int key_verify(struct key *k, u_char *msg, int mlen, u_char *sig, int slen) { switch (k->type) { case KEY_RSA: if (RSA_verify(NID_sha1, msg, mlen, sig, slen, (RSA *)k->data) <= 0) { fprintf(stderr, "RSA verification failed\n"); return (-1); } break; case KEY_DSA: if (DSA_verify(NID_sha1, msg, mlen, sig, slen, (DSA *)k->data) <= 0) { fprintf(stderr, "DSA verification failed\n"); return (-1); } break; default: fprintf(stderr, "Unknown key type: %d\n", k->type); return (-1); } return (slen); }
void openssl_dsa_crypt() { DSA *d; unsigned int size, len; unsigned char inputs[COMM_LEN] = "dsa crypt"; unsigned char outputs[MAX1_LEN] = { 0 }; printf("\nDSA generate key:\n"); d = DSA_new(); DSA_generate_parameters_ex(d, LINE_LEN, NULL, 0, NULL, NULL, NULL); DSA_generate_key(d); DSA_print_fp(stdout, d, 0); DSA_sign(NID_md5_sha1, inputs, 20, outputs, &len, d); printf("DSA_sign(%s) = ", inputs); for (size = 0; size < len; size++) printf("%.02x", outputs[size]); printf("\n"); DSA_verify(NID_md5_sha1, inputs, 20, outputs, len, d); printf("DSA_verify("); for (size = 0; size < len; size++) printf("%.02x", outputs[size]); printf(") = %s\n", inputs); DSA_free(d); }
/** Verifies a DSA signature to ensure it matches the specified digest. * * @param[in] key - The verifying key. * @param[in] digest - The digest buffer to be verified. * @param[in] digestlen - The length of @p digest. * @param[in] signature - The ASN.1 DER encoded signature. * @param[in] signaturelen - The length of @p signature. * * @return True (1) if the signature is value; False (0) if not. */ int SLPCryptoDSAVerify(SLPCryptoDSAKey * key, const unsigned char * digest, int digestlen, const unsigned char * signature, int signaturelen) { /* it does not look like the type param is used? */ /* broken DSA_verify() declaration */ return DSA_verify(0, digest, digestlen, (unsigned char *)signature, signaturelen, key); }
static int dsa_test(void) { BN_GENCB *cb; DSA *dsa = NULL; int counter, ret = 0, i, j; unsigned char buf[256]; unsigned long h; unsigned char sig[256]; unsigned int siglen; const BIGNUM *p = NULL, *q = NULL, *g = NULL; if (!TEST_ptr(cb = BN_GENCB_new())) goto end; BN_GENCB_set(cb, dsa_cb, NULL); if (!TEST_ptr(dsa = DSA_new()) || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, cb))) goto end; if (!TEST_int_eq(counter, 105)) goto end; if (!TEST_int_eq(h, 2)) goto end; DSA_get0_pqg(dsa, &p, &q, &g); i = BN_bn2bin(q, buf); j = sizeof(out_q); if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i)) goto end; i = BN_bn2bin(p, buf); j = sizeof(out_p); if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i)) goto end; i = BN_bn2bin(g, buf); j = sizeof(out_g); if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i)) goto end; DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa))) ret = 1; end: DSA_free(dsa); BN_GENCB_free(cb); return ret; }
int main() { DSA *key; FILE *fp1, *fp2; unsigned char digest[8] = "1234567"; int siglen; unsigned char signature[1000]; int retcode; key = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL); if (key == NULL) { printf("\nFailed to generate parameters\n"); exit(1); } fp1 = fopen("params.dat", "w"); DSAparams_print_fp(fp1, key); fclose(fp1); DSA_generate_key(key); if (key == NULL) { printf("\nFailed to generate key\n"); exit(1); } fp2 = fopen("key.dat", "w"); DSA_print_fp(fp2, key, 0); fclose(fp2); retcode = DSA_sign(0, digest, 8, signature, &siglen, key); if (retcode == 0) { printf("\n *** Error in signing ***\n\n"); exit(1); } printf("\n%s\n",signature); retcode = DSA_verify(0, digest, 8, signature, siglen, key); if (retcode == 1) printf("\n *** Valid signature ***\n\n"); if (retcode == 0) printf("\n *** Incorrect signature ***\n\n"); if (retcode == -1) printf("\n *** Error in verifying ***\n\n"); DSA_free(key); return 0; }
