void test_ecdsa_openssl() { const secp256k1_ge_consts_t *c = secp256k1_ge_consts; secp256k1_num_t key, msg; secp256k1_num_init(&msg); unsigned char message[32]; secp256k1_rand256_test(message); secp256k1_num_set_bin(&msg, message, 32); secp256k1_num_init(&key); random_num_order_test(&key); secp256k1_gej_t qj; secp256k1_ecmult_gen(&qj, &key); secp256k1_ge_t q; secp256k1_ge_set_gej(&q, &qj); EC_KEY *ec_key = get_openssl_key(&key); assert(ec_key); unsigned char signature[80]; int sigsize = 80; assert(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key)); secp256k1_ecdsa_sig_t sig; secp256k1_ecdsa_sig_init(&sig); assert(secp256k1_ecdsa_sig_parse(&sig, signature, sigsize)); assert(secp256k1_ecdsa_sig_verify(&sig, &q, &msg)); secp256k1_num_inc(&sig.r); assert(!secp256k1_ecdsa_sig_verify(&sig, &q, &msg)); random_sign(&sig, &key, &msg, NULL); sigsize = 80; assert(secp256k1_ecdsa_sig_serialize(signature, &sigsize, &sig)); assert(ECDSA_verify(0, message, sizeof(message), signature, sigsize, ec_key) == 1); secp256k1_ecdsa_sig_free(&sig); EC_KEY_free(ec_key); secp256k1_num_free(&key); secp256k1_num_free(&msg); }
void test_ecdsa_openssl(void) { secp256k1_scalar_t key, msg; unsigned char message[32]; secp256k1_rand256_test(message); secp256k1_scalar_set_b32(&msg, message, NULL); random_scalar_order_test(&key); secp256k1_gej_t qj; secp256k1_ecmult_gen(&qj, &key); secp256k1_ge_t q; secp256k1_ge_set_gej(&q, &qj); EC_KEY *ec_key = get_openssl_key(&key); CHECK(ec_key); unsigned char signature[80]; unsigned int sigsize = 80; CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key)); secp256k1_ecdsa_sig_t sig; CHECK(secp256k1_ecdsa_sig_parse(&sig, signature, sigsize)); CHECK(secp256k1_ecdsa_sig_verify(&sig, &q, &msg)); secp256k1_scalar_t one; secp256k1_scalar_set_int(&one, 1); secp256k1_scalar_t msg2; secp256k1_scalar_add(&msg2, &msg, &one); CHECK(!secp256k1_ecdsa_sig_verify(&sig, &q, &msg2)); random_sign(&sig, &key, &msg, NULL); int secp_sigsize = 80; CHECK(secp256k1_ecdsa_sig_serialize(signature, &secp_sigsize, &sig)); CHECK(ECDSA_verify(0, message, sizeof(message), signature, secp_sigsize, ec_key) == 1); EC_KEY_free(ec_key); }
bool CKey::Sign(uint256 hash, std::vector<unsigned char>& vchSig) { vchSig.clear(); ECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&hash, sizeof(hash), pkey); if (sig==NULL) return false; const EC_GROUP *group = EC_KEY_get0_group(pkey); CBigNum order, halforder; EC_GROUP_get_order(group, &order, NULL); BN_rshift1(&halforder, &order); // enforce low S values, by negating the value (modulo the order) if above order/2. if (BN_cmp(sig->s, &halforder) > 0) { BN_sub(sig->s, &order, sig->s); } unsigned int nSize = ECDSA_size(pkey); vchSig.resize(nSize); // Make sure it is big enough unsigned char *pos = &vchSig[0]; nSize = i2d_ECDSA_SIG(sig, &pos); ECDSA_SIG_free(sig); vchSig.resize(nSize); // Shrink to fit actual size // Testing our new signature if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1) { vchSig.clear(); return false; } return true; }
/* * Verify a signature. */ bool libecdsaauth_verify(libecdsaauth_key_t *key, unsigned char *blob, size_t len, unsigned char *sig, size_t siglen) { if (1 != ECDSA_verify(0, blob, len, sig, siglen, key->eckey)) return false; return true; }
