Exemple #1
0
int crypto_sign_open(
  unsigned char *m,unsigned long long *mlen,
  const unsigned char *sm,unsigned long long smlen,
  const unsigned char *pk
)
{
  unsigned char h[64];
  unsigned char checkr[32];
  ge_p3 A;
  ge_p2 R;
  unsigned long long i;

  *mlen = -1;
  if (smlen < 64) return -1;
  if (sm[63] & 224) return -2;
  if (ge_frombytes_negate_vartime(&A,pk) != 0) return -3;

  for (i = 0;i < smlen;++i) m[i] = sm[i];
  for (i = 0;i < 32;++i) m[32 + i] = pk[i];
  SHA512(m, smlen, h);
  sc_reduce(h);

  ge_double_scalarmult_vartime(&R,h,&A,sm + 32);
  ge_tobytes(checkr,&R);
  if (crypto_verify_32(checkr,sm) != 0) {
    for (i = 0;i < smlen;++i) m[i] = 0;
    return crypto_verify_32(checkr,sm);
  }

  for (i = 0;i < smlen - 64;++i) m[i] = sm[64 + i];
  for (i = smlen - 64;i < smlen;++i) m[i] = 0;
  *mlen = smlen - 64;
  return 0;
}
Exemple #2
0
enum is_user_enum username_msg_is_user(char *src, size_t slen, char *username,
				       size_t len)
{
	char *uname;
	size_t uname_len;
	uint32_t salt;
	struct username_struct *us = (struct username_struct *) src;
	unsigned char h[crypto_hash_sha512_BYTES];

	if (slen < sizeof(struct username_struct)) {
		errno = ENOMEM;
		return USERNAMES_ERR;
	}

	uname_len = 512;
	uname = xzmalloc(uname_len);

	salt = ntohl(us->salt);

	slprintf(uname, uname_len, "%s%u", username, salt);
	crypto_hash_sha512(h, (unsigned char *) uname, strlen(uname));
	xfree(uname);

	if (!crypto_verify_32(&h[0], &us->hash[0]) &&
	    !crypto_verify_32(&h[32], &us->hash[32]))
		return USERNAMES_OK;
	else
		return USERNAMES_NE;
}
Exemple #3
0
int main(void)
{
    randombytes_buf(v16, sizeof v16);
    randombytes_buf(v32, sizeof v32);
    randombytes_buf(v64, sizeof v64);

    memcpy(v16x, v16, sizeof v16);
    memcpy(v32x, v32, sizeof v32);
    memcpy(v64x, v64, sizeof v64);

    printf("%d\n", crypto_verify_16(v16, v16x));
    printf("%d\n", crypto_verify_32(v32, v32x));
    printf("%d\n", crypto_verify_64(v64, v64x));

    v16x[randombytes_random() & 15U]++;
    v32x[randombytes_random() & 31U]++;
    v64x[randombytes_random() & 63U]++;

    printf("%d\n", crypto_verify_16(v16, v16x));
    printf("%d\n", crypto_verify_32(v32, v32x));
    printf("%d\n", crypto_verify_64(v64, v64x));

    assert(crypto_verify_16_bytes() == 16U);
    assert(crypto_verify_32_bytes() == 32U);
    assert(crypto_verify_64_bytes() == 64U);

    return 0;
}
int crypto_auth_hmacsha256_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
{
  unsigned char correct[32];
  crypto_auth_hmacsha256(correct,in,inlen,k);
  return crypto_verify_32(h,correct) | (-(h == correct)) |
         sodium_memcmp(correct,h,32);
}
int	cced25519_verify(const struct ccdigest_info *di,
                     size_t mlen, const void *inMsg,
                     const ccec25519signature sig,
                     const ccec25519pubkey pk)
{
  const uint8_t * const m = (const uint8_t *) inMsg;
  ccdigest_di_decl(di, dc);
  uint8_t h[64];
  uint8_t checkr[32];
  ge_p3 A;
  ge_p2 R;

