int pairing_session_finish(pairing_session_t *session, const unsigned char signature[64]) { unsigned char sig_buffer[64]; unsigned char sig_msg[64]; unsigned char key[16]; unsigned char iv[16]; AES_CTR_CTX aes_ctx; assert(session); if (session->status != STATUS_HANDSHAKE) { return -1; } /* First decrypt the signature with keys derived from the shared secret */ derive_key_internal(session, (const unsigned char *) SALT_KEY, strlen(SALT_KEY), key, sizeof(key)); derive_key_internal(session, (const unsigned char *) SALT_IV, strlen(SALT_IV), iv, sizeof(key)); AES_ctr_set_key(&aes_ctx, key, iv, AES_MODE_128); /* One fake round for the initial handshake encryption */ AES_ctr_encrypt(&aes_ctx, sig_buffer, sig_buffer, 64); AES_ctr_encrypt(&aes_ctx, signature, sig_buffer, 64); /* Then verify the signature with public ECDH keys of both parties */ memcpy(&sig_msg[0], session->ecdh_theirs, 32); memcpy(&sig_msg[32], session->ecdh_ours, 32); if (!ed25519_verify(sig_buffer, sig_msg, sizeof(sig_msg), session->ed_theirs)) { return -2; } session->status = STATUS_FINISHED; return 0; }
bool verify_mutable_item( span<char const> v , span<char const> salt , sequence_number const seq , public_key const& pk , signature const& sig) { char str[1200]; int len = canonical_string(v, seq, salt, str); return ed25519_verify(sig, {str, size_t(len)}, pk); }
bool_t org_signet_verify(prime_org_signet_t *org) { stringer_t *holder = MANAGEDBUF(69); if (!org || !org->signing || !org->encryption || !org->signature || st_length_get(org->signature) != 64) { return false; } else if (st_write(holder, prime_field_write(PRIME_ORG_SIGNET, 1, ED25519_KEY_PUB_LEN, ed25519_public_get(org->signing, MANAGEDBUF(32)), MANAGEDBUF(34)), prime_field_write(PRIME_ORG_SIGNET, 3, SECP256K1_KEY_PUB_LEN, secp256k1_public_get(org->encryption, MANAGEDBUF(33)), MANAGEDBUF(35))) != 69) { return false; } else if (ed25519_verify(org->signing, holder, org->signature)) { return false; } return true; }
bool verify_mutable_item( std::pair<char const*, int> v, std::pair<char const*, int> salt, boost::uint64_t seq, char const* pk, char const* sig) { #ifdef TORRENT_USE_VALGRIND VALGRIND_CHECK_MEM_IS_DEFINED(v.first, v.second); VALGRIND_CHECK_MEM_IS_DEFINED(pk, item_pk_len); VALGRIND_CHECK_MEM_IS_DEFINED(sig, item_sig_len); #endif char str[canonical_length]; int len = canonical_string(v, seq, salt, str); return ed25519_verify((unsigned char const*)sig, (unsigned char const*)str, len, (unsigned char const*)pk) == 1; }
/* functions */ static u3_noun _cqee_veri(u3_noun s, u3_noun m, u3_noun pk) { c3_y sig_y[64]; c3_y pub_y[32]; c3_w ret; c3_y* mes_y; c3_w mesm_w = u3r_met(3, m); memset(sig_y, 0, 64); memset(pub_y, 0, 32); mes_y = c3_malloc(mesm_w); u3r_bytes(0, 64, sig_y, s); u3r_bytes(0, 32, pub_y, pk); u3r_bytes(0, mesm_w, mes_y, m); ret = ed25519_verify(sig_y, mes_y, mesm_w, pub_y) == 1 ? c3y : c3n; free(mes_y); return ret; }
int ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) { ge25519 MM16 R, A; hash_512bits hash; bignum256modm hram, S; unsigned char checkR[32]; if ((RS[63] & 224) || !ge25519_unpack_negative_vartime(&A, pk)) return -1; /* hram = H(R,A,m) */ ed25519_hram(hash, RS, pk, m, mlen); expand256_modm(hram, hash, 64); /* S */ expand256_modm(S, RS + 32, 32); /* SB - H(R,A,m)A */ ge25519_double_scalarmult_vartime(&R, &A, hram, S); ge25519_pack(checkR, &R); /* check that R = SB - H(R,A,m)A */ return ed25519_verify(RS, checkR, 32) ? 0 : -1; }
bool c_crypto_ed25519::verify_sign (const string &msg, const unsigned char *signature, const unsigned char *public_key) const { return ed25519_verify(signature, reinterpret_cast<const unsigned char *>(msg.c_str()), msg.length(), public_key) != 0; }