int main(int argc, char **argv) { DSA *dsa; unsigned char* input_string; unsigned char* sign_string; unsigned int sig_len; unsigned int i; if ( argc != 2 ) { fprintf(stderr, "%s <plain text>\n", argv[0]); exit(-1); } input_string = (unsigned char*)calloc(strlen(argv[1]) + 1, sizeof(unsigned char)); if ( input_string == NULL ) { fprintf(stderr, "Unable to allocate memory for input_string\n"); exit(-1); } strncpy((char *)input_string, argv[1], strlen(argv[1])); dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL); DSA_generate_key(dsa); sign_string = (unsigned char *)calloc(DSA_size(dsa), sizeof(unsigned char)); if ( sign_string == NULL ) { fprintf(stderr, "Unable to allocate memory for sign_string\n"); exit(-1); } if ( DSA_sign(0, input_string, strlen((char *)input_string), sign_string, &sig_len, dsa) == 0 ) { fprintf(stderr, "Sign error\n"); exit(-1); } int is_valid_signature = DSA_verify(0, input_string, strlen((char*)input_string), sign_string, sig_len, dsa); DSAparams_print_fp(stdout, dsa); printf("input_string = %s\n", input_string); printf("signed string = "); for ( i = 0; i < sig_len; i++ ) printf("%x%x", (sign_string[i] >> 4) & 0xf, sign_string[i] & 0xf); printf("\n"); printf("is_valid_signature? = %d\n", is_valid_signature); return 0; }
static int fips_check_dsa(DSA *dsa) { static const unsigned char str1[]="12345678901234567890"; unsigned char sig[256]; unsigned int siglen; DSA_sign(0, str1, 20, sig, &siglen, dsa); if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1) { FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED); return 0; } return 1; }
int lm_verify(unsigned char *msg,int msglen,unsigned char *psign,int siglen) { int i; DSA *dsa; int rv; unsigned char pubkey[] = { 0x1c,0x54,0xc4,0xe7,0x22,0xdb,0xe8,0xf1,0x92,0x8a,0x7d,0xbb,0xa9,0x8f,0x4d,0x2f,0x58,0xf4,0x9c,0x3f,0x43,0xc3,0x33,0xf6,0x44,0xdb,0xb5,0xe4,0x1e,0x32,0x30,0x19,0x04,0x26,0x9c,0x46,0x23,0x2f,0x9b,0x79,0xc7,0x24,0x33,0x76,0x8c,0x01,0x1c,0x36,0xbc,0xb9,0x8d,0x9f,0x93,0xca,0x51,0x8a,0x6a,0xe6,0xe5,0x2c,0x95,0xe4,0xea,0xa8,0xbb,0x4e,0x22,0x85,0x39,0x3b,0xa7,0x0d,0x60,0xe3,0x4d,0x21,0x02,0xb3,0x7f,0xb3,0x8b,0xfa,0x8f,0x7e,0xf3,0x13,0xbe,0x9a,0xa8,0x36,0x99,0xb5,0x9d,0x0c,0x7a,0xeb,0x4c,0xc8,0x6d,0x56,0x9a,0xfc,0x3b,0xe8,0xb9,0xba,0xd4,0x44,0x42,0x3b,0x5b,0xab,0x5b,0xb0,0x20,0xb1,0x9f,0xc2,0x44,0x76,0x56,0x6c,0x2b,0xd8,0x3d,0xb4,0x17,0xf5 }; unsigned char P[] = { 0x00,0x88,0xba,0x41,0x3b,0xfc,0x42,0x43,0x61,0x1f,0x2e,0x29,0x06,0xf6,0xb9,0xf6,0x7d,0x39,0x3d,0xa1,0xe0,0x3b,0xb5,0x97,0x3d,0x65,0xa8,0x53,0xe4,0xb8,0x8d,0x4f,0x15,0x86,0xe5,0x80,0x6d,0x38,0x3b,0xa5,0x04,0x3d,0x8f,0x27,0x1c,0x18,0x64,0x56,0x9b,0x21,0xa1,0xc9,0xcd,0x9e,0x9c,0x1d,0x47,0x03,0xd3,0xa1,0x28,0x72,0xe2,0x60,0x4d,0x69,0x78,0x9a,0x9f,0x95,0x89,0x7c,0x60,0xc9,0x21,0x67,0x19,0xc5,0xae,0x08,0x66,0x75,0xa0,0xbd,0xe6,0x22,0xfa,0xf8,0x5c,0x6c,0xfc,0x5a,0x97,0x69,0xf2,0x74,0x36,0x71,0xc2,0x11,0x05,0xff,0xac,0x18,0xdf,0x69,0x02,0x08,0xd5,0x5e,0x4f,0x51,0xa6,0x28,0x58,0xeb,0x6f,0x59,0xad,0x35,0xed,0x23,0x3c,0xf8,0x3b,0x35,0x42,0x6a,0x71}; unsigned char Q[] = {00,0xc3,0x19,0x31,0x76,0xb2,0xe4,0xa8,0x1e,0x9e,0xc7,0x7b,0x07,0x0b,0xdc,0x77,0xab,0x9d,0xda,0x31,0x65}; unsigned char G[] = { 0x0b,0x61,0x3c,0xee,0x68,0x48,0x61,0xfe,0x00,0x40,0xfe,0xb9,0xa5,0xbd,0x6a,0xa5,0x6e,0xb4,0x92,0x7c,0x4b,0x36,0x90,0xa0,0x49,0x3a,0xa3,0x52,0xa5,0xd1,0xb5,0xfa,0x3d,0x50,0xd1,0x62,0x23,0xa1,0xfc,0x9d,0x1e,0xc6,0x05,0xba,0x14,0x96,0x4c,0x18,0x7a,0x7e,0x81,0x37,0xd5,0xe9,0xc5,0x40,0x44,0x84,0xac,0x75,0x25,0xea,0xbe,0x6f,0x48,0xf8,0xf5,0x29,0xc0,0xd2,0xd9,0xad,0x64,0xad,0x1a,0x0f,0x6f,0xc7,0x2e,0x76,0x2e,0x61,0x1f,0xf9,0x20,0xe9,0x01,0x3f,0xe1,0x86,0x06,0xf0,0x92,0x15,0xe4,0xc7,0x38,0x99,0xde,0x80,0xd4,0x87,0x41,0xb4,0x71,0x64,0x9e,0x5a,0x10,0xd7,0x7a,0xab,0x7a,0x1b,0xff,0xa9,0x19,0xa0,0x4c,0x48,0xfd,0x83,0x81,0x4f,0x04,0x80,0x84,0xe7}; BIGNUM *bn,*bn2,*bnp,*bnq,*bng; long publen = sizeof(pubkey); int dummy=0; /* the value is ignored*/ unsigned char md[SHA_DIGEST_LENGTH]; SHA1(msg, (unsigned long ) msglen,md); bn = BN_bin2bn(pubkey,publen,NULL); bnp = BN_bin2bn(P,sizeof(P),NULL); bnq = BN_bin2bn(Q,sizeof(Q),NULL); bng = BN_bin2bn(G,sizeof(G),NULL); dsa = DSA_new(); /* dsa->priv_key = bn;*/ dsa->p = bnp; dsa->q = bnq; dsa->g = bng; dsa->pub_key = bn; rv = DSA_verify(dummy,md,SHA_DIGEST_LENGTH,psign,siglen,dsa); if(rv == 1) { /* printf("sign verified");*/ DSA_free(dsa); return 0; } else if (rv == 0) { fprintf(stderr,"Sign incorrect\n"); } else fprintf(stderr,"Verify error\n"); DSA_free(dsa); return -1; }
static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) { int ret; DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) return 0; ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); return ret; }
static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) { int ret, type; DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; if (dctx->md) type = EVP_MD_type(dctx->md); else type = NID_sha1; ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); return ret; }
