From 24ffdce5c399d93bf6bd6f87aeef4856bb4925a5 Mon Sep 17 00:00:00 2001 From: Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com> Date: Wed, 27 Apr 2022 01:04:11 -0700 Subject: [PATCH] Experimental Sign combined mode --- spec/sodium/sign/secret_key_spec.cr | 11 +++++++++- src/sodium/sign/public_key.cr | 32 +++++++++++++++++++++++++---- src/sodium/sign/secret_key.cr | 20 +++++++++++++++--- 3 files changed, 55 insertions(+), 8 deletions(-) diff --git a/spec/sodium/sign/secret_key_spec.cr b/spec/sodium/sign/secret_key_spec.cr index 116ce45..1952bee 100644 --- a/spec/sodium/sign/secret_key_spec.cr +++ b/spec/sodium/sign/secret_key_spec.cr @@ -64,7 +64,16 @@ describe Sodium::Sign::SecretKey do key1.seed.should eq key3.seed end - it "signs and verifies" do + it "signs and verifies combined" do + message = "foo" + skey = Sodium::Sign::SecretKey.new + sig = skey.sign message + + message2 = skey.public_key.verify_string sig + message2.should eq message + end + + it "signs and verifies detached" do message = "foo" skey = Sodium::Sign::SecretKey.new sig = skey.sign_detached message diff --git a/src/sodium/sign/public_key.cr b/src/sodium/sign/public_key.cr index ad66d12..3a838cd 100644 --- a/src/sodium/sign/public_key.cr +++ b/src/sodium/sign/public_key.cr @@ -20,13 +20,37 @@ module Sodium end end - # Verify signature made by `secret_key.sign_detached(message)` + # Verify signature made by `secret_key.sign(message)` # Raises on verification failure. - def verify_detached(message, sig : Bytes) - verify_detached message.to_slice, sig + # + # WARNING: returns pointer to message within messagesig (zerocopy) + # If you reuse messagesig, `#dup` the returned message + # `secret_key.verify(messagesig).dup` + @[Experimental] + def verify(messagesig) : Bytes + messagesig = messagesig.to_slice + bs = messagesig.bytesize + raise Sodium::Error::VerificationFailed.new("message shorter than SIG_SIZE") unless bs >= SIG_SIZE + + message = messagesig[SIG_SIZE, bs - SIG_SIZE] + sig = messagesig[0, SIG_SIZE] + + verify_detached message, sig + message end - def verify_detached(message : Bytes, sig : Bytes) + @[Experimental] + def verify_string(messagesig) : String + String.new(verify(messagesig)) + end + + # Verify signature made by `secret_key.sign_detached(message)` + # Raises on verification failure. + def verify_detached(message, sig) : Nil + verify_detached message.to_slice, sig.to_slice + end + + def verify_detached(message : Bytes, sig : Bytes) : Nil raise ArgumentError.new("Signature must be #{SIG_SIZE} bytes, got #{sig.bytesize}") if sig.bytesize != SIG_SIZE v = LibSodium.crypto_sign_verify_detached sig, message, message.bytesize, @bytes diff --git a/src/sodium/sign/secret_key.cr b/src/sodium/sign/secret_key.cr index 4ca2de1..5d1938b 100644 --- a/src/sodium/sign/secret_key.cr +++ b/src/sodium/sign/secret_key.cr @@ -91,14 +91,28 @@ module Sodium end.readonly end + # Signs message and returns a combined signature. + # Verify using `secret_key.public_key.verify(messagesig).dup` + # See warning about object reuse in `#verify` if you don't `#dup` + @[Experimental] + def sign(message) : Bytes + message = message.to_slice + + Bytes.new(SIG_SIZE + message.bytesize).tap do |msgsig| + sign_detached message, msgsig[0, SIG_SIZE] + message.copy_to msgsig[SIG_SIZE, message.bytesize] + end + end + # Signs message and returns a detached signature. # Verify using `secret_key.public_key.verify_detached(message, sig)` - def sign_detached(message) + def sign_detached(message) : Bytes sign_detached message.to_slice end - def sign_detached(message : Bytes) - sig = Bytes.new(SIG_SIZE) + def sign_detached(message : Bytes, sig : Bytes? = nil) : Bytes + raise ArgumentError.new("expected sig to be #{SIG_SIZE}, got #{sig.try(&.bytesize).inspect}") if sig && sig.bytesize != SIG_SIZE + sig ||= Bytes.new(SIG_SIZE) @key.readonly do |kslice| if LibSodium.crypto_sign_detached(sig, out sig_len, message, message.bytesize, kslice) != 0 raise Error.new("crypto_sign_detached")