  ASSERT_DIGEST_SIZE(di);
  if (ge_frombytes_negate_vartime(&A,pk) != 0) return -1;

  ccdigest_init(di,dc);
  ccdigest_update(di,dc,32,sig);
  ccdigest_update(di,dc,32,pk);
  ccdigest_update(di,dc,mlen,m);
  ccdigest_final(di,dc,h);
  ccdigest_di_clear(di,dc);
  sc_reduce(h);

  ge_double_scalarmult_vartime(&R,h,&A,sig + 32);
  ge_tobytes(checkr,&R);
  return crypto_verify_32(checkr,sig);
}
int aesctr_packet_get(struct buf *b) {

    long long len;
    struct buf *recvbuf = &packet.recvbuf;
    unsigned char *pp;
    long long l;

    /* we need at least one block */
    if (recvbuf->len - ZB < BB) { packet.packet_length = 0; return 1; }

    /* decrypt first block  */
    if (packet.packet_length == 0) {
        if (sshcrypto_stream_xor(
            recvbuf->buf + ZB,                  /* c    */
            recvbuf->buf + ZB,                  /* m    */
            BB,                                 /* mlen */
            packet.clientnonce,                 /* n    */
            packet.clientkey                    /* k    */
        ) != 0) bug_proto();
        packet.packet_length = uint32_unpack_big(recvbuf->buf + ZB);
    }

    if (packet.packet_length > PACKET_LIMIT) bug_proto();
    if (packet.packet_length + 4 + AB > recvbuf->len - ZB) return 1;


    /* decrypt and check MAC */
    uint32_pack_big(recvbuf->buf + ZB - 4, packet.receivepacketid++);
    if (sshcrypto_stream_xor(
            recvbuf->buf + ZB + BB,             /* c    */
            recvbuf->buf + ZB + BB,             /* m    */
            packet.packet_length + 4 - BB,      /* mlen */
            packet.clientnonce,                 /* n    */
            packet.clientkey                    /* k    */
        ) != 0) bug_proto();

    if (sshcrypto_auth(
            recvbuf->buf,                       /* a    */
            recvbuf->buf + ZB - 4,              /* m    */
            packet.packet_length + 8,           /* mlen */
            packet.clientmackey                 /* k    */
        ) != 0) bug_proto();

    if (crypto_verify_32(recvbuf->buf, recvbuf->buf + ZB + packet.packet_length + 4) != 0) bug_proto();

    len = packet.packet_length;
    len -= recvbuf->buf[ZB + 4] + 1;
    if (len <= 0) bug_proto();
    buf_put(b, recvbuf->buf + ZB + 5, len);

    pp = recvbuf->buf + ZB;
    l  = recvbuf->len - ZB;

    byte_copy(pp, l - packet.packet_length + AB + 4, pp + packet.packet_length + AB + 4);
    purge(pp + l - packet.packet_length + AB + 4, packet.packet_length + AB + 4);
    recvbuf->len -= packet.packet_length + AB + 4;
    packet.packet_length = 0;
    purge(recvbuf->buf, ZB);
    return 1;
}
Exemple #7
0
int crypto_sign_open(
  unsigned char *sm, unsigned long long smlen,
  const unsigned char *pk
)
{
  unsigned char scopy[32];
  unsigned char h[64];
  unsigned char rcheck[32];
  ge_p3 A;
  ge_p2 R;

  if (smlen < 64) goto badsig;
  if (sm[63] & 224) goto badsig;
  if (ge_frombytes_negate_vartime(&A,pk) != 0) goto badsig;

  memmove(scopy,sm + 32,32);

  memmove(sm + 32,pk,32);
  crypto_hash_sha512(h,sm,smlen);
  sc_reduce(h);

  ge_double_scalarmult_vartime(&R,h,&A,scopy);
  ge_tobytes(rcheck,&R);
  if (crypto_verify_32(rcheck,sm) == 0)
    return 0;

