int cced25519_verify(const struct ccdigest_info *di, size_t mlen, const void *inMsg, const ccec25519signature sig, const ccec25519pubkey pk) { const uint8_t * const m = (const uint8_t *) inMsg; ccdigest_di_decl(di, dc); uint8_t h[64]; uint8_t checkr[32]; ge_p3 A; ge_p2 R; ASSERT_DIGEST_SIZE(di); if (ge_frombytes_negate_vartime(&A,pk) != 0) return -1; ccdigest_init(di,dc); ccdigest_update(di,dc,32,sig); ccdigest_update(di,dc,32,pk); ccdigest_update(di,dc,mlen,m); ccdigest_final(di,dc,h); ccdigest_di_clear(di,dc); sc_reduce(h); ge_double_scalarmult_vartime(&R,h,&A,sig + 32); ge_tobytes(checkr,&R); return crypto_verify_32(checkr,sig); }
void ccec_rfc6637_kdf(const struct ccdigest_info *di, const struct ccec_rfc6637_curve *curve, const struct ccec_rfc6637 *wrap, size_t skey_size, const void *skey, size_t fingerprint_size, const void *fingerprint, void *hash) { ccdigest_di_decl(di, dictx); ccdigest_init(di, dictx); ccdigest_update(di, dictx, 4, "\x00\x00\x00\x01"); ccdigest_update(di, dictx, skey_size, skey); /* params */ ccdigest_update(di, dictx, 1, &curve->curve_oid[0]); ccdigest_update(di, dictx, curve->curve_oid[0], &curve->curve_oid[1]); ccdigest_update(di, dictx, 1, &curve->public_key_alg); ccdigest_update(di, dictx, 2, "\x03\x01"); ccdigest_update(di, dictx, 1, &wrap->kdfhash_id); ccdigest_update(di, dictx, 1, &wrap->kek_id); ccdigest_update(di, dictx, 20, "Anonymous Sender "); ccdigest_update(di, dictx, fingerprint_size, fingerprint); ccdigest_final(di, dictx, hash); ccdigest_di_clear(di, dictx); }
static int test_discreet(const struct ccdigest_info *di, test_vector *vector) { uint8_t answer[128]; size_t total = vector->len; size_t chunk = vector->len/2; uint8_t *p = vector->input; uint8_t ctxfrontguard[4096]; ccdigest_di_decl(di, ctx); uint8_t ctxrearguard[4096]; memset(ctxfrontguard, 0xee, 4096); memset(ctxrearguard, 0xee, 4096); // break it up into pieces. ccdigest_init(di, ctx); ok(guard_ok(ctxfrontguard, 0xee, 4096), "context is safe"); ok(guard_ok(ctxrearguard, 0xee, 4096), "context is safe"); do { ccdigest_update(di, ctx, chunk, p); total -= chunk; p += chunk; chunk /= 2; if(chunk == 0) chunk = total; } while(total); ok(guard_ok(ctxfrontguard, 0xee, 4096), "context is safe"); ok(guard_ok(ctxrearguard, 0xee, 4096), "context is safe"); ccdigest_final(di, ctx, answer); ok(guard_ok(ctxfrontguard, 0xee, 4096), "context is safe"); ok(guard_ok(ctxrearguard, 0xee, 4096), "context is safe"); ok(test_answer(di, vector, answer), "check answer"); return 1; }
static bool SOSDescriptionHash(SOSPeerInfoRef peer, const struct ccdigest_info *di, void *hashresult, CFErrorRef *error) { ccdigest_di_decl(di, ctx); ccdigest_init(di, ctx); void *ctx_p = ctx; if(!SOSPeerInfoUpdateDigestWithDescription(peer, di, ctx_p, error)) return false; ccdigest_final(di, ctx, hashresult); return true; }