/** valid_dsa_sig Given some data, the data length, the public key, the public key length, and the 48-byte signature, we verify it and return 1 for true and 0 for false, or -1 for error. */ int valid_dsa_sig(const void *data, int dlen, const char sig[48]) { int r; char hash[20]; SHA1(data, dlen, hash); r = DSA_verify(0xdecafbad, hash, 20, sig, 48, dispatch); if(!r) { print_loc(); io_err("Couldn't verify signature! Info follows:\n"); io_debug("Hexdump of signature:\n"); io_hexdump(stdout, sig, 48); io_debug("\nHexdump of data follows:\n"); io_hexdump(stdout, data, dlen); } return r; }
static void check_license_signature(license_raw *lptr) { unsigned char message_digest[SHA_DIGEST_LENGTH]; SHA_CTX sha_ctx; DSA *dsa = DSA_new(); SHA1_Init(&sha_ctx); SHA1_Update(&sha_ctx, lptr, sizeof(*lptr) - sizeof(lptr->dsa_signature)); SHA1_Final(message_digest, &sha_ctx); dsa->p = BN_bin2bn(dsa_p, sizeof(dsa_p), NULL); dsa->q = BN_bin2bn(dsa_q, sizeof(dsa_q), NULL); dsa->g = BN_bin2bn(dsa_g, sizeof(dsa_g), NULL); dsa->pub_key = BN_bin2bn(dsa_pub_key, sizeof(dsa_pub_key), NULL); // calculate the right len of the signiture DSA_SIG *temp_sig=DSA_SIG_new(); int siglen = -1; const unsigned char *data =lptr->dsa_signature; if (temp_sig == NULL || d2i_DSA_SIG(&temp_sig,&data,sizeof(lptr->dsa_signature)) == NULL){ fprintf(stderr, "License signature verification failed: %s\n", ERR_error_string(ERR_get_error(), NULL)); exit(EXIT_FAILURE); } unsigned char *tmp_buff= NULL; siglen = i2d_DSA_SIG(temp_sig, &tmp_buff); OPENSSL_cleanse(tmp_buff, siglen); OPENSSL_free(tmp_buff); DSA_SIG_free(temp_sig); switch(DSA_verify(0, message_digest, sizeof(message_digest), lptr->dsa_signature, siglen, dsa)) { case 0: fputs("License file is corrupted: invalid DSA signature.\n", stderr); exit(EXIT_FAILURE); case 1: break; /* valid signature */ default: fprintf(stderr, "License signature verification failed: %s\n", ERR_error_string(ERR_get_error(), NULL)); exit(EXIT_FAILURE); } DSA_free(dsa); }
bool xr_dsa::verify (public_key_t const & pub_key, u8 const * data, u32 const data_size, shared_str const & dsign) { BN_bin2bn(pub_key.m_value, sizeof(pub_key.m_value), m_dsa->pub_key); BIGNUM* tmp_bn = NULL; BN_hex2bn (&tmp_bn, dsign.c_str()); int sig_size = tmp_bn->top * sizeof(unsigned long); u8* sig_buff = static_cast<u8*>(_alloca(sig_size)); VERIFY (sig_size == DSA_size(m_dsa)); BN_bn2bin (tmp_bn, sig_buff); bool ret = DSA_verify (0, data, data_size, sig_buff, sig_size, m_dsa) == 1 ? true : false; BN_free(tmp_bn); return ret; }
/* DSA: generate key and sign a known digest, then verify the signature * against the digest */ static int FIPS_dsa_test() { DSA *dsa = NULL; unsigned char dgst[] = "etaonrishdlc"; unsigned char sig[256]; unsigned int siglen; ERR_clear_error(); dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL); if (!dsa) return 0; if (!DSA_generate_key(dsa)) return 0; if ( DSA_sign(0,dgst,sizeof(dgst) - 1,sig,&siglen,dsa) != 1 ) return 0; if ( DSA_verify(0,dgst,sizeof(dgst) - 1,sig,siglen,dsa) != 1 ) return 0; DSA_free(dsa); return 1; }
int32_t CryptoNative_DsaVerify( DSA* dsa, const uint8_t* hash, int32_t hashLength, uint8_t* signature, int32_t signatureLength) { int32_t success = DSA_verify(0, hash, hashLength, signature, signatureLength, dsa); if (success != 1) { if (success == -1) { // Clear the queue, as we don't check the error information. // Managed caller expects the error queue to be cleared in case of error. ERR_clear_error(); } return 0; } return 1; }
static int verify_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params, const uint8_t* signedData, const size_t signedDataLength, const uint8_t* signature, const size_t signatureLength) { if (sign_params->digest_type != DIGEST_NONE) { ALOGW("Cannot handle digest type %d", sign_params->digest_type); return -1; } Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey)); if (dsa.get() == NULL) { logOpenSSLError("openssl_verify_dsa"); return -1; } if (DSA_verify(0, signedData, signedDataLength, signature, signatureLength, dsa.get()) <= 0) { logOpenSSLError("openssl_verify_dsa"); return -1; } return 0; }