bool PolicyManager::verifySha256WithEcdsaSignature (const Blob& signature, const SignedBlob& signedBlob, const Blob& publicKeyDer) { // Set signedPortionDigest to the digest of the signed portion of the signedBlob. uint8_t signedPortionDigest[SHA256_DIGEST_LENGTH]; ndn_digestSha256 (signedBlob.signedBuf(), signedBlob.signedSize(), signedPortionDigest); // Verify the signedPortionDigest. // Use a temporary pointer since d2i updates it. const uint8_t *derPointer = publicKeyDer.buf(); EC_KEY *ecPublicKey = d2i_EC_PUBKEY(NULL, &derPointer, publicKeyDer.size()); if (!ecPublicKey) throw UnrecognizedKeyFormatException ("Error decoding public key in d2i_EC_PUBKEY"); int success = ECDSA_verify (NID_sha256, signedPortionDigest, sizeof(signedPortionDigest), (uint8_t *)signature.buf(),signature.size(), ecPublicKey); // Free the public key before checking for success. EC_KEY_free(ecPublicKey); // ECDSA_verify returns 1 for a valid signature. return (success == 1); }
bool CBEcdsaVerify(uint8_t * signature, uint8_t sigLen, uint8_t * hash, uint8_t * pubKey, uint8_t keyLen){ EC_KEY * key = EC_KEY_new_by_curve_name(NID_secp256k1); o2i_ECPublicKey(&key, (const unsigned char **)&pubKey, keyLen); int res = ECDSA_verify(0, hash, 32, signature, sigLen, key); EC_KEY_free(key); return res == 1; }
static void benchmark_verify_openssl(void* arg) { int i; benchmark_verify_t* data = (benchmark_verify_t*)arg; for (i = 0; i < 20000; i++) { data->sig[data->siglen - 1] ^= (i & 0xFF); data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); { EC_KEY *pkey = EC_KEY_new(); const unsigned char *pubkey = &data->pubkey[0]; int result; CHECK(pkey != NULL); result = EC_KEY_set_group(pkey, data->ec_group); CHECK(result); result = (o2i_ECPublicKey(&pkey, &pubkey, data->pubkeylen)) != NULL; CHECK(result); result = ECDSA_verify(0, &data->msg[0], sizeof(data->msg), &data->sig[0], data->siglen, pkey) == (i == 0); CHECK(result); EC_KEY_free(pkey); } data->sig[data->siglen - 1] ^= (i & 0xFF); data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); } }
int verify_u2f_user(Key *key, u_char *dgst, size_t dgstlen, u_char *sig, size_t siglen) { int ret; EC_KEY *ec; unsigned char *pk; // TODO: validate that the given key is in the key files. // We are privileged in this function so it should be easy. // TODO: replace a lot of stuff here with constants pk = malloc(sizeof(unsigned char) * (u2f_pubkey_len+26)); memcpy(pk, pubkeyprefix, 26); memcpy(pk+26, key->u2f_pubkey, u2f_pubkey_len); if ((ec = d2i_EC_PUBKEY(NULL, &pk, u2f_pubkey_len+26)) == NULL) fatal("d2i_EC_PUBKEY() failed"); debug("pubkey loaded, yay"); if ((ret = ECDSA_verify(0, dgst, dgstlen, sig, siglen, ec)) == -1) fatal("ECDSA_verify failed"); debug("ret = %d", ret); if (ret == 1) debug("sig verified!"); EC_KEY_free(ec); return ret == 1; }
bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSig) { if (vchSig.empty()) return false; // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first. unsigned char *norm_der = NULL; ECDSA_SIG *norm_sig = ECDSA_SIG_new(); const unsigned char* sigptr = &vchSig[0]; assert(norm_sig); if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL) { /* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on * error. But OpenSSL's own use of this function redundantly frees the * result. As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a * clear contract for the function behaving the same way is more * conservative. */ ECDSA_SIG_free(norm_sig); return false; } int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der); ECDSA_SIG_free(norm_sig); if (derlen <= 0) return false; // -1 = error, 0 = bad sig, 1 = good bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1; OPENSSL_free(norm_der); return ret; }
bool key_verify(struct key *k, const void *data, size_t datalen, const void *sig, size_t siglen) { int res; res = ECDSA_verify(0, data, datalen, sig, siglen, k->key); return res == 1; }
bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSig) { // -1 = error, 0 = bad sig, 1 = good if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1) return false; return true; }
bool CKey::Verify(uint1024 hash, const std::vector<unsigned char>& vchSig, int nBits) { bool fSuccess = false; if(nBits == 256) { uint256 hash256 = hash.getuint256(); fSuccess = ECDSA_verify(0, (unsigned char*)&hash256, sizeof(hash256), &vchSig[0], vchSig.size(), pkey); } else if(nBits == 512) { uint512 hash512 = hash.getuint512(); fSuccess = ECDSA_verify(0, (unsigned char*)&hash512, sizeof(hash512), &vchSig[0], vchSig.size(), pkey); } else fSuccess = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey); return fSuccess; }
static int mech_step_response(sasl_session_t *p, char *message, size_t len, char **out, size_t *out_len) { ecdsa_session_t *s = p->mechdata; if (!ECDSA_verify(0, s->challenge, CHALLENGE_LENGTH, (const unsigned char *)message, len, s->pubkey)) return ASASL_FAIL; return ASASL_DONE; }
bool elliptic_curve_key::verify(hash_digest hash, const data_chunk& signature) { BITCOIN_ASSERT(key_ != nullptr); // SSL likes a reversed hash std::reverse(hash.begin(), hash.end()); // -1 = error, 0 = bad sig, 1 = good if (ECDSA_verify(0, hash.data(), hash.size(), signature.data(), signature.size(), key_) == 1) return true; return false; }
void openssl_ec_crypt() { BIO *berr; EC_KEY *key1, *key2; unsigned int sig_len; int clen, len1, len2; EC_builtin_curve *curves; EC_GROUP *group1, *group2; const EC_KEY *key3, *key4; const EC_GROUP *group3, *group4; const EC_POINT *pubkey1, *pubkey2; unsigned char shareKey1[COMM_LEN], shareKey2[COMM_LEN]; unsigned char *signature, cont[COMM_LEN] = "123456"; key1 = EC_KEY_new(); key2 = EC_KEY_new(); clen = EC_get_builtin_curves(NULL, 0); curves = (EC_builtin_curve *) malloc(sizeof(EC_builtin_curve) * clen); EC_get_builtin_curves(curves, clen); group1 = EC_GROUP_new_by_curve_name(curves[25].nid); group2 = EC_GROUP_new_by_curve_name(curves[25].nid); group3 = group1; group4 = group2; EC_KEY_set_group(key1, group3); EC_KEY_set_group(key2, group4); EC_KEY_generate_key(key1); EC_KEY_generate_key(key2); EC_KEY_check_key(key1); key3 = key1; key4 = key2; printf("\nECDSA_size: %d\n", ECDSA_size(key3)); signature = (unsigned char *)malloc(ECDSA_size(key3)); ERR_load_crypto_strings(); berr = BIO_new(BIO_s_file()); BIO_set_fp(berr, stdout, BIO_NOCLOSE); ECDSA_sign(0, cont, 8, signature, &sig_len, key1); ECDSA_verify(0, cont, 8, signature, sig_len, key1); pubkey1 = EC_KEY_get0_public_key(key1); pubkey2 = EC_KEY_get0_public_key(key2); len1 = ECDH_compute_key(shareKey1, COMM_LEN, pubkey2, key1, NULL); len2 = ECDH_compute_key(shareKey2, COMM_LEN, pubkey1, key1, NULL); if (len1 != len2 || memcmp(shareKey1, shareKey2, len1) != 0) { printf("ECDH_compute_key err!\n"); return; } BIO_free(berr); EC_KEY_free(key1); EC_KEY_free(key2); free(signature); free(curves); }
// Credit: https://github.com/ppcoin/ppcoin/pull/101/files bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSigParam) { // Prevent the problem described here: // https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-July/009697.html // by removing the extra length bytes std::vector<unsigned char> vchSig(vchSigParam.begin(), vchSigParam.end()); if (vchSig.size() > 1 && vchSig[1] & 0x80) { unsigned char nLengthBytes = vchSig[1] & 0x7f; if (vchSig.size() < 2 + nLengthBytes) return false; if (nLengthBytes > 4) { unsigned char