void test_ecdsa_openssl() {
const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
secp256k1_num_t key, msg;
secp256k1_num_init(&msg);
unsigned char message[32];
secp256k1_rand256_test(message);
secp256k1_num_set_bin(&msg, message, 32);
secp256k1_num_init(&key);
random_num_order_test(&key);
secp256k1_gej_t qj;
secp256k1_ecmult_gen(&qj, &key);
secp256k1_ge_t q;
secp256k1_ge_set_gej(&q, &qj);
EC_KEY *ec_key = get_openssl_key(&key);
assert(ec_key);
unsigned char signature[80];
int sigsize = 80;
assert(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key));
secp256k1_ecdsa_sig_t sig;
secp256k1_ecdsa_sig_init(&sig);
assert(secp256k1_ecdsa_sig_parse(&sig, signature, sigsize));
assert(secp256k1_ecdsa_sig_verify(&sig, &q, &msg));
secp256k1_num_inc(&sig.r);
assert(!secp256k1_ecdsa_sig_verify(&sig, &q, &msg));
random_sign(&sig, &key, &msg, NULL);
sigsize = 80;
assert(secp256k1_ecdsa_sig_serialize(signature, &sigsize, &sig));
assert(ECDSA_verify(0, message, sizeof(message), signature, sigsize, ec_key) == 1);
secp256k1_ecdsa_sig_free(&sig);
EC_KEY_free(ec_key);
secp256k1_num_free(&key);
secp256k1_num_free(&msg);
}
void test_ecdsa_openssl(void) {
secp256k1_scalar_t key, msg;
unsigned char message[32];
secp256k1_rand256_test(message);
secp256k1_scalar_set_b32(&msg, message, NULL);
random_scalar_order_test(&key);
secp256k1_gej_t qj;
secp256k1_ecmult_gen(&qj, &key);
secp256k1_ge_t q;
secp256k1_ge_set_gej(&q, &qj);
EC_KEY *ec_key = get_openssl_key(&key);
CHECK(ec_key);
unsigned char signature[80];
unsigned int sigsize = 80;
CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key));
secp256k1_ecdsa_sig_t sig;
CHECK(secp256k1_ecdsa_sig_parse(&sig, signature, sigsize));
CHECK(secp256k1_ecdsa_sig_verify(&sig, &q, &msg));
secp256k1_scalar_t one;
secp256k1_scalar_set_int(&one, 1);
secp256k1_scalar_t msg2;
secp256k1_scalar_add(&msg2, &msg, &one);
CHECK(!secp256k1_ecdsa_sig_verify(&sig, &q, &msg2));
random_sign(&sig, &key, &msg, NULL);
int secp_sigsize = 80;
CHECK(secp256k1_ecdsa_sig_serialize(signature, &secp_sigsize, &sig));
CHECK(ECDSA_verify(0, message, sizeof(message), signature, secp_sigsize, ec_key) == 1);
EC_KEY_free(ec_key);
}
bool CKey::Sign(uint256 hash, std::vector<unsigned char>& vchSig)
{
vchSig.clear();
ECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&hash, sizeof(hash), pkey);
if (sig==NULL)
return false;
const EC_GROUP *group = EC_KEY_get0_group(pkey);
CBigNum order, halforder;
EC_GROUP_get_order(group, &order, NULL);
BN_rshift1(&halforder, &order);
// enforce low S values, by negating the value (modulo the order) if above order/2.
if (BN_cmp(sig->s, &halforder) > 0) {
BN_sub(sig->s, &order, sig->s);
}
unsigned int nSize = ECDSA_size(pkey);
vchSig.resize(nSize); // Make sure it is big enough
unsigned char *pos = &vchSig[0];
nSize = i2d_ECDSA_SIG(sig, &pos);
ECDSA_SIG_free(sig);
vchSig.resize(nSize); // Shrink to fit actual size
// Testing our new signature
if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1) {
vchSig.clear();
return false;
}
return true;
}
/*
* Verify a signature.