static int test_verify(const uint8_t *sig, size_t sig_len, int expect) { int ok = 0; DSA *dsa = get_fips_dsa(); if (dsa == NULL) { goto end; } int ret = DSA_verify(0, fips_digest, sizeof(fips_digest), sig, sig_len, dsa); if (ret != expect) { BIO_printf(bio_err, "DSA_verify returned %d, want %d\n", ret, expect); goto end; } ok = 1; /* Clear any errorrs from a test with expected failure. */ ERR_clear_error(); end: if (dsa != NULL) { DSA_free(dsa); } return ok; }
void dsasha1_sigverify(val_context_t * ctx, const u_char *data, size_t data_len, const val_dnskey_rdata_t * dnskey, const val_rrsig_rdata_t * rrsig, val_astatus_t * key_status, val_astatus_t * sig_status) { char buf[1028]; size_t buflen = 1024; DSA *dsa = NULL; u_char sha1_hash[SHA_DIGEST_LENGTH]; u_char sig_asn1[2+2*(3+SHA_DIGEST_LENGTH)]; val_log(ctx, LOG_DEBUG, "dsasha1_sigverify(): parsing the public key..."); if ((dsa = DSA_new()) == NULL) { val_log(ctx, LOG_INFO, "dsasha1_sigverify(): could not allocate dsa structure."); *key_status = VAL_AC_INVALID_KEY; return; }; if (dsasha1_parse_public_key (dnskey->public_key, dnskey->public_key_len, dsa) != VAL_NO_ERROR) { val_log(ctx, LOG_INFO, "dsasha1_sigverify(): Error in parsing public key."); DSA_free(dsa); *key_status = VAL_AC_INVALID_KEY; return; } memset(sha1_hash, 0, SHA_DIGEST_LENGTH); SHA1(data, data_len, sha1_hash); val_log(ctx, LOG_DEBUG, "dsasha1_sigverify(): SHA-1 hash = %s", get_hex_string(sha1_hash, SHA_DIGEST_LENGTH, buf, buflen)); val_log(ctx, LOG_DEBUG, "dsasha1_sigverify(): verifying DSA signature..."); /* * Fix: courtesy tom.fowler * First convert the signature into its DER representation * 0x30, 0x2E, - ASN1 sequence * 0x02, 0x15, - ASN integer, length 21 bytes * 0x00, <R bytes> - 1 + 20 bytes per 2536 * 0x02, 0x15, - ASN integer * 0x00, <S bytes> - 1 + 20 bytes per 2536 */ if (rrsig->signature_len < (1 + 2*SHA_DIGEST_LENGTH)) { /* dont have enough data */ val_log(ctx, LOG_INFO, "dsasha1_sigverify(): Error parsing DSA rrsig."); DSA_free(dsa); *sig_status = VAL_AC_INVALID_RRSIG; return; } memcpy(sig_asn1, "\x30\x2E\x02\x15\x00", 5); memcpy(sig_asn1+5, rrsig->signature+1, SHA_DIGEST_LENGTH); memcpy(sig_asn1+5+SHA_DIGEST_LENGTH, "\x02\x15\x00", 3); memcpy(sig_asn1+5+SHA_DIGEST_LENGTH+3, rrsig->signature+1+SHA_DIGEST_LENGTH, SHA_DIGEST_LENGTH); if (DSA_verify (NID_sha1, (u_char *) sha1_hash, SHA_DIGEST_LENGTH, sig_asn1, sizeof(sig_asn1), dsa) == 1) { val_log(ctx, LOG_INFO, "dsasha1_sigverify(): returned SUCCESS"); DSA_free(dsa); *sig_status = VAL_AC_RRSIG_VERIFIED; } else { val_log(ctx, LOG_INFO, "dsasha1_sigverify(): returned FAILURE"); DSA_free(dsa); *sig_status = VAL_AC_RRSIG_VERIFY_FAILED; } return; }
void xr_dsa::generate_params() { int counter; unsigned long long_ret; string256 random_string; xr_sprintf (random_string, "%I64d_%s", CPU::QPC(), rnd_seed); //sprintf_s (random_string, "%s", rnd_seed); unsigned char* rnd_seed = static_cast<unsigned char*>((void*)random_string); unsigned int rnd_ssize = xr_strlen(random_string); DSA* tmp_dsa_params = DSA_generate_parameters( key_bit_length, rnd_seed, rnd_ssize, &counter, &long_ret, dsa_genparams_cb, NULL ); DSA_generate_key (tmp_dsa_params); VERIFY (tmp_dsa_params->p->top * sizeof(u32) == public_key_length); VERIFY (tmp_dsa_params->q->top * sizeof(u32) == private_key_length); VERIFY (tmp_dsa_params->g->top * sizeof(u32) == public_key_length); VERIFY (tmp_dsa_params->pub_key->top * sizeof(u32) == public_key_length); VERIFY (tmp_dsa_params->priv_key->top * sizeof(u32)== private_key_length); Msg("// DSA params "); Msg("u8 const p_number[crypto::xr_dsa::public_key_length] = {"); print_big_number (tmp_dsa_params->p); Msg("};//p_number"); Msg("u8 const q_number[crypto::xr_dsa::private_key_length] = {"); print_big_number (tmp_dsa_params->q); Msg("};//q_number"); Msg("u8 const g_number[crypto::xr_dsa::public_key_length] = {"); print_big_number (tmp_dsa_params->g); Msg("};//g_number"); Msg("u8 const public_key[crypto::xr_dsa::public_key_length] = {"); print_big_number (tmp_dsa_params->pub_key); Msg("};//public_key"); u8 priv_bin[private_key_length]; BN_bn2bin (tmp_dsa_params->priv_key, priv_bin); Msg("// Private key:"); for (int i = 0; i < private_key_length; ++i) { Msg(" m_private_key.m_value[%d] = 0x%02x;", i, priv_bin[i]); } u8 debug_digest[] = "this is a test"; u8 debug_bad_digest[] = "this as a test"; u32 siglen = DSA_size(tmp_dsa_params); u8* sig = static_cast<u8*>(_alloca(siglen)); BIGNUM bn_sign; BN_init (&bn_sign); VERIFY (DSA_sign(0, debug_digest, sizeof(debug_digest), sig, &siglen, tmp_dsa_params) == 1); BN_bin2bn (sig, siglen, &bn_sign); shared_str sig_str = BN_bn2hex(&bn_sign); BIGNUM* bn_rsing = NULL; ZeroMemory (sig, siglen); BN_hex2bn (&bn_rsing, sig_str.c_str()); BN_bn2bin (bn_rsing, sig); BN_free (bn_rsing); VERIFY (DSA_verify(0, debug_digest, sizeof(debug_digest), sig, siglen, tmp_dsa_params) == 1); VERIFY (DSA_verify(0, debug_bad_digest, sizeof(debug_bad_digest), sig, siglen, tmp_dsa_params) == 0); DSA_free(tmp_dsa_params); }
