Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ed25519: SignatureSize not match libsodium crypto_sign_ed25519 SignatureSize #22774

Closed
Zeymo opened this issue Nov 17, 2017 · 7 comments
Closed

x/crypto/ed25519: SignatureSize not match libsodium crypto_sign_ed25519 SignatureSize #22774

Zeymo opened this issue Nov 17, 2017 · 7 comments
Labels
FrozenDueToAge WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Milestone
Unreleased

Comments

@Zeymo
Copy link

Zeymo commented Nov 17, 2017
edited

https://github.com/golang/crypto/blob/9f005a07e0d31d45e6656d241bb5c0f2efd4bc94/ed25519/ed25519.go#L33

SignatureSize is 64 and

https://github.com/jedisct1/libsodium/blob/569778b517496861a3880e0e690973bf08a52e08/src/libsodium/crypto_sign/ed25519/ref10/sign.c#L141

SignatureSize 64 + len(data)

thus data sign by libsodium can't verify by x/crypto/ed25519

and is any plan to support crypto_sign_ed25519_pk_to_curve25519 and crypto_sign_ed25519_sk_to_curve25519
@gopherbot gopherbot added this to the Unreleased milestone Nov 17, 2017
@Zeymo Zeymo changed the title x/crypto/ed25519 SignatureSize not match libsodium crypto_sign_ed25519 SignatureSize x/crypto: ed25519 SignatureSize not match libsodium crypto_sign_ed25519 SignatureSize Nov 17, 2017
@bradfitz bradfitz changed the title x/crypto: ed25519 SignatureSize not match libsodium crypto_sign_ed25519 SignatureSize x/crypto/ed25519: SignatureSize not match libsodium crypto_sign_ed25519 SignatureSize Nov 17, 2017
@bradfitz
Copy link
Contributor

thus data sign by libsodium can't verify by x/crypto/ed25519

Are you guessing this from reading code, or do you have a concrete example where verification doesn't work?

@bradfitz bradfitz added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Nov 17, 2017
@jedisct1
Copy link

libsodium's crypto_sign() returns the signature followed by the message. crypto_sign_detached() returns only the signature, which is 64 bytes long.

@bradfitz
Copy link
Contributor

I don't understand your bug report.

Maybe @agl does.

@agl
Copy link
Contributor

agl commented Nov 17, 2017

I think jedisct1's comment explains it.

@agl agl closed this as completed Nov 17, 2017
@bradfitz
Copy link
Contributor

Ah, I missed that @jedisct1 was not the OP. I thought the comment was a continuation of the bug report. Thanks.

@Zeymo
Copy link
Author

Zeymo commented Nov 18, 2017
edited

@bradfitz @agl we app use libsodium communicate with go-crypt-server

package cgo

import (
	"testing"
	"crypto/rand"
	"golang.org/x/crypto/ed25519"
	"github.com/jamesruan/sodium"
	"log"
	"encoding/hex"
)

func Test_libsodium_encryt_and_xcrypt_decrypt(t *testing.T) {

	ed25591_pk, ed25591_sk, err := ed25519.GenerateKey(nil)
	if err != nil {
		t.Fail()
	}

	var random []byte
	var clientRandom, serverRandom [16]byte

	rand.Read(clientRandom[:])
	rand.Read(serverRandom[:])

	random = append(random, clientRandom[:]...)
	random = append(random, serverRandom[:]...)
	log.Println("random ", hex.EncodeToString(random))
	// sign := ed25519.Sign(ed25591_sk, random)
	//log.Println("ed25519 sign ", hex.EncodeToString(sign))
	sign, err := sodium.Sign(random, ed25591_sk)
	log.Println("libsodium sign ", hex.EncodeToString(sign))
	isSuccess, err := sodium.Verify(random, sign, ed25591_pk)
	log.Printf("isSuccess %t ,err ,%v", isSuccess, err)
	if err != nil || !isSuccess {
		t.Fail()
	}
}

when use ed25519 verify it fail

2017/11/18 09:17:09 random  d004f678f1c158ddba96e795b2d1a6b888e5575fff910ee7a655de3e39e2bdc1
2017/11/18 09:17:09 ed25519 sign  3cc684396fe341b5828371cae3ddbd6310687cb085ff8c158559e096052ae18c54f6cf2aeea2cb2234bcf6aa9d017dd3ae56045d1ec02907838de9f83566530a
2017/11/18 09:17:09 isSuccess false ,err ,verify sign error

when use libsodium verify it success

2017/11/18 09:21:02 random  04286dea822b85af07667d41a9e482d8baa861bbcf86f897a068847a6620a5f1
2017/11/18 09:21:02 libsodium sign  12c07c5f920c704f8a6344fbb3b3d2a3ad0778af8e240fd3af00d2d21f634fb0fe8e672c54cac3d42e6deae11817daf89f0d9a5c7a8416ca2dd3c20121ff060904286dea822b85af07667d41a9e482d8baa861bbcf86f897a068847a6620a5f1
2017/11/18 09:21:02 isSuccess true ,err ,<nil>

libsodium code

func Sign(data []byte, key []byte) (signdata []byte, e error) {
	signdata = make([]byte, crypto_sign_BYTES+len(data))
	var outlen C.ulonglong
	if C.crypto_sign(
		(*C.uchar)(&signdata[0]),
		&outlen,
		(*C.uchar)(&data[0]),
		(C.ulonglong)(len(data)),
		(*C.uchar)(&key[0])) != 0 {
		e = fmt.Errorf("crypto sign error")
		return nil, e
	}
	signdata = signdata[:outlen]
	return signdata, nil
}

func Verify(data []byte, sigdata []byte, key []byte) (bool, error) {
	var outlen C.ulonglong
	if C.crypto_sign_open(
		(*C.uchar)(&data[0]),
		&outlen,
		(*C.uchar)(&sigdata[0]),
		(C.ulonglong)(len(sigdata)),
		(*C.uchar)(&key[0])) != 0 {
		e := fmt.Errorf("verify sign error")
		return false, e
	}
	data = data[:outlen]
	return true, nil
}

different sign length maybe occur true/fail

@jedisct1
In corecctw way , I maybe use sign = append(sign,random) to libsodium verify?

If I'm worng plz correct me

@Zeymo
Copy link
Author

Zeymo commented Nov 20, 2017

I make it , thx for ur time

@golang golang locked and limited conversation to collaborators Nov 20, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
5 participants
@bradfitz @agl @jedisct1 @Zeymo @gopherbot