badsig:
  return -1;
}
Exemple #8
0
int32_t public_key_cmp(const uint8_t *pk1, const uint8_t *pk2)
{
#if CRYPTO_PUBLIC_KEY_SIZE != 32
#error CRYPTO_PUBLIC_KEY_SIZE is required to be 32 bytes for public_key_cmp to work,
#endif
    return crypto_verify_32(pk1, pk2);
}
int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
                       unsigned long long inlen, const unsigned char *k)
{
  unsigned char correct[32];
  crypto_auth(correct,in,inlen,k);
  return crypto_verify_32(h,correct);
}
Exemple #10
0
int crypto_sign_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key) {
    unsigned char h[64];
    unsigned char checker[32];
    SHA512_CTX hash;
    ge_p3 A;
    ge_p2 R;

    if (signature[63] & 224) {
        return -1;
    }

    if (ge_frombytes_negate_vartime(&A, public_key) != 0) {
        return -2;
    }

    SHA512_Init(&hash);
    SHA512_Update(&hash, signature, 32);
    SHA512_Update(&hash, public_key, 32);
    SHA512_Update(&hash, message, message_len);
    SHA512_Final(h, &hash);

    sc_reduce(h);
    ge_double_scalarmult_vartime(&R, h, &A, signature + 32);
    ge_tobytes(checker, &R);

    if (!(crypto_verify_32(checker, signature) == 0)) {
        return -3;
    }

    return 0;
}
int fe_isnonzero(const fe f)
{
  static const unsigned char zero[32] = {0};

  unsigned char s[32];
  fe_tobytes(s,f);
  return crypto_verify_32(s,zero);
}
EncryptedMessage CryptoEngine::EncryptWithPublicKeyAndSign(const Message &message, const VerificationEngine &ver_engine) {

    // check the public key
    if (ver_engine.public_key().empty()) {
        std::cout << "The recipient public key is empty. Cannot encrypt here." << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    if (ver_engine.signing_public_key().empty()) {
        std::cout << "The recipient signing public key is empty. Cannot encrypt here." << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    if (private_key_.empty()) {
        std::cout << "The secret key is empty. Cannot encrypt here." << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    if (nonce_master_key_.empty()) {
        std::cout << "The master key for deriving the nonce is not valid" << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    if (context_.empty()) {
        std::cout << "The context identifier for deriving the nonce is not valid" << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    if (salt_.empty()) {
        std::cout << "The salt for deriving the nonce is not valid" << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    // means the current crypto engine and the recipient crypto engine have the same public keys !
    // This is NOT SAFE - stop immediately
    if(crypto_verify_32 (reinterpret_cast<const unsigned char *>(public_key_.data()),
                         reinterpret_cast<const unsigned char *>(ver_engine.public_key().data())) == 0) {
        std::cout << "The engine public key and the recipient public key are the same !!! Did you copy the same files to two different peers ? This is NOT SAFE !! STOPPING !" << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    // derive the nonce
    std::string nonce = hkdf_.DeriveNonce(nonce_master_key_, salt_);

    // calculate the hash of the data
    std::string hash(crypto_hash(message.ToBytesString()));

    // calculate the signature on the hash
    std::string signed_hash = crypto_sign(hash, sign_private_key_);

    // prepend the signature+hash to the message
    std::string signed_message_string = signed_hash + message.ToBytesString();

    // encrypt with the recipient public key
    std::string cipher_text = crypto_box(signed_message_string, nonce, ver_engine.public_key(), private_key_);

    return EncryptedMessage(nonce, cipher_text);
}
int ge_cmp(const ge_p3 *a, const ge_p3 *b)
{
	unsigned char a_comp[ED25519_GE_LENGTH];
	unsigned char b_comp[ED25519_GE_LENGTH];

	ge_p3_tobytes(a_comp, a);
	ge_p3_tobytes(b_comp, b);

	return crypto_verify_32(a_comp, b_comp);
}
/* Having duplicate code in tests is better than making them public in real code */
static bool ge_is_zero(const ge_p3 *ge)
{
	uint8_t y[ED25519_GE_LENGTH];
	uint8_t z[ED25519_GE_LENGTH];