*/
bool libecdsaauth_verify(libecdsaauth_key_t *key, unsigned char *blob, size_t len, unsigned char *sig, size_t siglen)
{
if (1 != ECDSA_verify(0, blob, len, sig, siglen, key->eckey))
return false;
return true;
}
bool
PolicyManager::verifySha256WithEcdsaSignature
(const Blob& signature, const SignedBlob& signedBlob, const Blob& publicKeyDer)
{
// Set signedPortionDigest to the digest of the signed portion of the signedBlob.
uint8_t signedPortionDigest[SHA256_DIGEST_LENGTH];
ndn_digestSha256
(signedBlob.signedBuf(), signedBlob.signedSize(), signedPortionDigest);
// Verify the signedPortionDigest.
// Use a temporary pointer since d2i updates it.
const uint8_t *derPointer = publicKeyDer.buf();
EC_KEY *ecPublicKey = d2i_EC_PUBKEY(NULL, &derPointer, publicKeyDer.size());
if (!ecPublicKey)
throw UnrecognizedKeyFormatException
("Error decoding public key in d2i_EC_PUBKEY");
int success = ECDSA_verify
(NID_sha256, signedPortionDigest, sizeof(signedPortionDigest),
(uint8_t *)signature.buf(),signature.size(), ecPublicKey);
// Free the public key before checking for success.
EC_KEY_free(ecPublicKey);
// ECDSA_verify returns 1 for a valid signature.
return (success == 1);
}
bool CBEcdsaVerify(uint8_t * signature, uint8_t sigLen, uint8_t * hash, uint8_t * pubKey, uint8_t keyLen){
EC_KEY * key = EC_KEY_new_by_curve_name(NID_secp256k1);
o2i_ECPublicKey(&key, (const unsigned char **)&pubKey, keyLen);
int res = ECDSA_verify(0, hash, 32, signature, sigLen, key);
EC_KEY_free(key);
return res == 1;
}
static void benchmark_verify_openssl(void* arg) {
int i;
benchmark_verify_t* data = (benchmark_verify_t*)arg;
for (i = 0; i < 20000; i++) {
data->sig[data->siglen - 1] ^= (i & 0xFF);
data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);
data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);
{
EC_KEY *pkey = EC_KEY_new();
const unsigned char *pubkey = &data->pubkey[0];
int result;
CHECK(pkey != NULL);
result = EC_KEY_set_group(pkey, data->ec_group);
CHECK(result);
result = (o2i_ECPublicKey(&pkey, &pubkey, data->pubkeylen)) != NULL;
CHECK(result);
result = ECDSA_verify(0, &data->msg[0], sizeof(data->msg), &data->sig[0], data->siglen, pkey) == (i == 0);
CHECK(result);
EC_KEY_free(pkey);
}
data->sig[data->siglen - 1] ^= (i & 0xFF);
data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);
data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);
}
}
int
verify_u2f_user(Key *key, u_char *dgst, size_t dgstlen, u_char *sig, size_t siglen)
{
int ret;
EC_KEY *ec;
unsigned char *pk;
// TODO: validate that the given key is in the key files.
// We are privileged in this function so it should be easy.
// TODO: replace a lot of stuff here with constants
pk = malloc(sizeof(unsigned char) * (u2f_pubkey_len+26));
memcpy(pk, pubkeyprefix, 26);
memcpy(pk+26, key->u2f_pubkey, u2f_pubkey_len);
if ((ec = d2i_EC_PUBKEY(NULL, &pk, u2f_pubkey_len+26)) == NULL)
fatal("d2i_EC_PUBKEY() failed");
debug("pubkey loaded, yay");
if ((ret = ECDSA_verify(0, dgst, dgstlen, sig, siglen, ec)) == -1)
fatal("ECDSA_verify failed");
debug("ret = %d", ret);
if (ret == 1)
debug("sig verified!");
EC_KEY_free(ec);
return ret == 1;
}
bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSig)
{
if (vchSig.empty())
return false;
// New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.
unsigned char *norm_der = NULL;
ECDSA_SIG *norm_sig = ECDSA_SIG_new();
const unsigned char* sigptr = &vchSig[0];
assert(norm_sig);
if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL)
{
/* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on
* error. But OpenSSL's own use of this function redundantly frees the
* result. As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a
* clear contract for the function behaving the same way is more
* conservative.
