int cced25519_verify(const struct ccdigest_info *di,
size_t mlen, const void *inMsg,
const ccec25519signature sig,
const ccec25519pubkey pk)
{
const uint8_t * const m = (const uint8_t *) inMsg;
ccdigest_di_decl(di, dc);
uint8_t h[64];
uint8_t checkr[32];
ge_p3 A;
ge_p2 R;
ASSERT_DIGEST_SIZE(di);
if (ge_frombytes_negate_vartime(&A,pk) != 0) return -1;
ccdigest_init(di,dc);
ccdigest_update(di,dc,32,sig);
ccdigest_update(di,dc,32,pk);
ccdigest_update(di,dc,mlen,m);
ccdigest_final(di,dc,h);
ccdigest_di_clear(di,dc);
sc_reduce(h);
ge_double_scalarmult_vartime(&R,h,&A,sig + 32);
ge_tobytes(checkr,&R);
return crypto_verify_32(checkr,sig);
}
void
ccec_rfc6637_kdf(const struct ccdigest_info *di,
const struct ccec_rfc6637_curve *curve,
const struct ccec_rfc6637 *wrap,
size_t skey_size, const void *skey,
size_t fingerprint_size, const void *fingerprint,
void *hash)
{
ccdigest_di_decl(di, dictx);
ccdigest_init(di, dictx);
ccdigest_update(di, dictx, 4, "\x00\x00\x00\x01");
ccdigest_update(di, dictx, skey_size, skey);
/* params */
ccdigest_update(di, dictx, 1, &curve->curve_oid[0]);
ccdigest_update(di, dictx, curve->curve_oid[0], &curve->curve_oid[1]);
ccdigest_update(di, dictx, 1, &curve->public_key_alg);
ccdigest_update(di, dictx, 2, "\x03\x01");
ccdigest_update(di, dictx, 1, &wrap->kdfhash_id);
ccdigest_update(di, dictx, 1, &wrap->kek_id);
ccdigest_update(di, dictx, 20, "Anonymous Sender ");
ccdigest_update(di, dictx, fingerprint_size, fingerprint);
ccdigest_final(di, dictx, hash);
ccdigest_di_clear(di, dictx);
}
static int test_discreet(const struct ccdigest_info *di, test_vector *vector) {
uint8_t answer[128];
size_t total = vector->len;
size_t chunk = vector->len/2;
uint8_t *p = vector->input;
uint8_t ctxfrontguard[4096];
ccdigest_di_decl(di, ctx);
uint8_t ctxrearguard[4096];
memset(ctxfrontguard, 0xee, 4096);
memset(ctxrearguard, 0xee, 4096);
// break it up into pieces.
ccdigest_init(di, ctx);
ok(guard_ok(ctxfrontguard, 0xee, 4096), "context is safe");
ok(guard_ok(ctxrearguard, 0xee, 4096), "context is safe");
do {
ccdigest_update(di, ctx, chunk, p);
total -= chunk;
p += chunk;
chunk /= 2;
if(chunk == 0) chunk = total;
} while(total);
ok(guard_ok(ctxfrontguard, 0xee, 4096), "context is safe");
ok(guard_ok(ctxrearguard, 0xee, 4096), "context is safe");
ccdigest_final(di, ctx, answer);
ok(guard_ok(ctxfrontguard, 0xee, 4096), "context is safe");
ok(guard_ok(ctxrearguard, 0xee, 4096), "context is safe");
ok(test_answer(di, vector, answer), "check answer");
return 1;
}
static bool SOSDescriptionHash(SOSPeerInfoRef peer, const struct ccdigest_info *di, void *hashresult, CFErrorRef *error) {
ccdigest_di_decl(di, ctx);
ccdigest_init(di, ctx);
void *ctx_p = ctx;
if(!SOSPeerInfoUpdateDigestWithDescription(peer, di, ctx_p, error)) return false;
ccdigest_final(di, ctx, hashresult);
return true;
}