	fe_tobytes(y, ge->Y);
	fe_tobytes(z, ge->Z);

	return (!fe_isnonzero(ge->X)) && (!crypto_verify_32(y, z));
}
main(int argc, char **argv)
{

  if (argc<2)
  {
    write(2,USAGE,strlen(USAGE));
    exit(64);
  }

  unsigned char cache[131072*32]={0};

  struct passwd *urcd = getpwnam("urcd");

  if ((!urcd)
  || (chdir(argv[1]))
  || (chroot(argv[1]))
  || (setgroups(0,'\x00'))
  || (setgid(urcd->pw_gid))
  || (setuid(urcd->pw_uid))) exit(64);

  unsigned char buffer[16+8+65536+32];
  unsigned char hash[32];
  int i, n, l;

  while (1)
  {

    readbuffer: if (read(0,buffer,2)<2) exit(1);

    n = 0;
    l = 16 + 8 + buffer[0] * 256 + buffer[1];

    while (n<l)
    {
      i = read(0,buffer+n,l-n);
      if (i<1) exit(2);
      n += i;
    }

    crypto_hash_sha256(hash,buffer,l);

    for (i=131072*32-32;i>-32;i-=32) if (!crypto_verify_32(hash,cache+i))
    {
      if (write(1,"\1",1)<1) exit(3);
      goto readbuffer;
    }

    memcpy(cache,cache+32,131072*32-32);
    memcpy(cache+131072*32-32,hash,32);

    if (write(1,"\0",1)<1) exit(4);

  }

}
Exemple #16
0
int crypto_sign_ed25519_tinynacl_open(unsigned char *m, unsigned long long *mlen, const unsigned char *sm, unsigned long long n, const unsigned char *pk) {

    long long i;
    unsigned char pkcopy[32], rcopy[32], scopy[32], hram[64], rcheck[32];
    ge25519 R, S, A;
    int ret = -1;

    /* check input */
    if (n < 64) goto fail;
    if (sm[63] & 224) goto fail;

    /* unpack pk */
    if (ge25519_frombytes_negate_vartime(A, pk) != 0) goto fail;

    /* copy pk, r, s */
    for (i = 0; i < 32; ++i) pkcopy[i] = pk[i];
    for (i = 0; i < 32; ++i) rcopy[i]  = sm[i];
    for (i = 0; i < 32; ++i) scopy[i]  = sm[i + 32];

    /* copy sm to m and copy pk to m */
    for (i = n - 1; i >= 0; --i) m[i] = sm[i];
    for (i = 0; i < 32; ++i) m[i + 32] = pkcopy[i];

    /* calculate hram = H(r, a, m) */
    crypto_hash_sha512(hram, m, n);
    sc25519_reduce(hram);

    /* compute R */
    ge25519_scalarmult(A, A, hram);
    ge25519_scalarmult_base(S, scopy);
    ge25519_add(R, S, A);

    /* check R */
    ge25519_tobytes(rcheck, R);
    if (crypto_verify_32(rcheck, rcopy) != 0) goto fail;

    /* copy message */
    n -= 64; *mlen = n;
    for (i = 0; i <  n; ++i) m[i] = m[i + 64];
    for (i = 0; i < 64; ++i) m[i + n] = 0;
    ret = 0;
    goto cleanup;

fail:
    for (i = 0; i < n; ++i) m[i] = 0;

cleanup:
    cleanup(pkcopy); cleanup(rcopy); cleanup(scopy);
    cleanup(hram); cleanup(rcheck);
    cleanup(R); cleanup(S); cleanup(A);
    return ret;
}
// Decrypt with the same key but from the message bytes
EncryptedMessage CryptoEngine::EncryptWithPublicKey(const Message &message, const VerificationEngine &ver_engine) {

