bool unit_test_crypto_sign(){
uint64_t len = HACL_UNIT_TESTS_SIZE * sizeof(uint8_t);
uint8_t *plaintext = malloc(HACL_UNIT_TESTS_SIZE * sizeof (uint8_t));
uint8_t *expected_signed_msg = malloc((HACL_UNIT_TESTS_SIZE+64) * sizeof (uint8_t));
uint8_t *hacl_signed_msg = malloc((HACL_UNIT_TESTS_SIZE+64) * sizeof (uint8_t));
uint8_t sk[64], pk[32];
crypto_sign_keypair(pk, sk);
READ_RANDOM_BYTES(len, plaintext);
int a, res;
bool pass = true;
long long unsigned int smlen;
for (int i = 0; i < 256; i++){
tweet_crypto_sign(expected_signed_msg, &smlen, plaintext, i, sk);
crypto_sign(hacl_signed_msg, &smlen, plaintext, i, sk);
a = memcmp(hacl_signed_msg, expected_signed_msg, (i+64) * sizeof(uint8_t));
if (a != 0){
pass = false;
printf("crypto_sign failed on input of size %d\n", i);
break;
}
res = crypto_sign_open(hacl_signed_msg, &smlen, expected_signed_msg, i + 64, pk);
if (res != 0) {
pass = false;
printf("crypto_sign_open returned value failed on input of size %d\n", i);
break;
}
a = memcmp(hacl_signed_msg, plaintext, i * sizeof(uint8_t));
if (a != 0){
pass = false;
printf("crypto_sign_open failed on input of size %d\n", i);
break;
}
}
if (!pass) return pass;
tweet_crypto_sign(expected_signed_msg, &smlen, plaintext, HACL_UNIT_TESTS_SIZE, sk);
crypto_sign(hacl_signed_msg, &smlen, plaintext, HACL_UNIT_TESTS_SIZE, sk);
a = memcmp(hacl_signed_msg, expected_signed_msg, (HACL_UNIT_TESTS_SIZE+64) * sizeof (uint8_t));
if (a != 0){
pass = false;
printf("crypto_sign failed on input of size %d\n.", HACL_UNIT_TESTS_SIZE);
}
res = crypto_sign_open(hacl_signed_msg, &smlen, expected_signed_msg, HACL_UNIT_TESTS_SIZE + 64, pk);
if (res != 0) {
pass = false;
printf("crypto_sign_open returned value failed on input of size %d\n", HACL_UNIT_TESTS_SIZE);
}
a = memcmp(hacl_signed_msg, plaintext, HACL_UNIT_TESTS_SIZE * sizeof(uint8_t));
if (a != 0){
pass = false;
printf("crypto_sign_open failed on input of size %d\n", HACL_UNIT_TESTS_SIZE);
}
free(plaintext);
free(hacl_signed_msg);
free(expected_signed_msg);
return pass;
}
void create_file(char* filename)
{
unsigned int j;
FILE *urandom = fopen("/dev/urandom", "r");
crypto_sign_keypair(pk, sk);
for(j=0;j<MLEN;j++)
mi[j] = fgetc(urandom);
crypto_sign(sm, &smlen, mi, MLEN, sk);
FILE *file;
file=fopen(filename,"wb");
if(file == NULL)
printf("Unable to open file!\n");
fwrite(pk, 1, CRYPTO_PUBLICKEYBYTES, file);
fwrite(sm, 1, MLEN+CRYPTO_BYTES, file);
fwrite(&smlen, sizeof(unsigned long long), 1, file);
fclose(file);
for(j=0;j<CRYPTO_PUBLICKEYBYTES;j++)
pk[j] = fgetc(urandom);
for(j=0;j<MLEN+CRYPTO_BYTES;j++)
sm[j] = fgetc(urandom);
smlen = fgetc(urandom);
fclose(urandom);
}
PyObject *pycrypto_sign(PyObject *self, PyObject *args, PyObject *kw){
Py_ssize_t m_stringsize=0, sksize=0;
const unsigned char *sk, *m_string;
static const char *kwlist[] = {"m", "sk", 0};
PyObject *ret;
unsigned long long mlen, smlen;
unsigned char *m;
if (!PyArg_ParseTupleAndKeywords(args, kw, "|s#s#:crypto_sign", (char **) kwlist, (char **)&m_string, &m_stringsize, (char **)&sk, &sksize)){
