From 1284516b6630250a3fc4a2bf8d23e15fede5a77b Mon Sep 17 00:00:00 2001 From: J08nY Date: Sat, 11 Aug 2018 16:08:09 +0200 Subject: Switch Crypto++ to output signatures in DER format. --- .../ectester/standalone/consts/SignatureIdent.java | 6 ---- .../standalone/libs/jni/NativeSignatureSpi.java | 10 +++--- .../crcs/ectester/standalone/libs/jni/cryptopp.cpp | 37 +++++++++++++++------- 3 files changed, 31 insertions(+), 22 deletions(-) diff --git a/src/cz/crcs/ectester/standalone/consts/SignatureIdent.java b/src/cz/crcs/ectester/standalone/consts/SignatureIdent.java index 97276ce..5204c7a 100644 --- a/src/cz/crcs/ectester/standalone/consts/SignatureIdent.java +++ b/src/cz/crcs/ectester/standalone/consts/SignatureIdent.java @@ -79,12 +79,6 @@ public class SignatureIdent extends Ident { ALL.add(new SignatureIdent("SHA224withECGDSA", "1.3.36.3.3.2.5.4.4")); ALL.add(new SignatureIdent("SHA384withECGDSA", "1.3.36.3.3.2.5.4.5")); ALL.add(new SignatureIdent("SHA512withECGDSA", "1.3.36.3.3.2.5.4.6")); - // Raw ECDSA, result is padded concatenation of (r, s) - ALL.add(new SignatureIdent("SHA1withECDSA(raw)")); - ALL.add(new SignatureIdent("SHA224withECDSA(raw)")); - ALL.add(new SignatureIdent("SHA256withECDSA(raw)")); - ALL.add(new SignatureIdent("SHA384withECDSA(raw)")); - ALL.add(new SignatureIdent("SHA512withECDSA(raw)")); } public static SignatureIdent get(String ident) { diff --git a/src/cz/crcs/ectester/standalone/libs/jni/NativeSignatureSpi.java b/src/cz/crcs/ectester/standalone/libs/jni/NativeSignatureSpi.java index 286945b..602b1c4 100644 --- a/src/cz/crcs/ectester/standalone/libs/jni/NativeSignatureSpi.java +++ b/src/cz/crcs/ectester/standalone/libs/jni/NativeSignatureSpi.java @@ -275,35 +275,35 @@ public abstract class NativeSignatureSpi extends SignatureSpi { public static class CryptoppECDSAwithSHA1 extends Cryptopp { public CryptoppECDSAwithSHA1() { - super("SHA1withECDSA(raw)"); + super("SHA1withECDSA"); } } public static class CryptoppECDSAwithSHA224 extends Cryptopp { public CryptoppECDSAwithSHA224() { - super("SHA224withECDSA(raw)"); + super("SHA224withECDSA"); } } public static class CryptoppECDSAwithSHA256 extends Cryptopp { public CryptoppECDSAwithSHA256() { - super("SHA256withECDSA(raw)"); + super("SHA256withECDSA"); } } public static class CryptoppECDSAwithSHA384 extends Cryptopp { public CryptoppECDSAwithSHA384() { - super("SHA384withECDSA(raw)"); + super("SHA384withECDSA"); } } public static class CryptoppECDSAwithSHA512 extends Cryptopp { public CryptoppECDSAwithSHA512() { - super("SHA512withECDSA(raw)"); + super("SHA512withECDSA"); } } diff --git a/src/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp b/src/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp index c538d51..32121c5 100644 --- a/src/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp +++ b/src/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp @@ -57,6 +57,11 @@ using CryptoPP::SecByteBlock; #include "cryptopp/oids.h" using CryptoPP::OID; +#include "cryptopp/dsa.h" +using CryptoPP::DSAConvertSignatureFormat; +using CryptoPP::DSA_DER; +using CryptoPP::DSA_P1363; + // ASN1 is a namespace, not an object #include "cryptopp/asn.h" using namespace CryptoPP::ASN1; @@ -103,11 +108,11 @@ JNIEXPORT void JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeProvider_ add_ka(env, "ECDH", "CryptoppECDH", self, provider_put); - add_sig(env, "SHA1withECDSA(raw)", "CryptoppECDSAwithSHA1", self, provider_put); - add_sig(env, "SHA224withECDSA(raw)", "CryptoppECDSAwithSHA224", self, provider_put); - add_sig(env, "SHA256withECDSA(raw)", "CryptoppECDSAwithSHA256", self, provider_put); - add_sig(env, "SHA384withECDSA(raw)", "CryptoppECDSAwithSHA384", self, provider_put); - add_sig(env, "SHA512withECDSA(raw)", "CryptoppECDSAwithSHA512", self, provider_put); + add_sig(env, "SHA1withECDSA", "CryptoppECDSAwithSHA1", self, provider_put); + add_sig(env, "SHA224withECDSA", "CryptoppECDSAwithSHA224", self, provider_put); + add_sig(env, "SHA256withECDSA", "CryptoppECDSAwithSHA256", self, provider_put); + add_sig(env, "SHA384withECDSA", "CryptoppECDSAwithSHA384", self, provider_put); + add_sig(env, "SHA512withECDSA", "CryptoppECDSAwithSHA512", self, provider_put); init_classes(env, "Cryptopp"); } @@ -619,9 +624,12 @@ jbyteArray sign_message(JNIEnv *env, DL_GroupParameters_EC group, jbyteArray env->ReleaseByteArrayElements(data, data_bytes, JNI_ABORT); signature.resize(len); - jbyteArray result = env->NewByteArray(len); + byte sig[4096]; + size_t sig_len = DSAConvertSignatureFormat(sig, sizeof(sig), DSA_DER, (byte *)signature.c_str(), len, DSA_P1363); + + jbyteArray result = env->NewByteArray(sig_len); jbyte *result_bytes = env->GetByteArrayElements(result, NULL); - std::copy(signature.begin(), signature.end(), result_bytes); + std::copy(sig, sig+sig_len, result_bytes); env->ReleaseByteArrayElements(result, result_bytes, 0); return result; @@ -685,14 +693,21 @@ jboolean verify_message(JNIEnv *env, DL_GroupParameters_EC group, jbyteArray pkey.Initialize(group, pkey_point); typename ECDSA::Verifier verifier(pkey); - jsize data_length = env->GetArrayLength(data); - jbyte *data_bytes = env->GetByteArrayElements(data, NULL); + size_t bit_length = group.GetCurve().GetField().MaxElementBitLength(); + size_t bytes = (bit_length + 7)/8; + jsize sig_length = env->GetArrayLength(signature); jbyte *sig_bytes = env->GetByteArrayElements(signature, NULL); - bool result = verifier.VerifyMessage((byte *)data_bytes, data_length, (byte *)sig_bytes, sig_length); - env->ReleaseByteArrayElements(data, data_bytes, JNI_ABORT); + + byte sig[bytes * 2]; + size_t sig_len = DSAConvertSignatureFormat(sig, bytes * 2, DSA_P1363, (byte *)sig_bytes, sig_length, DSA_DER); env->ReleaseByteArrayElements(signature, sig_bytes, JNI_ABORT); + jsize data_length = env->GetArrayLength(data); + jbyte *data_bytes = env->GetByteArrayElements(data, NULL); + bool result = verifier.VerifyMessage((byte *)data_bytes, data_length, sig, sig_len); + env->ReleaseByteArrayElements(data, data_bytes, JNI_ABORT); + return result; } -- cgit v1.2.3-70-g09d2