    // check the public key
    if (ver_engine.public_key().empty()) {
        std::cout << "The recipient public key is empty. Cannot encrypt here." << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    if (private_key_.empty()) {
        std::cout << "The secret key is empty. Cannot encrypt here." << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    if (nonce_master_key_.empty()) {
        std::cout << "The master key for deriving the nonce is not valid" << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    if (context_.empty()) {
        std::cout << "The context identifier for deriving the nonce is not valid" << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    if (salt_.empty()) {
        std::cout << "The salt for deriving the nonce is not valid" << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    // means the current crypto engine and the recipient crypto engine have the same public keys !
    // This is NOT SAFE - stop immediately
    if(crypto_verify_32 (reinterpret_cast<const unsigned char *>(public_key_.data()),
                         reinterpret_cast<const unsigned char *>(ver_engine.public_key().data())) == 0) {
        std::cout << "The engine public key and the recipient public key are the same !!! Did you copy the same files to two different peers ? This is NOT SAFE !! STOPPING !" << std::endl;
        throw g_crypto_engine_encryption_failure;
    }

    try {
        // derive the nonce
        std::string nonce = hkdf_.DeriveNonce(nonce_master_key_, salt_);

        // Add the additional data (tcp_verion, type, message) to the string
        std::string full_clear_text(message.ToBytesString());

        // encrypt with the recipient public key
        std::string cipher_text = crypto_box(full_clear_text, nonce, ver_engine.public_key(), private_key_);

        return EncryptedMessage(nonce, cipher_text);
    } catch (std::exception& e) {
        std::cout << "CryptoEngine::Encrypt exception: " << e.what() << std::endl;
        throw g_crypto_engine_encryption_failure;
    }
}
Exemple #18
0
int crypto_sign_edwards25519sha512batch_open(unsigned char *m,
                                             unsigned long long *mlen_p,
                                             const unsigned char *sm,
                                             unsigned long long smlen,
                                             const unsigned char *pk)
{
    unsigned char h[64];
    unsigned char t1[32], t2[32];
    unsigned long long mlen;
    ge_cached Ai;
    ge_p1p1 csa;
    ge_p2 cs;
    ge_p3 A;
    ge_p3 R;
    ge_p3 cs3;

    *mlen_p = 0;
    if (smlen < 64 || smlen > SIZE_MAX) {
        return -1;
    }
    mlen = smlen - 64;
    if (sm[smlen - 1] & 224) {
        return -1;
    }
    if (ge_frombytes_negate_vartime(&A, pk) != 0 ||
        ge_frombytes_negate_vartime(&R, sm) != 0) {
        return -1;
    }
    ge_p3_to_cached(&Ai, &A);
    crypto_hash_sha512(h, sm, mlen + 32);
    sc_reduce(h);
    ge_scalarmult_vartime(&cs3, h, &R);
    ge_add(&csa, &cs3, &Ai);
    ge_p1p1_to_p2(&cs, &csa);
    ge_tobytes(t1, &cs);
    t1[31] ^= 1 << 7;
    ge_scalarmult_base(&R, sm + 32 + mlen);
    ge_p3_tobytes(t2, &R);
    if (crypto_verify_32(t1, t2) != 0) {
        return -1;
    }
    *mlen_p = mlen;
    memmove(m, sm + 32, mlen);

    return 0;
}
Exemple #19
0
int curve25519_proto_init(struct curve25519_proto *p, unsigned char *pubkey_remote,
			  size_t len, char *home, int server)
{
	int fd;
	ssize_t ret;
	char path[PATH_MAX];
	unsigned char secretkey_own[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES] = { 0 };
	unsigned char publickey_own[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES] = { 0 };

	if (!pubkey_remote ||
	    len != crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES)
		return -EINVAL;

	memset(path, 0, sizeof(path));
	slprintf(path, sizeof(path), "%s/%s", home, FILE_PRIVKEY);

	fd = open_or_die(path, O_RDONLY);

