL_free(signature); } if (raw_buf) { OPENSSL_free(raw_buf); } return ret; }
static int test_builtin(void) { EC_builtin_curve *curves = NULL; size_t crv_len = 0, n = 0; EC_KEY *eckey = NULL, *wrong_eckey = NULL; EC_GROUP *group; ECDSA_SIG *ecdsa_sig = NULL, *modified_sig = NULL; unsigned char digest[20], wrong_digest[20]; unsigned char *signature = NULL; const unsigned char *sig_ptr; unsigned char *sig_ptr2; unsigned char *raw_buf = NULL; const BIGNUM *sig_r, *sig_s; BIGNUM *modified_r = NULL, *modified_s = NULL; BIGNUM *unmodified_r = NULL, *unmodified_s = NULL; unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; int nid, ret = 0; /* fill digest values with some random data */ if (!TEST_true(RAND_bytes(digest, 20)) || !TEST_true(RAND_bytes(wrong_digest, 20))) goto builtin_err; /* create and verify a ecdsa signature with every available curve */ /* get a list of all internal curves */ crv_len = EC_get_builtin_curves(NULL, 0); if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len)) || !TEST_true(EC_get_builtin_curves(curves, crv_len))) goto builtin_err; /* now create and verify a signature for every curve */ for (n = 0; n < crv_len; n++) { unsigned char dirt, offset; nid = curves[n].nid; if (nid == NID_ipsec4 || nid == NID_X25519) continue; /* create new ecdsa key (== EC_KEY) */ if (!TEST_ptr(eckey = EC_KEY_new()) || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) || !TEST_true(EC_KEY_set_group(eckey, group))) goto builtin_err; EC_GROUP_free(group); degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); if (degree < 160) { /* drop the curve */ EC_KEY_free(eckey); eckey = NULL; continue; } TEST_info("testing %s", OBJ_nid2sn(nid)); /* create key */ if (!TEST_true(EC_KEY_generate_key(eckey))) goto builtin_err; /* create second key */ if (!TEST_ptr(wrong_eckey = EC_KEY_new()) || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) || !TEST_true(EC_KEY_set_group(wrong_eckey, group))) goto builtin_err; EC_GROUP_free(group); if (!TEST_true(EC_KEY_generate_key(wrong_eckey))) goto builtin_err; /* check key */ if (!TEST_true(EC_KEY_check_key(eckey))) goto builtin_err; /* create signature */ sig_len = ECDSA_size(eckey); if (!TEST_ptr(signature = OPENSSL_malloc(sig_len)) || !TEST_true(ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))) goto builtin_err; /* verify signature */ if (!TEST_int_eq(ECDSA_verify(0, digest, 20, signature, sig_len, eckey), 1)) goto builtin_err; /* verify signature with the wrong key */ if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey), 1)) goto builtin_err; /* wrong digest */ if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey), 1)) goto builtin_err; /* wrong length */ if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey), 1)) goto builtin_err; /* * Modify a single byte of the signature: to ensure we don't garble * the ASN1 structure, we read the raw signature and modify a byte in * one of the bignums directly. */ sig_ptr = signature; if (!TEST_ptr(ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len))) goto builtin_err; ECDSA_SIG_get0(ecdsa_sig, &sig_r, &sig_s); /* Store the two BIGNUMs in raw_buf. */ r_len = BN_num_bytes(sig_r); s_len = BN_num_bytes(sig_s); bn_len = (degree + 7) / 8; if (!TEST_false(r_len > bn_len) || !TEST_false(s_len > bn_len)) goto builtin_err; buf_len = 2 * bn_len; if (!TEST_ptr(raw_buf = OPENSSL_zalloc(buf_len))) goto builtin_err; BN_bn2bin(sig_r, raw_buf + bn_len - r_len); BN_bn2bin(sig_s, raw_buf + buf_len - s_len); /* Modify a single byte in the buffer. */ offset = raw_buf[10] % buf_len; dirt = raw_buf[11] ? raw_buf[11] : 1; raw_buf[offset] ^= dirt; /* Now read the BIGNUMs back in from raw_buf. */ if (!TEST_ptr(modified_sig = ECDSA_SIG_new())) goto builtin_err; if (!TEST_ptr(modified_r = BN_bin2bn(raw_buf, bn_len, NULL)) || !TEST_ptr(modified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) || !TEST_true(ECDSA_SIG_set0(modified_sig, modified_r, modified_s))) { BN_free(modified_r); BN_free(modified_s); goto builtin_err; } sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2); if (!TEST_false(ECDSA_verify(0, digest, 20, signature, sig_len, eckey))) goto builtin_err; /* Sanity check: undo the modification and verify signature. */ raw_buf[offset] ^= dirt; if (!TEST_ptr(unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL)) || !TEST_ptr(unmodified_s = BN_bin2bn(raw_buf + bn_len, bn_len, NULL)) || !TEST_true(ECDSA_SIG_set0(modified_sig, unmodified_r, unmodified_s))) { BN_free(unmodified_r); BN_free(unmodified_s); goto builtin_err; } sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2); if (!TEST_true(ECDSA_verify(0, digest, 20, signature, sig_len, eckey))) goto builtin_err; /* cleanup */ ERR_clear_error(); OPENSSL_free(signature); signature = NULL; EC_KEY_free(eckey); eckey = NULL; EC_KEY_free(wrong_eckey); wrong_eckey = NULL; ECDSA_SIG_free(ecdsa_sig); ecdsa_sig = NULL; ECDSA_SIG_free(modified_sig); modified_sig = NULL; OPENSSL_free(raw_buf); raw_buf = NULL; } ret = 1; builtin_err: EC_KEY_free(eckey); EC_KEY_free(wrong_eckey); ECDSA_SIG_free(ecdsa_sig); ECDSA_SIG_free(modified_sig); OPENSSL_free(signature); OPENSSL_free(raw_buf); OPENSSL_free(curves); return ret; }
static int int_ec_size(const EVP_PKEY *pkey) { return ECDSA_size(pkey->pkey.ec); }