*/
ECDSA_SIG_free(norm_sig);
return false;
}
int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);
ECDSA_SIG_free(norm_sig);
if (derlen <= 0)
return false;
// -1 = error, 0 = bad sig, 1 = good
bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
OPENSSL_free(norm_der);
return ret;
}
bool key_verify(struct key *k, const void *data, size_t datalen,
const void *sig, size_t siglen) {
int res;
res = ECDSA_verify(0, data, datalen, sig, siglen, k->key);
return res == 1;
}
bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSig)
{
// -1 = error, 0 = bad sig, 1 = good
if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1)
return false;
return true;
}
bool CKey::Verify(uint1024 hash, const std::vector<unsigned char>& vchSig, int nBits)
{
bool fSuccess = false;
if(nBits == 256)
{
uint256 hash256 = hash.getuint256();
fSuccess = ECDSA_verify(0, (unsigned char*)&hash256, sizeof(hash256), &vchSig[0], vchSig.size(), pkey);
}
else if(nBits == 512)
{
uint512 hash512 = hash.getuint512();
fSuccess = ECDSA_verify(0, (unsigned char*)&hash512, sizeof(hash512), &vchSig[0], vchSig.size(), pkey);
}
else
fSuccess = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey);
return fSuccess;
}
static int mech_step_response(sasl_session_t *p, char *message, size_t len, char **out, size_t *out_len)
{
ecdsa_session_t *s = p->mechdata;
if (!ECDSA_verify(0, s->challenge, CHALLENGE_LENGTH, (const unsigned char *)message, len, s->pubkey))
return ASASL_FAIL;
return ASASL_DONE;
}
bool elliptic_curve_key::verify(hash_digest hash, const data_chunk& signature)
{
BITCOIN_ASSERT(key_ != nullptr);
// SSL likes a reversed hash
std::reverse(hash.begin(), hash.end());
// -1 = error, 0 = bad sig, 1 = good
if (ECDSA_verify(0, hash.data(), hash.size(),
signature.data(), signature.size(), key_) == 1)
return true;
return false;
}
void openssl_ec_crypt()
{
BIO *berr;
EC_KEY *key1, *key2;
unsigned int sig_len;
int clen, len1, len2;
EC_builtin_curve *curves;
EC_GROUP *group1, *group2;
const EC_KEY *key3, *key4;
const EC_GROUP *group3, *group4;
const EC_POINT *pubkey1, *pubkey2;
unsigned char shareKey1[COMM_LEN], shareKey2[COMM_LEN];
unsigned char *signature, cont[COMM_LEN] = "123456";
key1 = EC_KEY_new();
key2 = EC_KEY_new();
clen = EC_get_builtin_curves(NULL, 0);
curves = (EC_builtin_curve *) malloc(sizeof(EC_builtin_curve) * clen);
EC_get_builtin_curves(curves, clen);
group1 = EC_GROUP_new_by_curve_name(curves[25].nid);
group2 = EC_GROUP_new_by_curve_name(curves[25].nid);
group3 = group1;
group4 = group2;
EC_KEY_set_group(key1, group3);
EC_KEY_set_group(key2, group4);
EC_KEY_generate_key(key1);
EC_KEY_generate_key(key2);
EC_KEY_check_key(key1);
key3 = key1;
key4 = key2;
printf("\nECDSA_size: %d\n", ECDSA_size(key3));
signature = (unsigned char *)malloc(ECDSA_size(key3));
ERR_load_crypto_strings();
berr = BIO_new(BIO_s_file());
BIO_set_fp(berr, stdout, BIO_NOCLOSE);
ECDSA_sign(0, cont, 8, signature, &sig_len, key1);
ECDSA_verify(0, cont, 8, signature, sig_len, key1);
pubkey1 = EC_KEY_get0_public_key(key1);
pubkey2 = EC_KEY_get0_public_key(key2);
len1 = ECDH_compute_key(shareKey1, COMM_LEN, pubkey2, key1, NULL);
len2 = ECDH_compute_key(shareKey2, COMM_LEN, pubkey1, key1, NULL);
if (len1 != len2 || memcmp(shareKey1, shareKey2, len1) != 0) {
printf("ECDH_compute_key err!\n");
return;
}
BIO_free(berr);
EC_KEY_free(key1);
EC_KEY_free(key2);
free(signature);
free(curves);
}
// Credit: https://github.com/ppcoin/ppcoin/pull/101/files
bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSigParam)
{
// Prevent the problem described here:
// https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-July/009697.html
// by removing the extra length bytes
std::vector<unsigned char> vchSig(vchSigParam.begin(), vchSigParam.end());
if (vchSig.size() > 1 && vchSig[1] & 0x80)
{
unsigned char nLengthBytes = vchSig[1] & 0x7f;
if (vchSig.size() < 2 + nLengthBytes)
return false;
if (nLengthBytes > 4)
{
unsigned char nExtraBytes = nLengthBytes - 4;
for (unsigned char i = 0; i < nExtraBytes; i++)
if (vchSig[2 + i])
return false;
vchSig.erase(vchSig.begin() + 2, vchSig.begin() + 2 + nExtraBytes);
vchSig[1] = 0x80 | (nLengthBytes - nExtraBytes);
}
}
if (vchSig.empty())
return false;
// New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.