	ret = read(fd, secretkey_own, sizeof(secretkey_own));
	if (ret != sizeof(secretkey_own)) {
		xmemset(secretkey_own, 0, sizeof(secretkey_own));
		panic("Cannot read private key!\n");
	}

	close(fd);

	crypto_scalarmult_curve25519_base(publickey_own, secretkey_own);

	if (!crypto_verify_32(publickey_own, pubkey_remote)) {
		xmemset(secretkey_own, 0, sizeof(secretkey_own));
		xmemset(publickey_own, 0, sizeof(publickey_own));
		panic("PANIC: remote end has same public key as you have!!!\n");
	}

	crypto_box_beforenm(p->key, pubkey_remote, secretkey_own);

	xmemset(p->enonce, 0, sizeof(p->enonce));
	xmemset(p->dnonce, 0, sizeof(p->dnonce));

	xmemset(secretkey_own, 0, sizeof(secretkey_own));
	xmemset(publickey_own, 0, sizeof(publickey_own));

	return 0;
}
Exemple #20
0
int crypto_sign_open(
    unsigned char *m,unsigned long long *mlen,
    const unsigned char *sm,unsigned long long smlen,
    const unsigned char *pk
    )
{
  unsigned char pkcopy[32];
  unsigned char rcopy[32];
  unsigned char hram[64];
  unsigned char rcheck[32];
  ge25519 get1, get2;
  sc25519 schram, scs;

  if (smlen < 64) goto badsig;
  if (sm[63] & 224) goto badsig;
  if (ge25519_unpackneg_vartime(&get1,pk)) goto badsig;

  memmove(pkcopy,pk,32);
  memmove(rcopy,sm,32);

  sc25519_from32bytes(&scs, sm+32);

  memmove(m,sm,smlen);
  memmove(m + 32,pkcopy,32);
  crypto_hash_sha512(hram,m,smlen);

  sc25519_from64bytes(&schram, hram);

  ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs);
  ge25519_pack(rcheck, &get2);

  if (crypto_verify_32(rcopy,rcheck) == 0) {
    memmove(m,m + 64,smlen - 64);
    memset(m + smlen - 64,0,64);
    *mlen = smlen - 64;
    return 0;
  }

badsig:
  *mlen = (unsigned long long) -1;
  memset(m,0,smlen);
  return -1;
}
Exemple #21
0
int
crypto_sign_verify_detached(const unsigned char *sig, const unsigned char *m,
                            unsigned long long mlen, const unsigned char *pk)
{
    crypto_hash_sha512_state hs;
    unsigned char h[64];
    unsigned char rcheck[32];
    unsigned int  i;
    unsigned char d = 0;
    ge_p3 A;
    ge_p2 R;

#ifdef ED25519_PREVENT_MALLEABILITY
    if (crypto_sign_check_S_lt_l(sig + 32) != 0) {
        return -1;
    }
#else
    if (sig[63] & 224) {
        return -1;
    }
#endif
    if (ge_frombytes_negate_vartime(&A, pk) != 0) {
        return -1;
    }
    for (i = 0; i < 32; ++i) {
        d |= pk[i];
    }
    if (d == 0) {
        return -1;
    }
    crypto_hash_sha512_init(&hs);
    crypto_hash_sha512_update(&hs, sig, 32);
    crypto_hash_sha512_update(&hs, pk, 32);
    crypto_hash_sha512_update(&hs, m, mlen);
    crypto_hash_sha512_final(&hs, h);
    sc_reduce(h);

    ge_double_scalarmult_vartime(&R, h, &A, sig + 32);
    ge_tobytes(rcheck, &R);

    return crypto_verify_32(rcheck, sig) | (-(rcheck - sig == 0)) |
           sodium_memcmp(sig, rcheck, 32);
}
Exemple #22
0
int crypto_sign_ed25519_open(
    unsigned char *m,unsigned long long *mlen,
    const unsigned char *sm,unsigned long long smlen,
    const unsigned char *pk
    )
{
  unsigned int i;
  int ret;
  unsigned char t2[32];
  ge25519 get1, get2;
  sc25519 schram, scs;
  unsigned char hram[crypto_hash_sha512_BYTES];