return (PyObject *)0;}
if (sksize != crypto_sign_SECRETKEYBYTES){
return Py_BuildValue("i", 0);}
mlen = m_stringsize;
m = PyMem_Malloc(mlen + crypto_sign_BYTES);
if (!m)
return PyErr_NoMemory();
if (crypto_sign(m, &smlen, m_string, mlen, sk) != 0){
PyMem_Free(m);
return Py_BuildValue("i", 0);}
ret = PyBytes_FromStringAndSize((char *)m, smlen);
PyMem_Free(m);
return ret;}
void speed_ed25519()
{
unsigned long long t[NTIMINGS];
int i;
unsigned char pk[32];
unsigned char sk[64];
// Benchmarking keypair
for(i=0;i<NTIMINGS;i++)
{
t[i] = cpucycles();
crypto_sign_keypair(pk, sk);
}
print_bench("sign_keypair",t,NTIMINGS);
// Benchmarking sign
for(i=0;i<NTIMINGS;i++)
{
t[i] = cpucycles();
crypto_sign(sm, &smlen, msg, MLEN, sk);
}
print_bench("sign (59 bytes)",t,NTIMINGS);
// Benchmarking sign_open
for(i=0;i<NTIMINGS;i++)
{
t[i] = cpucycles();
crypto_sign_open(mo, &mlen, sm, smlen, pk);
}
print_bench("sign_open (59 bytes)",t,NTIMINGS);
}
static char * createGUID()
{
sodium_init();
unsigned char out[crypto_hash_sha512_BYTES];
unsigned char sk[crypto_sign_SECRETKEYBYTES];
int valid_pow = 0;
while (valid_pow == 0){
//Generate a key pair
unsigned char pk[crypto_sign_PUBLICKEYBYTES];
unsigned char sk[crypto_sign_SECRETKEYBYTES];
crypto_sign_keypair(pk, sk);
//Sign the public key
const unsigned char * message = pk;
int message_len = crypto_sign_PUBLICKEYBYTES;
unsigned char signed_message[crypto_sign_BYTES + message_len];
unsigned long long signed_message_len;
crypto_sign(signed_message, &signed_message_len,
message, message_len, sk);
//Hash the signed key with sha512
crypto_hash_sha512(out, signed_message, signed_message_len);
char proof_of_work[32];
memcpy(proof_of_work, &out[32], 32);
char * pow = to_hex(proof_of_work, 3);
valid_pow = test_pow(pow);
}
to_hex(sk, 32);
return to_hex(sk, 32);
}
EncryptedMessage CryptoEngine::EncryptWithPublicKeyAndSign(const Message &message, const VerificationEngine &ver_engine) {
// check the public key
if (ver_engine.public_key().empty()) {
std::cout << "The recipient public key is empty. Cannot encrypt here." << std::endl;
throw g_crypto_engine_encryption_failure;
}
if (ver_engine.signing_public_key().empty()) {
std::cout << "The recipient signing public key is empty. Cannot encrypt here." << std::endl;
throw g_crypto_engine_encryption_failure;
}
if (private_key_.empty()) {
std::cout << "The secret key is empty. Cannot encrypt here." << std::endl;
throw g_crypto_engine_encryption_failure;
}
if (nonce_master_key_.empty()) {
std::cout << "The master key for deriving the nonce is not valid" << std::endl;
throw g_crypto_engine_encryption_failure;
}
if (context_.empty()) {
std::cout << "The context identifier for deriving the nonce is not valid" << std::endl;
throw g_crypto_engine_encryption_failure;
}
if (salt_.empty()) {
std::cout << "The salt for deriving the nonce is not valid" << std::endl;
throw g_crypto_engine_encryption_failure;
}
// means the current crypto engine and the recipient crypto engine have the same public keys !