unsigned char *norm_der = NULL;
ECDSA_SIG *norm_sig = ECDSA_SIG_new();
const unsigned char* sigptr = &vchSig[0];
assert(norm_sig);
if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL)
{
/* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on
* error. But OpenSSL's own use of this function redundantly frees the
* result. As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a
* clear contract for the function behaving the same way is more
* conservative.
*/
ECDSA_SIG_free(norm_sig);
return false;
}
int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);
ECDSA_SIG_free(norm_sig);
if (derlen <= 0)
return false;
// -1 = error, 0 = bad sig, 1 = good
bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
OPENSSL_free(norm_der);
return ret;
}
int
ndn_EcPublicKey_verifyWithSha256
(const struct ndn_EcPublicKey *self, const uint8_t *signature,
size_t signatureLength, const uint8_t *data, size_t dataLength)
{
// Set digest to the digest of the signed portion of the signedBlob.
uint8_t digest[ndn_SHA256_DIGEST_SIZE];
ndn_digestSha256(data, dataLength, digest);
return ECDSA_verify
(NID_sha256, digest, sizeof(digest), (uint8_t *)signature, signatureLength,
self->publicKey) == 1;
}
static int pkey_ec_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen,
const uint8_t *tbs, size_t tbslen) {
int type;
EC_PKEY_CTX *dctx = ctx->data;
EC_KEY *ec = ctx->pkey->pkey.ec;
type = NID_sha1;
if (dctx->md) {
type = EVP_MD_type(dctx->md);
}
return ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
}
static BOOL SATOSHI_SCRIPT_checksig(SATOSHI_OP_STACK_t * s, const unsigned char * message, uint32_t cbMessage)
{
BOOL rc = FALSE;
if(NULL == message || cbMessage == 0) return FALSE;
SATOSHI_OP_STACK_DATA_t * pubkey = NULL, * sig = NULL;
pubkey = SATOSHI_OP_STACK_pop(s);
sig = SATOSHI_OP_STACK_pop(s);
if(NULL == pubkey || NULL == sig)
{
if(NULL != pubkey) SATOSHI_OP_STACK_DATA_free(pubkey);
if(NULL != sig) SATOSHI_OP_STACK_DATA_free(sig);
return FALSE;
}
// verify sig
EC_KEY * p_key = EC_KEY_new_by_curve_name(NID_secp256k1);
BN_CTX * ctx = BN_CTX_new();
assert(NULL != p_key && NULL != ctx);
const EC_GROUP * G = EC_KEY_get0_group(p_key);
EC_POINT * Q = EC_POINT_new(G);
EC_POINT_oct2point(G, Q, pubkey->data, pubkey->cb, ctx);
EC_KEY_set_public_key(p_key, Q);
rc = ECDSA_verify(0, message, cbMessage, sig->data, sig->cb, p_key);
if(rc != 1)
{
if(-1 == rc)
{
// openssl error.
ERR_print_errors_fp(stderr);
}
rc = 0;
}
if(rc)
{
SATOSHI_OP_STACK_push_boolean(s, rc, sizeof(BOOL));
}
EC_KEY_free(p_key);
BN_CTX_free(ctx);
SATOSHI_OP_STACK_DATA_free(pubkey);
SATOSHI_OP_STACK_DATA_free(sig);
return rc;
}
bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSigParam)
{
// Fix invalid signature with crafted length by removing extra length bytes
std::vector<unsigned char> vchSig(vchSigParam.begin(), vchSigParam.end());
if (vchSig.size() > 1 && vchSig[1] & 0x80)
{
unsigned char nLengthBytes = vchSig[1] & 0x7f;
if (vchSig.size() < 2 + nLengthBytes) // Avoid invalid memory access on crafted signature
return false;
if (nLengthBytes > 4)
{
unsigned char nExtraBytes = nLengthBytes - 4;
for (unsigned char i = 0; i < nExtraBytes; i++)
if (vchSig[2 + i])
return false;
vchSig.erase(vchSig.begin() + 2, vchSig.begin() + 2 + nExtraBytes);
vchSig[1] = 0x80 | (nLengthBytes - nExtraBytes);
}
}
if (vchSig.empty())
return false;
// New versions of OpenSSL will reject non-canonical DER signatures. De/re-serialize first.