  *mlen = (unsigned long long) -1;
  if (smlen < 64) return -1;

  if (ge25519_unpackneg_vartime(&get1, pk)) return -1;

  get_hram(hram,sm,pk,m,smlen);

  sc25519_from64bytes(&schram, hram);

  sc25519_from32bytes(&scs, sm+32);

  ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs);
  ge25519_pack(t2, &get2);

  ret = crypto_verify_32(sm, t2);

  if (!ret)
  {
    for(i=0;i<smlen-64;i++)
      m[i] = sm[i + 64];
    *mlen = smlen-64;
  }
  else
  {
    for(i=0;i<smlen-64;i++)
      m[i] = 0;
  }
  return ret;
}
int xed25519_verify(const unsigned char* signature,
                    const unsigned char* curve25519_pubkey,
                    const unsigned char* msg, const unsigned long msg_len)
{
  fe u;
  fe y;
  unsigned char ed_pubkey[32];
  unsigned char strict[32];
  unsigned char verifybuf[MAX_MSG_LEN + 64]; /* working buffer */
  unsigned char verifybuf2[MAX_MSG_LEN + 64]; /* working buffer #2 */

  if (msg_len > MAX_MSG_LEN) {
    return -1;
  }

  /* Convert the Curve25519 public key into an Ed25519 public key.

     y = (u - 1) / (u + 1)

     NOTE: u=-1 is converted to y=0 since fe_invert is mod-exp
  */
  fe_frombytes(u, curve25519_pubkey);
  fe_tobytes(strict, u);
  if (crypto_verify_32(strict, curve25519_pubkey) != 0)
    return 0;
  fe_montx_to_edy(y, u);
  fe_tobytes(ed_pubkey, y);

  memmove(verifybuf, signature, 64);
  memmove(verifybuf+64, msg, msg_len);

  /* Then perform a normal Ed25519 verification, return 0 on success */
  /* The below call has a strange API: */
  /* verifybuf = R || S || message */
  /* verifybuf2 = internal to next call gets a copy of verifybuf, S gets 
     replaced with pubkey for hashing */
  return crypto_sign_open_modified(verifybuf2, verifybuf, 64 + msg_len, ed_pubkey);
}
Exemple #24
0
static nif_term_t
salt_verify_32(nif_heap_t *hp, int argc, const nif_term_t argv[])
{
	/* salt_verify_32(Bin_x, Bin_y) -> equal | not_equal. */
	nif_bin_t 		bx;
	nif_bin_t 		by;

	if (argc != 2)
		return (BADARG);

	if (! enif_inspect_binary(hp, argv[0], &bx))
		return (BADARG);

	if (! enif_inspect_binary(hp, argv[1], &by))
		return (BADARG);

	if (bx.size != 32 || by.size != 32)
		return (BADARG);

	if (crypto_verify_32(bx.data, by.data) != 0)
		return (enif_make_atom(hp, "not_equal"));

	return (enif_make_atom(hp, "equal"));
}
Exemple #25
0
SODIUM_EXPORT int
crypto_verify_32_ref(const unsigned char *x, const unsigned char *y)
{
    return crypto_verify_32(x, y);
}
Exemple #26
0
static void check_config_keypair_or_die(char *home)
{
	int fd, err;
	ssize_t ret;
	const char * errstr = NULL;
	unsigned char publickey[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES];
	unsigned char publicres[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES];
	unsigned char secretkey[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES];
	char path[PATH_MAX];

	memset(path, 0, sizeof(path));
	slprintf(path, sizeof(path), "%s/%s", home, FILE_PRIVKEY);

	fd = open(path, O_RDONLY);
	if (fd < 0) {
		err = EIO;
		errstr = "Cannot open privkey file!\n";
		goto out_noclose;
	}

	ret = read(fd, secretkey, sizeof(secretkey));
	if (ret != sizeof(secretkey)) {
		err = EIO;
		errstr = "Cannot read private key!\n";
		goto out;
	}