int main() { FILE *fp; int len, i; MD5_CTX ctx; unsigned char buf[1000]; unsigned char md5sum[16]; MD5_Init(&ctx); if(!( fp = fopen("input.dat", "rb"))) { printf("\nFailed to open file\n"); return (1); } while((len = fread( buf, 1, sizeof(buf), fp ) ) > 0 ) { MD5_Update(&ctx, buf, len); } MD5_Final(md5sum, &ctx); printf("MD5(input.dat) = "); for( i = 0; i < 16; i++ ) { printf("%02x", md5sum[i]); } printf("\n"); DSA *key; FILE *fp1, *fp2; /*unsigned char digest[8] = "1234567";*/ int siglen; unsigned char signature[1000]; int retcode; key = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL); if (key == NULL) { printf("\nFailed to generate parameters\n"); exit(1); } fp1 = fopen("params.dat", "w"); DSAparams_print_fp(fp1, key); fclose(fp1); DSA_generate_key(key); if (key == NULL) { printf("\nFailed to generate key\n"); exit(1); } fp2 = fopen("key.dat", "w"); DSA_print_fp(fp2, key, 0); fclose(fp2); retcode = DSA_sign(0, md5sum, 8, signature, &siglen, key); if (retcode == 0) { printf("\n *** Error in signing ***\n\n"); exit(1); } FILE *fp3; fp3 = fopen("signature.dat", "w"); fputs(signature, fp3); fclose(fp3); printf("\nSignature of the hash = "); printf("%s\n",signature); retcode = DSA_verify(0, md5sum, 8, signature, siglen, key); if (retcode == 1) printf("\n *** Valid signature ***\n\n"); if (retcode == 0) printf("\n *** Incorrect signature ***\n\n"); if (retcode == -1) printf("\n *** Error in verifying ***\n\n"); DSA_free(key); return 0; }
static int test_generate(void) { BN_GENCB cb; DSA *dsa = NULL; int counter, ok = 0, i, j; uint8_t buf[256]; unsigned long h; uint8_t sig[256]; unsigned int siglen; BIO_printf(bio_out, "test generation of DSA parameters\n"); BN_GENCB_set(&cb, dsa_cb, bio_out); dsa = DSA_new(); if (dsa == NULL || !DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, &cb)) { goto end; } BIO_printf(bio_out, "seed\n"); for (i = 0; i < 20; i += 4) { BIO_printf(bio_out, "%02X%02X%02X%02X ", seed[i], seed[i + 1], seed[i + 2], seed[i + 3]); } BIO_printf(bio_out, "\ncounter=%d h=%ld\n", counter, h); if (counter != 105) { BIO_printf(bio_err, "counter should be 105\n"); goto end; } if (h != 2) { BIO_printf(bio_err, "h should be 2\n"); goto end; } i = BN_bn2bin(dsa->q, buf); j = sizeof(fips_q); if (i != j || memcmp(buf, fips_q, i) != 0) { BIO_printf(bio_err, "q value is wrong\n"); goto end; } i = BN_bn2bin(dsa->p, buf); j = sizeof(fips_p); if (i != j || memcmp(buf, fips_p, i) != 0) { BIO_printf(bio_err, "p value is wrong\n"); goto end; } i = BN_bn2bin(dsa->g, buf); j = sizeof(fips_g); if (i != j || memcmp(buf, fips_g, i) != 0) { BIO_printf(bio_err, "g value is wrong\n"); goto end; } DSA_generate_key(dsa); DSA_sign(0, fips_digest, sizeof(fips_digest), sig, &siglen, dsa); if (DSA_verify(0, fips_digest, sizeof(fips_digest), sig, siglen, dsa) == 1) { ok = 1; } else { BIO_printf(bio_err, "verification failure\n"); } end: if (dsa != NULL) { DSA_free(dsa); } return ok; }
int ssl_test_dsa(int argc, char **argv) { BN_GENCB cb; DSA *dsa=NULL; int counter,ret=0,i,j; unsigned char buf[256]; unsigned long h; unsigned char sig[256]; unsigned int siglen; #ifndef OPENSSL_SYS_WINDOWS bio_err = BIO_new(BIO_s_mem()); if (bio_err == NULL) return(1); #else if (bio_err == NULL) bio_err=BIO_new_fp(OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE); #endif CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ERR_load_crypto_strings(); RAND_seed(rnd_seed, sizeof rnd_seed); TINYCLR_SSL_PRINTF("test generation of DSA parameters\n"); BN_GENCB_set(&cb, dsa_cb, bio_err); if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, &cb)) goto end; TINYCLR_SSL_PRINTF("seed\n"); for (i=0; i<20; i+=4) { TINYCLR_SSL_PRINTF("%02X%02X%02X%02X ", seed[i],seed[i+1],seed[i+2],seed[i+3]); } TINYCLR_SSL_PRINTF("\ncounter=%d h=%ld\n",counter,h); DSA_print(bio_err,dsa,0); if (counter != 105) { TINYCLR_SSL_PRINTF("counter