nExtraBytes = nLengthBytes - 4; for (unsigned char i = 0; i < nExtraBytes; i++) if (vchSig[2 + i]) return false; vchSig.erase(vchSig.begin() + 2, vchSig.begin() + 2 + nExtraBytes); vchSig[1] = 0x80 | (nLengthBytes - nExtraBytes); } } if (vchSig.empty()) return false; // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first. unsigned char *norm_der = NULL; ECDSA_SIG *norm_sig = ECDSA_SIG_new(); const unsigned char* sigptr = &vchSig[0]; assert(norm_sig); if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL) { /* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on * error. But OpenSSL's own use of this function redundantly frees the * result. As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a * clear contract for the function behaving the same way is more * conservative. */ ECDSA_SIG_free(norm_sig); return false; } int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der); ECDSA_SIG_free(norm_sig); if (derlen <= 0) return false; // -1 = error, 0 = bad sig, 1 = good bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1; OPENSSL_free(norm_der); return ret; }
int ndn_EcPublicKey_verifyWithSha256 (const struct ndn_EcPublicKey *self, const uint8_t *signature, size_t signatureLength, const uint8_t *data, size_t dataLength) { // Set digest to the digest of the signed portion of the signedBlob. uint8_t digest[ndn_SHA256_DIGEST_SIZE]; ndn_digestSha256(data, dataLength, digest); return ECDSA_verify (NID_sha256, digest, sizeof(digest), (uint8_t *)signature, signatureLength, self->publicKey) == 1; }
static int pkey_ec_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen, const uint8_t *tbs, size_t tbslen) { int type; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; type = NID_sha1; if (dctx->md) { type = EVP_MD_type(dctx->md); } return ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); }
static BOOL SATOSHI_SCRIPT_checksig(SATOSHI_OP_STACK_t * s, const unsigned char * message, uint32_t cbMessage) { BOOL rc = FALSE; if(NULL == message || cbMessage == 0) return FALSE; SATOSHI_OP_STACK_DATA_t * pubkey = NULL, * sig = NULL; pubkey = SATOSHI_OP_STACK_pop(s); sig = SATOSHI_OP_STACK_pop(s); if(NULL == pubkey || NULL == sig) { if(NULL != pubkey) SATOSHI_OP_STACK_DATA_free(pubkey); if(NULL != sig) SATOSHI_OP_STACK_DATA_free(sig); return FALSE; } // verify sig EC_KEY * p_key = EC_KEY_new_by_curve_name(NID_secp256k1); BN_CTX * ctx = BN_CTX_new(); assert(NULL != p_key && NULL != ctx); const EC_GROUP * G = EC_KEY_get0_group(p_key); EC_POINT * Q = EC_POINT_new(G); EC_POINT_oct2point(G, Q, pubkey->data, pubkey->cb, ctx); EC_KEY_set_public_key(p_key, Q); rc = ECDSA_verify(0, message, cbMessage, sig->data, sig->cb, p_key); if(rc != 1) { if(-1 == rc) { // openssl error. ERR_print_errors_fp(stderr); } rc = 0; } if(rc) { SATOSHI_OP_STACK_push_boolean(s, rc, sizeof(BOOL)); } EC_KEY_free(p_key); BN_CTX_free(ctx); SATOSHI_OP_STACK_DATA_free(pubkey); SATOSHI_OP_STACK_DATA_free(sig); return rc; }
bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSigParam) { // Fix invalid signature with crafted length by removing extra length bytes std::vector<unsigned char> vchSig(vchSigParam.begin(), vchSigParam.end()); if (vchSig.size() > 1 && vchSig[1] & 0x80) { unsigned char nLengthBytes = vchSig[1] & 0x7f; if (vchSig.size() < 2 + nLengthBytes) // Avoid invalid memory access on crafted signature return false; if (nLengthBytes > 4) { unsigned char nExtraBytes = nLengthBytes - 4; for (unsigned char i = 0; i < nExtraBytes; i++) if (vchSig[2 + i]) return false; vchSig.erase(vchSig.begin() + 