	close(fd);

	memset(path, 0, sizeof(path));
	slprintf(path, sizeof(path), "%s/%s", home, FILE_PUBKEY);

	fd = open(path, O_RDONLY);
	if (fd < 0) {
		err = EIO;
		errstr = "Cannot open pubkey file!\n";
		goto out_noclose;
	}

	ret = read(fd, publickey, sizeof(publickey));
	if (ret != sizeof(publickey)) {
		err = EIO;
		errstr = "Cannot read public key!\n";
		goto out;
	}

	crypto_scalarmult_curve25519_base(publicres, secretkey);

	err = crypto_verify_32(publicres, publickey);
	if (err) {
		err = EINVAL;
		errstr = "WARNING: your keypair is corrupted!!! You need to "
			 "generate new keys!!!\n";
		goto out;
	}
out:
	close(fd);
out_noclose:
	xmemset(publickey, 0, sizeof(publickey));
	xmemset(publicres, 0, sizeof(publicres));
	xmemset(secretkey, 0, sizeof(secretkey));

	if (err)
		panic("%s: %s\n", errstr, strerror(errno));
}
Exemple #27
0
int main(void)
{
    unsigned char *v16, *v16x;
    unsigned char *v32, *v32x;
    unsigned char *v64, *v64x;
    uint32_t       r;
    uint8_t        o;
    int            i;

    v16 = (unsigned char *) sodium_malloc(16);
    v16x = (unsigned char *) sodium_malloc(16);
    v32 = (unsigned char *) sodium_malloc(32);
    v32x = (unsigned char *) sodium_malloc(32);
    v64 = (unsigned char *) sodium_malloc(64);
    v64x = (unsigned char *) sodium_malloc(64);
    for (i = 0; i < 10000; i++) {
        randombytes_buf(v16, 16);
        randombytes_buf(v32, 32);
        randombytes_buf(v64, 64);

        memcpy(v16x, v16, 16);
        memcpy(v32x, v32, 32);
        memcpy(v64x, v64, 64);

        if (crypto_verify_16(v16, v16x) != 0 ||
            crypto_verify_32(v32, v32x) != 0 ||
            crypto_verify_64(v64, v64x) != 0 ||
            sodium_memcmp(v16, v16x, 16) != 0 ||
            sodium_memcmp(v32, v32x, 32) != 0 ||
            sodium_memcmp(v64, v64x, 64) != 0) {
            printf("Failed\n");
        }
    }
    printf("OK\n");

    for (i = 0; i < 100000; i++) {
        r = randombytes_random();
        o = (uint8_t) randombytes_random();
        if (o == 0) {
            continue;
        }
        v16x[r & 15U] ^= o;
        v32x[r & 31U] ^= o;
        v64x[r & 63U] ^= o;
        if (crypto_verify_16(v16, v16x) != -1 ||
            crypto_verify_32(v32, v32x) != -1 ||
            crypto_verify_64(v64, v64x) != -1 ||
            sodium_memcmp(v16, v16x, 16) != -1 ||
            sodium_memcmp(v32, v32x, 32) != -1 ||
            sodium_memcmp(v64, v64x, 64) != -1) {
            printf("Failed\n");
        }
        v16x[r & 15U] ^= o;
        v32x[r & 31U] ^= o;
        v64x[r & 63U] ^= o;
    }
    printf("OK\n");

    assert(crypto_verify_16_bytes() == 16U);
    assert(crypto_verify_32_bytes() == 32U);
    assert(crypto_verify_64_bytes() == 64U);

    sodium_free(v16);
    sodium_free(v16x);
    sodium_free(v32);
    sodium_free(v32x);
    sodium_free(v64);
    sodium_free(v64x);

    return 0;
}
Exemple #28
0
int fe_isnonzero(const fe f)
{
  unsigned char s[32];
  fe_tobytes(s,f);
  return crypto_verify_32(s,zero);
}