int cmd_serval_verify(const char *sas_key, const size_t sas_key_len, const unsigned char *msg, const size_t msg_len, const char *sig, const size_t sig_len) { int verdict = 0; unsigned char bin_sig[SIGNATURE_BYTES]; unsigned char bin_sas[SAS_SIZE]; CHECK_ERR(sig_len == 2*SIGNATURE_BYTES,"Invalid signature"); CHECK_ERR(sas_key_len == 2*SAS_SIZE,"Invalid SAS key"); // convert signature from hex to binary CHECK_ERR(fromhexstr(bin_sig,sig,SIGNATURE_BYTES) == 0,"Invalid signature"); CHECK_ERR(fromhexstr(bin_sas,sas_key,SAS_SIZE) == 0,"Invalid SAS key"); DEBUG("Message to verify:\n%s",msg); unsigned char hash[crypto_hash_sha512_BYTES]; crypto_hash_sha512(hash,msg,msg_len); if (crypto_verify_signature(bin_sas, hash, crypto_hash_sha512_BYTES, &bin_sig[0], SIGNATURE_BYTES) == 0) verdict = 1; // successfully verified error: return verdict; }
// verify the signature at the end of a message, on return message_len will be reduced by the length of the signature. int crypto_verify_message(struct subscriber *subscriber, unsigned char *message, int *message_len) { if (!subscriber->sas_valid){ keyring_send_sas_request(subscriber); return WHY("SAS key not currently on record, cannot verify"); } if (*message_len < SIGNATURE_BYTES) return WHY("Message is too short to include a signature"); *message_len -= SIGNATURE_BYTES; unsigned char hash[crypto_hash_sha512_BYTES]; crypto_hash_sha512(hash,message,*message_len); return crypto_verify_signature(subscriber->sas_public, hash, crypto_hash_sha512_BYTES, &message[*message_len], SIGNATURE_BYTES); }
int cmd_serval_verify(svl_crypto_ctx *ctx) { int verdict = 0; CHECK_ERR(ctx && ctx->msg && ctx->signature[0] && ctx->sas_public[0],"Invalid ctx"); DEBUG("Message to verify:\n%s", ctx->msg); unsigned char hash[crypto_hash_sha512_BYTES]; crypto_hash_sha512(hash, ctx->msg, ctx->msg_len); int sig_ret = crypto_verify_signature(ctx->sas_public, hash, crypto_hash_sha512_BYTES, ctx->signature, SIGNATURE_BYTES); if (sig_ret == 0) verdict = 1; // successfully verified error: return verdict; }