int main(int argc, char *argv[]) { unsigned char public_key[32], private_key[64], seed[32], scalar[32]; unsigned char other_public_key[32], other_private_key[64]; unsigned char shared_secret[32], other_shared_secret[32]; unsigned char signature[64]; clock_t start; clock_t end; int i; /* create a random seed, and a keypair out of that seed */ ed25519_create_seed(seed); ed25519_create_keypair(public_key, private_key, seed); /* create signature on the message with the keypair */ ed25519_sign(signature, message, strlen(message), public_key, private_key); /* verify the signature */ if (ed25519_verify(signature, message, strlen(message), public_key)) { printf("valid signature\n"); } else { printf("invalid signature\n"); } /* create scalar and add it to the keypair */ ed25519_create_seed(scalar); ed25519_add_scalar(public_key, private_key, scalar); /* create signature with the new keypair */ ed25519_sign(signature, message, strlen(message), public_key, private_key); /* verify the signature with the new keypair */ if (ed25519_verify(signature, message, strlen(message), public_key)) { printf("valid signature\n"); } else { printf("invalid signature\n"); } /* make a slight adjustment and verify again */ signature[44] ^= 0x10; if (ed25519_verify(signature, message, strlen(message), public_key)) { printf("did not detect signature change\n"); } else { printf("correctly detected signature change\n"); } /* generate two keypairs for testing key exchange */ ed25519_create_seed(seed); ed25519_create_keypair(public_key, private_key, seed); ed25519_create_seed(seed); ed25519_create_keypair(other_public_key, other_private_key, seed); /* create two shared secrets - from both perspectives - and check if they're equal */ ed25519_key_exchange(shared_secret, other_public_key, private_key); ed25519_key_exchange(other_shared_secret, public_key, other_private_key); for (i = 0; i < 32; ++i) { if (shared_secret[i] != other_shared_secret[i]) { printf("key exchange was incorrect\n"); break; } } if (i == 32) { printf("key exchange was correct\n"); } /* test performance */ printf("testing seed generation performance: "); start = clock(); for (i = 0; i < 10000; ++i) { ed25519_create_seed(seed); } end = clock(); printf("%fus per seed\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); printf("testing key generation performance: "); start = clock(); for (i = 0; i < 10000; ++i) { ed25519_create_keypair(public_key, private_key, seed); } end = clock(); printf("%fus per keypair\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); printf("testing sign performance: "); start = clock(); for (i = 0; i < 10000; ++i) { ed25519_sign(signature, message, strlen(message), public_key, private_key); } end = clock(); printf("%fus per signature\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); printf("testing verify performance: "); start = clock(); for (i = 0; i < 10000; ++i) { ed25519_verify(signature, message, strlen(message), public_key); } end = clock(); printf("%fus per signature\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); printf("testing keypair scalar addition performance: "); start = clock(); for (i = 0; i < 10000; ++i) { ed25519_add_scalar(public_key, private_key, scalar); } end = clock(); printf("%fus per keypair\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); printf("testing public key scalar addition performance: "); start = clock(); for (i = 0; i < 10000; ++i) { ed25519_add_scalar(public_key, NULL, scalar); } end = clock(); printf("%fus per key\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); printf("testing key exchange performance: "); start = clock(); for (i = 0; i < 10000; ++i) { ed25519_key_exchange(shared_secret, other_public_key, private_key); } end = clock(); printf("%fus per shared secret\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); return 0; }
int ed25519Verify(CC *cond, CCVisitor visitor) { if (cond->type->typeId != CC_Ed25519Type.typeId) return 1; // TODO: test failure mode: empty sig / null pointer return ed25519_verify(cond->signature, visitor.msg, visitor.msgLength, cond->publicKey); }
//Return 1 if sig is ok, 0 if sig fails inline int sw_verify(uint8_t *sig, uint8_t *msg, uint8_t *key) { return ed25519_verify(sig, msg, 32, key); }