should be 105\n"); goto end; } if (h != 2) { TINYCLR_SSL_PRINTF("h should be 2\n"); goto end; } i=BN_bn2bin(dsa->q,buf); j=sizeof(out_q); if ((i != j) || (TINYCLR_SSL_MEMCMP(buf,out_q,i) != 0)) { TINYCLR_SSL_PRINTF("q value is wrong\n"); goto end; } i=BN_bn2bin(dsa->p,buf); j=sizeof(out_p); if ((i != j) || (TINYCLR_SSL_MEMCMP(buf,out_p,i) != 0)) { TINYCLR_SSL_PRINTF("p value is wrong\n"); goto end; } i=BN_bn2bin(dsa->g,buf); j=sizeof(out_g); if ((i != j) || (TINYCLR_SSL_MEMCMP(buf,out_g,i) != 0)) { TINYCLR_SSL_PRINTF("g value is wrong\n"); goto end; } dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME; DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) ret=1; dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME; DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) ret=1; end: if (!ret) ERR_print_errors(bio_err); if (dsa != NULL) DSA_free(dsa); CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); ERR_free_strings(); CRYPTO_mem_leaks(bio_err); if (bio_err != NULL) { BIO_free(bio_err); bio_err = NULL; } #ifdef OPENSSL_SYS_NETWARE if (!ret) TINYCLR_SSL_PRINTF("ERROR\n"); #endif return(0); }
int main(int argc, char **argv) { BN_GENCB *cb; DSA *dsa = NULL; int counter, ret = 0, i, j; unsigned char buf[256]; unsigned long h; unsigned char sig[256]; unsigned int siglen; BIGNUM *p = NULL, *q = NULL, *g = NULL; if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); CRYPTO_set_mem_debug(1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); RAND_seed(rnd_seed, sizeof rnd_seed); BIO_printf(bio_err, "test generation of DSA parameters\n"); cb = BN_GENCB_new(); if (!cb) goto end; BN_GENCB_set(cb, dsa_cb, bio_err); if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, cb)) goto end; BIO_printf(bio_err, "seed\n"); for (i = 0; i < 20; i += 4) { BIO_printf(bio_err, "%02X%02X%02X%02X ", seed[i], seed[i + 1], seed[i + 2], seed[i + 3]); } BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h); DSA_print(bio_err, dsa, 0); if (counter != 105) { BIO_printf(bio_err, "counter should be 105\n"); goto end; } if (h != 2) { BIO_printf(bio_err, "h should be 2\n"); goto end; } DSA_get0_pqg(dsa, &p, &q, &g); i = BN_bn2bin(q, buf); j = sizeof(out_q); if ((i != j) || (memcmp(buf, out_q, i) != 0)) { BIO_printf(bio_err, "q value is wrong\n"); goto end; } i = BN_bn2bin(p, buf); j = sizeof(out_p); if ((i != j) || (memcmp(buf, out_p, i) != 0)) { BIO_printf(bio_err, "p value is wrong\n"); goto end; } i = BN_bn2bin(g, buf); j = sizeof(out_g); if ((i != j) || (memcmp(buf, out_g, i) != 0)) { BIO_printf(bio_err, "g value is wrong\n"); goto end; } DSA_set_flags(dsa, DSA_FLAG_NO_EXP_CONSTTIME); DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) ret = 1; DSA_clear_flags(dsa, DSA_FLAG_NO_EXP_CONSTTIME); DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) ret = 1; end: if (!ret) ERR_print_errors(bio_err); DSA_free(dsa); BN_GENCB_free(cb); #ifndef OPENSSL_NO_CRYPTO_MDEBUG if (CRYPTO_mem_leaks(bio_err) <= 0) ret = 0; #endif BIO_free(bio_err); bio_err = NULL; EXIT(!ret); }
/* * Verify the signature on an assertion; return SIGRESULT_TRUE is * success, SIGRESULT_FALSE otherwise. */ int keynote_sigverify_assertion(struct assertion *as) { int hashtype, enc, intenc, alg = KEYNOTE_ALGORITHM_NONE, hashlen = 0; unsigned char *sig, *decoded = NULL, *ptr; unsigned char res2[20]; SHA_CTX shscontext; MD5_CTX md5context; int len = 0; DSA *dsa; RSA *rsa; if (as->as_signature == NULL || as->as_startofsignature == NULL || as->as_allbutsignature == NULL || as->as_allbutsignature - as->as_startofsignature <= 0) return SIGRESULT_FALSE; alg = keynote_get_sig_algorithm(as->as_signature, &hashtype, &enc, &intenc); if (alg == KEYNOTE_ALGORITHM_NONE) return SIGRESULT_FALSE; /* Check for matching algorithms */ if ((alg != as->as_signeralgorithm) && !((alg == KEYNOTE_ALGORITHM_RSA) && (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) && !