2, vchSig.begin() + 2 + nExtraBytes); vchSig[1] = 0x80 | (nLengthBytes - nExtraBytes); } } if (vchSig.empty()) return false; // New versions of OpenSSL will reject non-canonical DER signatures. De/re-serialize first. unsigned char *norm_der = NULL; ECDSA_SIG *norm_sig = ECDSA_SIG_new(); const unsigned char* sigptr = &vchSig[0]; assert(norm_sig); if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL) { /* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on error. * But OpenSSL's own use of this function redundantly frees the result. * As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a clear contract for the function behaving the same way is more conservative. */ ECDSA_SIG_free(norm_sig); return false; } int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der); ECDSA_SIG_free(norm_sig); if (derlen <= 0) return false; // -1 = error, 0 = bad sig, 1 = good bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1; OPENSSL_free(norm_der); return ret; }
TEST_F(KeymasterTest, SignData_EC_Success) { uint8_t* key_blob; size_t key_blob_length; UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1)); ASSERT_TRUE(testKey.get() != NULL); ASSERT_EQ(0, sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), &key_blob, &key_blob_length)) << "Should successfully import an EC key"; UniqueKey key(&sDevice, key_blob, key_blob_length); keymaster_ec_sign_params_t params = { .digest_type = DIGEST_NONE, }; uint8_t* sig; size_t sig_length; UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); ASSERT_TRUE(testData.get() != NULL); ASSERT_EQ(0, sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, testData.get(), testData.length(), &sig, &sig_length)) << "Should sign data successfully"; UniqueBlob sig_blob(sig, sig_length); uint8_t* x509_data; size_t x509_data_length; ASSERT_EQ(0, sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, &x509_data, &x509_data_length)) << "Should be able to retrieve RSA public key successfully"; UniqueBlob x509_blob(x509_data, x509_data_length); const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); Unique_EVP_PKEY expected(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, static_cast<long>(x509_blob.length()))); Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(expected.get())); ASSERT_EQ(1, ECDSA_verify(0, testData.get(), testData.length(), sig_blob.get(), sig_blob.length(), ecKey.get())) << "Signature should verify"; }
bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSig) { // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first. unsigned char *norm_der = NULL; ECDSA_SIG *norm_sig = ECDSA_SIG_new(); const unsigned char* sigptr = &vchSig[0]; d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()); int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der); ECDSA_SIG_free(norm_sig); if (derlen <= 0) return false; // -1 = error, 0 = bad sig, 1 = good bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1; OPENSSL_free(norm_der); return ret; }
static int pkey_ec_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) { int ret, type; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; if (dctx->md) type = EVP_MD_type(dctx->md); else type = NID_sha1; ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); return ret; }
