0

I made a Signer/Checker mechanisms with ECDSA using Crypto++.

The problem is when I want to check signature it doesn't work with Verify function.

Can you propose me a more manual way to verify signature?

user3188135
  • 1
  • 1

1 Answers1

2

How to verify ECDSA signature with Crypto++ without the verify function?

I'm not sure how you would verify code without a verify function. I'm probably not understanding the question.

Just in case, here's how Crypto++ implements its verification code.

First, ECDSA is a DL_Algorithm_ECDSA (from eccrypto.h):

//! ECDSA algorithm
template <class EC>
class DL_Algorithm_ECDSA : public DL_Algorithm_GDSA<typename EC::Point>
{
public:
    static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECDSA";}
};
...

template <class EC, class H>
struct ECDSA :
    public DL_SS<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>,
               DL_SignatureMessageEncodingMethod_DSA, H>
{
};

Next, here's verify function from DL_Algorithm_GDSA in gfcrypt.h:

bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey,
                const Integer &e, const Integer &r, const Integer &s) const
{
    const Integer &q = params.GetSubgroupOrder();
    if (r>=q || r<1 || s>=q || s<1)
        return false;

    Integer w = s.InverseMod(q);
    Integer u1 = (e * w) % q;
    Integer u2 = (r * w) % q;

    return r == params.ConvertElementToInteger(
                    publicKey.CascadeExponentiateBaseAndPublicElement(u1, u2)) % q;
}

The code below uses VerifyMessage, and its part of PK_Verifier declared in cryptolib.h:

virtual bool VerifyMessage(const byte *message, size_t messageLen, 
                 const byte *signature, size_t signatureLength) const;

PK_Verifier is the 'master' base class that objects like ECDSA, NR, and RSASS use to expose the consistent interface.

Objects like ECDSA, NR, and RSASS connect to PK_Verifier via the DL_SS:

template <class EC, class H>
struct ECDSA :
    public DL_SS<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, DL_SignatureMessageEncodingMethod_DSA, H>
{
};

Finally, here's how DL_SS relates to PK_Verifier (from pubkey.h):

//! Discrete Log Based Signature Scheme
template <class KEYS, class SA, class MEM, class H, class ALG_INFO = DL_SS<KEYS, SA, MEM, H, int> >
class DL_SS : public KEYS
{
    typedef DL_SignatureSchemeOptions<ALG_INFO, KEYS, SA, MEM, H> SchemeOptions;
    ...

    //! implements PK_Signer interface
    typedef PK_FinalTemplate<DL_SignerImpl<SchemeOptions> > Signer;
    //! implements PK_Verifier interface
    typedef PK_FinalTemplate<DL_VerifierImpl<SchemeOptions> > Verifier;
};

The problem is when I want to check signature it doesn't work with Verify function.

There's lots of code available on the Crypto++ wiki. For ECDSA, see Elliptic Curve Digital Signature Algorithm. Below is a signing a verification sample taken from the wiki.

Sign

AutoSeededRandomPool prng;

ECDSA<ECP, SHA1>::PrivateKey privateKey;
privateKey.Load(...);
privateKey.Validate(prng, 3);

ECDSA<ECP, SHA1>::Signer signer(privateKey);

string message = "Do or do not. There is no try.";

// Determine maximum size, allocate a string with the maximum size
size_t siglen = signer.MaxSignatureLength();
string signature(siglen, 0x00);

// Sign, and trim signature to actual size
siglen = signer.SignMessage( prng, message.data(), message.size(), signature.data() );
signature.resize(siglen);

Verify

AutoSeededRandomPool prng;

ECDSA<ECP, SHA1>::PublicKey publicKey;
publicKey.Load(...);
publicKey.Validate(prng, 3);

ECDSA<ECP, SHA1>::Verifier verifier(publicKey);

bool result = verifier.VerifyMessage( message.data(), message.size(), signature.data(), signature.size() );
if(result)
  cout << "Verified signature on message" << endl;
else
  cerr << "Failed to verify signature on message" << endl;
jww
  • 97,681
  • 90
  • 411
  • 885
  • the problem is that i want to sign pe file and save key with an exe and in another exe i want to load public key and check signatures – user3188135 Jan 13 '14 at 20:46
  • Wei does similar in Crypto++'s `test.cpp`. See the code for the option `mac_dll`. In short, the `mac_dll` opens the executable, checksums the code with an `HMAC`, and then embeds the expected fingerprint back into the executable to detect tampering. At runtime, the executable verifies the signature on the code that was checksummed. The `mac_dll` is there because of a [FIPS 140-2](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf) requirement. Also see [Dynamic TEXT Section Image Verification](http://www.codeproject.com/Articles/17636/Dynamic-TEXT-Section-Image-Verification). – jww Jan 14 '14 at 05:38
  • @jww please checkout this question http://stackoverflow.com/questions/30950856/ecdsa-signing-not-working-using-cryptopp I am trying to sign and verify using ECDSA but with randomly generated keys it is not even signing – SandeepAggarwal Jun 20 '15 at 07:17