((alg == KEYNOTE_ALGORITHM_X509) && (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) return SIGRESULT_FALSE; sig = strchr(as->as_signature, ':'); /* Move forward to the Encoding. We * are guaranteed to have a ':' * character, since this is a valid * signature */ sig++; switch (hashtype) { case KEYNOTE_HASH_SHA1: hashlen = 20; memset(res2, 0, hashlen); SHA1_Init(&shscontext); SHA1_Update(&shscontext, as->as_startofsignature, as->as_allbutsignature - as->as_startofsignature); SHA1_Update(&shscontext, as->as_signature, (char *) sig - as->as_signature); SHA1_Final(res2, &shscontext); break; case KEYNOTE_HASH_MD5: hashlen = 16; memset(res2, 0, hashlen); MD5_Init(&md5context); MD5_Update(&md5context, as->as_startofsignature, as->as_allbutsignature - as->as_startofsignature); MD5_Update(&md5context, as->as_signature, (char *) sig - as->as_signature); MD5_Final(res2, &md5context); break; case KEYNOTE_HASH_NONE: break; } /* Remove ASCII encoding */ switch (enc) { case ENCODING_NONE: ptr = NULL; break; case ENCODING_HEX: len = strlen(sig) / 2; if (kn_decode_hex(sig, (char **) &decoded) != 0) return -1; ptr = decoded; break; case ENCODING_BASE64: len = strlen(sig); if (len % 4) /* Base64 encoding must be a multiple of 4 */ { keynote_errno = ERROR_SYNTAX; return -1; } len = 3 * (len / 4); decoded = calloc(len, sizeof(unsigned char)); ptr = decoded; if (decoded == NULL) { keynote_errno = ERROR_MEMORY; return -1; } len = kn_decode_base64(sig, decoded, len); if ((len == -1) || (len == 0) || (len == 1)) return -1; break; case ENCODING_NATIVE: if ((decoded = strdup(sig)) == NULL) { keynote_errno = ERROR_MEMORY; return -1; } len = strlen(sig); ptr = decoded; break; default: keynote_errno = ERROR_SYNTAX; return -1; } /* DSA */ if ((alg == KEYNOTE_ALGORITHM_DSA) && (intenc == INTERNAL_ENC_ASN1)) { dsa = (DSA *) as->as_authorizer; if (DSA_verify(0, res2, hashlen, decoded, len, dsa) == 1) { free(ptr); return SIGRESULT_TRUE; } } else /* RSA */ if ((alg == KEYNOTE_ALGORITHM_RSA) && (intenc == INTERNAL_ENC_PKCS1)) { rsa = (RSA *) as->as_authorizer; if (RSA_verify_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen, decoded, len, rsa) == 1) { free(ptr); return SIGRESULT_TRUE; } } else if ((alg == KEYNOTE_ALGORITHM_X509) && (intenc == INTERNAL_ENC_ASN1)) { /* RSA-specific */ rsa = (RSA *) as->as_authorizer; if (RSA_verify(NID_shaWithRSAEncryption, res2, hashlen, decoded, len, rsa) == 1) { free(ptr); return SIGRESULT_TRUE; } } /* Handle more algorithms here */ free(ptr); return SIGRESULT_FALSE; }
static int sign_and_verify(int len) { /* * Per FIPS 186-4, the hash is recommended to be the same length as q. * If the hash is longer than q, the leftmost N bits are used; if the hash * is shorter, then we left-pad (see appendix C.2.1). */ size_t sigLength; int digestlen = BN_num_bytes(DSA_get0_q(dsakey)); int ok = 0; unsigned char *dataToSign = OPENSSL_malloc(len); unsigned char *paddedData = OPENSSL_malloc(digestlen); unsigned char *signature = NULL; EVP_PKEY_CTX *ctx = NULL; EVP_PKEY *pkey = NULL; if (!TEST_ptr(dataToSign) || !TEST_ptr(paddedData) || !TEST_int_eq(RAND_bytes(dataToSign, len), 1)) goto end; memset(paddedData, 0, digestlen); if (len > digestlen) memcpy(paddedData, dataToSign, digestlen); else memcpy(paddedData + digestlen - len, dataToSign, len); if (!TEST_ptr(pkey = EVP_PKEY_new())) goto end; EVP_PKEY_set1_DSA(pkey, dsakey); if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) goto end; if (!TEST_int_eq(EVP_PKEY_sign_init(ctx), 1)) goto end; if (EVP_PKEY_sign(ctx, NULL, &sigLength, dataToSign, len) != 1) { TEST_error("Failed to get signature length, len=%d", len); goto end; } if (!TEST_ptr(signature = OPENSSL_malloc(sigLength))) goto end; if (EVP_PKEY_sign(ctx, signature, &sigLength, dataToSign, len) != 1) { TEST_error("Failed to sign, len=%d", len); goto end; } /* Check that the signature is okay via the EVP interface */ if (!TEST_int_eq(EVP_PKEY_verify_init(ctx), 1)) goto end; /* ... using the same data we just signed */ if (EVP_PKEY_verify(ctx, signature, sigLength, dataToSign, len) != 1) { TEST_error("EVP verify with unpadded length %d failed\n", len); goto end; } /* ... padding/truncating the data to the appropriate digest size */ if (EVP_PKEY_verify(ctx, signature, sigLength, paddedData, digestlen) != 1) { TEST_error("EVP verify with length %d failed\n", len); goto end; } /* Verify again using the raw DSA interface */ if (DSA_verify(0, dataToSign, len, signature, sigLength, dsakey) != 1) { TEST_error("Verification with unpadded data failed, len=%d", len); goto end; } if (DSA_verify(0, paddedData, digestlen, signature, sigLength, dsakey) != 1) { TEST_error("verify with length %d failed\n", len); goto end; } ok = 1; end: EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); OPENSSL_free(signature); OPENSSL_free(paddedData); OPENSSL_free(dataToSign); return ok; }
#ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { j=DSA_verify(pkey->save_type, &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); if (j <= 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE); goto f_err; } } else #endif #ifndef OPENSSL_NO_ECDSA if (pkey->type == EVP_PKEY_EC) { j=ECDSA_verify(pkey->save_type, &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec); if (j <= 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_ECDSA_SIGNATURE); goto f_err; } }
int main(int argc, char **argv) { BN_GENCB *cb; DSA *dsa = NULL; int counter, ret = 0, i, j; unsigned char buf[256]; unsigned long h; unsigned char sig[256]; unsigned int siglen; if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); CRYPTO_set_mem_debug(1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ERR_load_crypto_strings(); RAND_seed(rnd_seed, sizeof rnd_seed); BIO_printf(bio_err, "test generation of DSA parameters\n"); cb = BN_GENCB_new(); if (!cb) goto end; BN_GENCB_set(cb, dsa_cb, bio_err); if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, cb)) goto end; BIO_printf(bio_err, "seed\n"); for (i = 0; i < 20; i += 4) { BIO_printf(bio_err, "%02X%02X%02X%02X ", seed[i], seed[i + 1], seed[i + 2], seed[i + 3]); } BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h); DSA_print(bio_err, dsa, 0); if (counter != 105) { BIO_printf(bio_err, "counter should be 105\n"); goto end; } if (h != 2) { BIO_printf(bio_err, "h should be 2\n"); goto end; } i = BN_bn2bin(dsa->q, buf); j = sizeof(out_q); if ((i != j) || (memcmp(buf, out_q, i) != 0)) { BIO_printf(bio_err, "q value is wrong\n"); goto end; } i = BN_bn2bin(dsa->p, buf); j = sizeof(out_p); if ((i != j) || (memcmp(buf, out_p, i) != 0)) { BIO_printf(bio_err, "p value is wrong\n"); goto end; } i = BN_bn2bin(dsa->g, buf); j = sizeof(out_g); if ((i != j) || (memcmp(buf, out_g, i) != 0)) { BIO_printf(bio_err, "g value is wrong\n"); goto end; } dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME; DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) ret = 1; dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME; DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) ret = 1; end: if (!ret) ERR_print_errors(bio_err); DSA_free(dsa); BN_GENCB_free(cb); CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); ERR_free_strings(); #ifndef OPENSSL_NO_CRYPTO_MDEBUG CRYPTO_mem_leaks(bio_err); #endif BIO_free(bio_err); bio_err = NULL; # ifdef OPENSSL_SYS_NETWARE if (!ret) printf("ERROR\n"); # endif EXIT(!ret); }
int main(int argc, char **argv) { DSA *dsa=NULL; int counter,ret=0,i,j; unsigned char buf[256]; unsigned long h; unsigned char sig[256]; unsigned int siglen; ERR_load_crypto_strings(); RAND_seed(rnd_seed, sizeof rnd_seed); if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); BIO_printf(bio_err,"test generation of DSA parameters\n"); dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err); BIO_printf(bio_err,"seed\n"); for (i=0; i<20; i+=4) { BIO_printf(bio_err,"%02X%02X%02X%02X ", seed[i],seed[i+1],seed[i+2],seed[i+3]); } BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h); if (dsa == NULL) goto end; DSA_print(bio_err,dsa,0); if (counter != 105) { BIO_printf(bio_err,"counter should be 105\n"); goto end; } if (h != 2) { BIO_printf(bio_err,"h should be 2\n"); goto end; } i=BN_bn2bin(dsa->q,buf); j=sizeof(out_q); if ((i != j) || (memcmp(buf,out_q,i) != 0)) { BIO_printf(bio_err,"q value is wrong\n"); goto end; } i=BN_bn2bin(dsa->p,buf); j=sizeof(out_p); if ((i != j) || (memcmp(buf,out_p,i) != 0)) { BIO_printf(bio_err,"p value is wrong\n"); goto end; } i=BN_bn2bin(dsa->g,buf); j=sizeof(out_g); if ((i != j) || (memcmp(buf,out_g,i) != 0)) { BIO_printf(bio_err,"g value is wrong\n"); goto end; } DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) ret=1; end: if (!ret) ERR_print_errors(bio_err); if (dsa != NULL) DSA_free(dsa); ERR_remove_state(0); CRYPTO_mem_leaks(bio_err); if (bio_err != NULL) { BIO_free(bio_err); bio_err = NULL; } exit(!ret); return(0); }
inline void dsa_key::verify(const void* _sign, size_t sign_len, const void* buf, size_t buf_len, int type) const { error::throw_error_if_not(DSA_verify(type, static_cast<const unsigned char*>(buf), static_cast<int>(buf_len), static_cast<const unsigned char*>(_sign), static_cast<int>(sign_len), ptr().get()) != 0); }