static int s2n_ecdsa_verify(const struct s2n_pkey *pub, struct s2n_hash_state *digest, struct s2n_blob *signature) { const s2n_ecdsa_public_key *key = &pub->key.ecdsa_key; notnull_check(key->ec_key); uint8_t digest_length; GUARD(s2n_hash_digest_size(digest->alg, &digest_length)); lte_check(digest_length, S2N_MAX_DIGEST_LEN); uint8_t digest_out[S2N_MAX_DIGEST_LEN]; GUARD(s2n_hash_digest(digest, digest_out, digest_length)); /* ECDSA_verify ignores the first parameter */ GUARD_OSSL(ECDSA_verify(0, digest_out, digest_length, signature->data, signature->size, key->ec_key), S2N_ERR_VERIFY_SIGNATURE); GUARD(s2n_hash_reset(digest)); return 0; }
int VNEcdsa_ORG_Verify( const VNAsymCryptCtx_t * ctx, const unsigned char * signText, int length, const struct vn_iovec * plainText ) { int ret = 0; VNEcdsa_ORG_Ctx_t * orgCtx = VN_CONTAINER_OF( ctx, VNEcdsa_ORG_Ctx_t, mCtx ); assert( VN_TYPE_VNEcdsaSign_ORG == ctx->mType ); ret = ECDSA_verify( 0, plainText->i.iov_base, plainText->i.iov_len, signText, length, orgCtx->mEcKey ); if( 1 != ret ) { char buff[ 1024 ] = { 0 }; printf( "ECDSA_sign %d, %s\n", ret, ERR_error_string( ERR_get_error(), buff ) ); } return 1 == ret ? 0 : -1; }
static int pkey_ec_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *dgst, size_t dgstlen) { int ret, type; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec_key = ctx->pkey->pkey.ec; if (dctx->md) type = EVP_MD_type(dctx->md); else type = NID_sha1; if (dctx->sign_type == NID_sm2sign) ret = SM2_verify(type, dgst, dgstlen, sig, siglen, ec_key); else ret = ECDSA_verify(type, dgst, dgstlen, sig, siglen, ec_key); return ret; }
STDMETHODIMP CBECC::DSAVerify(VARIANT varData, VARIANT varSig, VARIANT_BOOL *retVal) { if(m_pECC == NULL)return E_NOTIMPL; if (!EC_KEY_check_key((EC_KEY*)m_pECC)) return E_NOTIMPL; CBVarPtr varPtrData, varPtrSig; HRESULT hr = varPtrData.Attach(varData); if(FAILED(hr))return hr; hr = varPtrSig.Attach(varSig); if(FAILED(hr))return hr; int n = ECDSA_verify(0, varPtrData.m_pData, varPtrData.m_nSize, varPtrSig.m_pData, varPtrSig.m_nSize, (EC_KEY*)m_pECC); if (n == -1) return E_INVALIDARG; *retVal = n ? VARIANT_TRUE : VARIANT_FALSE; return S_OK; }
static int verify_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params, const uint8_t* signedData, const size_t signedDataLength, const uint8_t* signature, const size_t signatureLength) { if (sign_params->digest_type != DIGEST_NONE) { ALOGW("Cannot handle digest type %d", sign_params->digest_type); return -1; } Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey)); if (eckey.get() == NULL) { logOpenSSLError("openssl_verify_ec"); return -1; } if (ECDSA_verify(0, signedData, signedDataLength, signature, signatureLength, eckey.get()) <= 0) { logOpenSSLError("openssl_verify_ec"); return -1; } return 0; }
ERL_NIF_TERM ucrypto_ec_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) { struct ec_key_handle *handle = NULL; ErlNifBinary data; ErlNifBinary signature; if (! enif_get_resource(env, argv[0], ec_key_resource, (void **)&handle)) return enif_make_badarg(env); if (! enif_inspect_iolist_as_binary(env, argv[1], &data)) return enif_make_badarg(env); if (! enif_inspect_iolist_as_binary(env, argv[2], &signature)) return enif_make_badarg(env); if (! handle->key) return enif_make_tuple2(env, ATOM_ERROR, ATOM_UNINITIALIZED_KEY); if (1 == ECDSA_verify(0, data.data, data.size, signature.data, signature.size, handle->key)) return ATOM_TRUE; return ATOM_FALSE; }
static int pkey_ec_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) { int ret, type; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; if (dctx->md) type = EVP_MD_type(dctx->md); else type = NID_sha1; #ifndef OPENSSL_NO_SM2 if (dctx->ec_scheme == NID_sm_scheme) ret = SM2_verify(NID_undef, tbs, tbslen, sig, siglen, ec); else #endif ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); return ret; }