// This is NOT SAFE - stop immediately
if(crypto_verify_32 (reinterpret_cast<const unsigned char *>(public_key_.data()),
reinterpret_cast<const unsigned char *>(ver_engine.public_key().data())) == 0) {
std::cout << "The engine public key and the recipient public key are the same !!! Did you copy the same files to two different peers ? This is NOT SAFE !! STOPPING !" << std::endl;
throw g_crypto_engine_encryption_failure;
}
// derive the nonce
std::string nonce = hkdf_.DeriveNonce(nonce_master_key_, salt_);
// calculate the hash of the data
std::string hash(crypto_hash(message.ToBytesString()));
// calculate the signature on the hash
std::string signed_hash = crypto_sign(hash, sign_private_key_);
// prepend the signature+hash to the message
std::string signed_message_string = signed_hash + message.ToBytesString();
// encrypt with the recipient public key
std::string cipher_text = crypto_box(signed_message_string, nonce, ver_engine.public_key(), private_key_);
return EncryptedMessage(nonce, cipher_text);
}
void PaysharesPrivateKey::sign(uint256 const& message, Blob& retSignature) const
{
unsigned char out[crypto_sign_BYTES + message.bytes];
unsigned long long len;
const unsigned char *key = mPair.mPrivateKey.data();
// contrary to the docs it puts the signature in front
crypto_sign(out, &len,
(unsigned char*)message.begin(), message.size(),
key);
retSignature.resize(crypto_sign_BYTES);
memcpy(&retSignature[0], out, crypto_sign_BYTES);
}
/*
* Sign a piece of data. Returns the data and signature in one output buffer.
*/
return_status master_keys_sign(
master_keys * const keys,
const buffer_t * const data,
buffer_t * const signed_data) { //output, length of data + SIGNATURE_SIZE
return_status status = return_status_init();
if ((keys == NULL)
|| (data == NULL)
|| (signed_data == NULL)
|| (signed_data->buffer_length < (data->content_length + SIGNATURE_SIZE))) {
throw(INVALID_INPUT, "Invalid input to master_keys_sign.");
}
sodium_mprotect_readonly(keys);
int status_int = 0;
unsigned long long signed_message_length;
status_int = crypto_sign(
signed_data->content,
&signed_message_length,
data->content,
data->content_length,
keys->private_signing_key->content);
if (status_int != 0) {
throw(SIGN_ERROR, "Failed to sign message.");
}
signed_data->content_length = (size_t) signed_message_length;
cleanup:
if (keys != NULL) {
sodium_mprotect_noaccess(keys);
}
on_error {
if (signed_data != NULL) {
signed_data->content_length = 0;
}
}
return status;
}
static nif_term_t
salt_sign(nif_heap_t *hp, int argc, const nif_term_t argv[])
{
/* salt_sign(Message, Secret_key) -> Signed_msg. */
unsigned long long len;
nif_bin_t pm;
nif_bin_t sk;
nif_bin_t sm;
nif_term_t raw;
if (argc != 2)
return (BADARG);
/* Unpack arguments ensuring they're suitably typed. */
if (! enif_inspect_iolist_as_binary(hp, argv[0], &pm))
return (BADARG);
if (! enif_inspect_binary(hp, argv[1], &sk))
return (BADARG);
/* Check constraints on size. */
if (pm.size < 1 || pm.size > SALT_MAX_MESSAGE_SIZE)
return (BADARG);
if (sk.size != crypto_sign_SECRETKEYBYTES)
return (BADARG);
/* Perform the crypto, potentially adjust signed message size. */
if (! enif_alloc_binary(pm.size + crypto_sign_BYTES, &sm))
return (BADARG);
(void)crypto_sign(sm.data, &len, pm.data, pm.size, sk.data);
raw = enif_make_binary(hp, &sm);
if (len != sm.size)
return (enif_make_sub_binary(hp, raw, 0, len));
else
return (raw);
}
int
main(int argc, const char **argv)
{
unsigned char *sk, *m, *sm;
size_t mlen, n;
long long unsigned int smlen;
if (argc < 2) {
puts("usage: csign PRIVATE_KEY");
return 1;
}
if (strlen(argv[1]) != crypto_sign_SECRETKEYBYTES * 2)
errx(1, "bad key length");
sk = decodehex(argv[1]);
mlen = readmsg(&m);
if ((sm = calloc(mlen + crypto_sign_BYTES, 1)) == NULL)
err(1, NULL);
crypto_sign(sm, &smlen, m, mlen, sk);
if ((n = fwrite(sm, 1, crypto_sign_BYTES, stdout)) != smlen)
err(1, NULL);
return 0;
}
static int sign(lua_State *L) {
size_t mlen;
unsigned char *msg = NULL;
msg = (unsigned char *)lua_tolstring(L, 1, &mlen);
size_t keylen;
const unsigned char *key = NULL;
key = (unsigned char*)lua_tolstring(L, 2, &keylen);
// @todo validate key by checking it's length?