unsigned char *norm_der = NULL;
ECDSA_SIG *norm_sig = ECDSA_SIG_new();
const unsigned char* sigptr = &vchSig[0];
assert(norm_sig);
if (d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size()) == NULL)
{
/* As of OpenSSL 1.0.0p d2i_ECDSA_SIG frees and nulls the pointer on error.
* But OpenSSL's own use of this function redundantly frees the result.
* As ECDSA_SIG_free(NULL) is a no-op, and in the absence of a clear contract for the function behaving the same way is more conservative. */
ECDSA_SIG_free(norm_sig);
return false;
}
int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);
ECDSA_SIG_free(norm_sig);
if (derlen <= 0)
return false;
// -1 = error, 0 = bad sig, 1 = good
bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
OPENSSL_free(norm_der);
return ret;
}
TEST_F(KeymasterTest, SignData_EC_Success) {
uint8_t* key_blob;
size_t key_blob_length;
UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1));
ASSERT_TRUE(testKey.get() != NULL);
ASSERT_EQ(0,
sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
&key_blob, &key_blob_length))
<< "Should successfully import an EC key";
UniqueKey key(&sDevice, key_blob, key_blob_length);
keymaster_ec_sign_params_t params = {
.digest_type = DIGEST_NONE,
};
uint8_t* sig;
size_t sig_length;
UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
ASSERT_TRUE(testData.get() != NULL);
ASSERT_EQ(0,
sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
testData.get(), testData.length(),
&sig, &sig_length))
<< "Should sign data successfully";
UniqueBlob sig_blob(sig, sig_length);
uint8_t* x509_data;
size_t x509_data_length;
ASSERT_EQ(0,
sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
&x509_data, &x509_data_length))
<< "Should be able to retrieve RSA public key successfully";
UniqueBlob x509_blob(x509_data, x509_data_length);
const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
Unique_EVP_PKEY expected(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
static_cast<long>(x509_blob.length())));
Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(expected.get()));
ASSERT_EQ(1, ECDSA_verify(0, testData.get(), testData.length(), sig_blob.get(), sig_blob.length(), ecKey.get()))
<< "Signature should verify";
}
bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSig)
{
// New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.
unsigned char *norm_der = NULL;
ECDSA_SIG *norm_sig = ECDSA_SIG_new();
const unsigned char* sigptr = &vchSig[0];
d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size());
int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);
ECDSA_SIG_free(norm_sig);
if (derlen <= 0)
return false;
// -1 = error, 0 = bad sig, 1 = good
bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
OPENSSL_free(norm_der);
return ret;
}
static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen)
{
int ret, type;
EC_PKEY_CTX *dctx = ctx->data;
EC_KEY *ec = ctx->pkey->pkey.ec;
if (dctx->md)
type = EVP_MD_type(dctx->md);
else
type = NID_sha1;
ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
return ret;
}
static int s2n_ecdsa_verify(const struct s2n_pkey *pub, struct s2n_hash_state *digest, struct s2n_blob *signature)
{
const s2n_ecdsa_public_key *key = &pub->key.ecdsa_key;
notnull_check(key->ec_key);
uint8_t digest_length;
GUARD(s2n_hash_digest_size(digest->alg, &digest_length));
lte_check(digest_length, S2N_MAX_DIGEST_LEN);
uint8_t digest_out[S2N_MAX_DIGEST_LEN];
GUARD(s2n_hash_digest(digest, digest_out, digest_length));