unsigned long long slen;
unsigned char sig[mlen + crypto_sign_BYTES];
if (crypto_sign(sig, &slen, msg, mlen, key) != 0) {
lua_pushnil(L);
lua_pushstring(L, "Failed to sign msg");
return 2;
}
lua_pushlstring(L, (char *)sig, slen);
return 1;
}
void measure(void)
{
int i;
int loop;
for (loop = 0;loop < LOOPS;++loop) {
for (i = 0;i <= TIMINGS;++i) {
cycles[i] = cpucycles();
crypto_sign_keypair(pk,sk);
}
for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
printentry(-1,"keypair_cycles",cycles,TIMINGS);
for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 4) {
randombytes(m,mlen);
for (i = 0;i <= TIMINGS;++i) {
cycles[i] = cpucycles();
bytes[i] = crypto_sign(sm,&smlen,m,mlen,sk);
if (bytes[i] == 0) bytes[i] = smlen;
}
for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
printentry(mlen,"cycles",cycles,TIMINGS);
printentry(mlen,"bytes",bytes,TIMINGS);
for (i = 0;i <= TIMINGS;++i) {
cycles[i] = cpucycles();
bytes[i] = crypto_sign_open(t,&tlen,sm,smlen,pk);
if (bytes[i] == 0) bytes[i] = tlen;
}
for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
printentry(mlen,"open_cycles",cycles,TIMINGS);
printentry(mlen,"open_bytes",bytes,TIMINGS);
}
}
}
int main(void)
{
volatile unsigned char a; /* Mark the beginning of the stack */
for(i=0;i<5;i++)
{
canary = random();
WRITE_CANARY(&a);
crypto_sign_keypair(pk,sk);
newctr =(unsigned int)&a - (unsigned int)&_end - stack_count(canary);
ctr = (newctr>ctr)?newctr:ctr;
}
print_stack(XSTR(crypto_sign_keypair),-1,ctr);
for(i=0;i<5;i++)
{
canary = random();
WRITE_CANARY(&a);
crypto_sign(sm,&smlen,sm,0,sk);
newctr =(unsigned int)&a - (unsigned int)&_end - stack_count(canary);
ctr = (newctr>ctr)?newctr:ctr;
}
print_stack(XSTR(crypto_sign),0,ctr);
for(i=0;i<5;i++)
{
canary = random();
WRITE_CANARY(&a);
crypto_sign_open(sm,&mlen,sm,smlen,pk);
newctr =(unsigned int)&a - (unsigned int)&_end - stack_count(canary);
ctr = (newctr>ctr)?newctr:ctr;
}
print_stack(XSTR(crypto_sign_open),smlen,ctr);
for(j=1;j<=MAXTEST_BYTES;j<<=1)
{
mlen = j;
for(i=0;i<5;i++)
{
canary = random();
WRITE_CANARY(&a);
crypto_sign(sm,&smlen,sm,mlen,sk);
newctr =(unsigned int)&a - (unsigned int)&_end - stack_count(canary);
ctr = (newctr>ctr)?newctr:ctr;
}
print_stack(XSTR(crypto_sign),mlen,ctr);
for(i=0;i<5;i++)
{
canary = random();
WRITE_CANARY(&a);
crypto_sign_open(sm,&mlen,sm,smlen,pk);
newctr =(unsigned int)&a - (unsigned int)&_end - stack_count(canary);
ctr = (newctr>ctr)?newctr:ctr;
}
print_stack(XSTR(crypto_sign_open),smlen,ctr);
}
avr_end();
return 0;
}