/* ECDSA_verify ignores the first parameter */
GUARD_OSSL(ECDSA_verify(0, digest_out, digest_length, signature->data, signature->size, key->ec_key), S2N_ERR_VERIFY_SIGNATURE);
GUARD(s2n_hash_reset(digest));
return 0;
}
int VNEcdsa_ORG_Verify( const VNAsymCryptCtx_t * ctx,
const unsigned char * signText, int length,
const struct vn_iovec * plainText )
{
int ret = 0;
VNEcdsa_ORG_Ctx_t * orgCtx = VN_CONTAINER_OF( ctx, VNEcdsa_ORG_Ctx_t, mCtx );
assert( VN_TYPE_VNEcdsaSign_ORG == ctx->mType );
ret = ECDSA_verify( 0, plainText->i.iov_base, plainText->i.iov_len,
signText, length, orgCtx->mEcKey );
if( 1 != ret )
{
char buff[ 1024 ] = { 0 };
printf( "ECDSA_sign %d, %s\n", ret, ERR_error_string( ERR_get_error(), buff ) );
}
return 1 == ret ? 0 : -1;
}
static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
const unsigned char *sig, size_t siglen,
const unsigned char *dgst, size_t dgstlen)
{
int ret, type;
EC_PKEY_CTX *dctx = ctx->data;
EC_KEY *ec_key = ctx->pkey->pkey.ec;
if (dctx->md)
type = EVP_MD_type(dctx->md);
else
type = NID_sha1;
if (dctx->sign_type == NID_sm2sign)
ret = SM2_verify(type, dgst, dgstlen, sig, siglen, ec_key);
else
ret = ECDSA_verify(type, dgst, dgstlen, sig, siglen, ec_key);
return ret;
}
STDMETHODIMP CBECC::DSAVerify(VARIANT varData, VARIANT varSig, VARIANT_BOOL *retVal)
{
if(m_pECC == NULL)return E_NOTIMPL;
if (!EC_KEY_check_key((EC_KEY*)m_pECC))
return E_NOTIMPL;
CBVarPtr varPtrData, varPtrSig;
HRESULT hr = varPtrData.Attach(varData);
if(FAILED(hr))return hr;
hr = varPtrSig.Attach(varSig);
if(FAILED(hr))return hr;
int n = ECDSA_verify(0, varPtrData.m_pData, varPtrData.m_nSize, varPtrSig.m_pData, varPtrSig.m_nSize, (EC_KEY*)m_pECC);
if (n == -1)
return E_INVALIDARG;
*retVal = n ? VARIANT_TRUE : VARIANT_FALSE;
return S_OK;
}
static int verify_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params,
const uint8_t* signedData, const size_t signedDataLength,
const uint8_t* signature, const size_t signatureLength) {
if (sign_params->digest_type != DIGEST_NONE) {
ALOGW("Cannot handle digest type %d", sign_params->digest_type);
return -1;
}
Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
if (eckey.get() == NULL) {
logOpenSSLError("openssl_verify_ec");
return -1;
}
if (ECDSA_verify(0, signedData, signedDataLength, signature, signatureLength, eckey.get()) <=
0) {
logOpenSSLError("openssl_verify_ec");
return -1;
}
return 0;
}
ERL_NIF_TERM ucrypto_ec_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
{
struct ec_key_handle *handle = NULL;
ErlNifBinary data;
ErlNifBinary signature;
if (! enif_get_resource(env, argv[0], ec_key_resource, (void **)&handle))
return enif_make_badarg(env);
if (! enif_inspect_iolist_as_binary(env, argv[1], &data))
return enif_make_badarg(env);
if (! enif_inspect_iolist_as_binary(env, argv[2], &signature))
return enif_make_badarg(env);
if (! handle->key)
return enif_make_tuple2(env, ATOM_ERROR, ATOM_UNINITIALIZED_KEY);
if (1 == ECDSA_verify(0, data.data, data.size, signature.data, signature.size, handle->key))
return ATOM_TRUE;
return ATOM_FALSE;
}
static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen)
{
int ret, type;
EC_PKEY_CTX *dctx = ctx->data;
EC_KEY *ec = ctx->pkey->pkey.ec;
if (dctx->md)
type = EVP_MD_type(dctx->md);
else
type = NID_sha1;
#ifndef OPENSSL_NO_SM2
if (dctx->ec_scheme == NID_sm_scheme)
ret = SM2_verify(NID_undef, tbs, tbslen, sig, siglen, ec);
else
#endif
ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
return ret;
}
