From e4c976bc48cc7739655172ba3a9dcba4ac5f9d37 Mon Sep 17 00:00:00 2001
From: "pavel.uhanov" <pavel.uhanov@demlabs.net>
Date: Fri, 28 Feb 2025 14:30:43 +0300
Subject: [PATCH 1/3] [*] add pkey arg to sign verify
---
crypto/include/dap_sign.h | 53 ++++++++++++++++++++++++++-------------
crypto/src/dap_sign.c | 25 +++++-------------
2 files changed, 42 insertions(+), 36 deletions(-)
diff --git a/crypto/include/dap_sign.h b/crypto/include/dap_sign.h
index 36142a9d0..2e20ce1ae 100755
--- a/crypto/include/dap_sign.h
+++ b/crypto/include/dap_sign.h
@@ -58,7 +58,7 @@ typedef uint32_t dap_sign_type_enum_t;
#define DAP_SIGN_HASH_TYPE_SIGN 0x0e
#define DAP_SIGN_HASH_TYPE_DEFAULT 0x0f // not transferred in network, first try use sign hash, if false, use s_sign_hash_type_default
-#define DAP_SIGN_PKEY_HASHING_FLAG ((uint32_t)1 << 7)
+#define DAP_SIGN_PKEY_HASHING_FLAG BIT(7)
#define DAP_SIGN_ADD_PKEY_HASHING_FLAG(a) ((a) | DAP_SIGN_PKEY_HASHING_FLAG)
#define DAP_SIGN_REMOVE_PKEY_HASHING_FLAG(a) ((a) & ~DAP_SIGN_PKEY_HASHING_FLAG)
#define DAP_SIGN_GET_PKEY_HASHING_FLAG(a) ((a) & DAP_SIGN_PKEY_HASHING_FLAG)
@@ -96,19 +96,23 @@ extern "C" {
int dap_sign_init(uint8_t a_sign_hash_type_default);
uint64_t dap_sign_get_size(dap_sign_t * a_chain_sign);
-
-int dap_sign_verify (dap_sign_t * a_chain_sign, const void * a_data, const size_t a_data_size);
-bool dap_sign_verify_size(dap_sign_t *a_sign, size_t a_max_sign_size);
+int dap_sign_verify_by_pkey(dap_sign_t *a_chain_sign, const void *a_data, const size_t a_data_size, dap_pkey_t *a_pkey);
+DAP_STATIC_INLINE int dap_sign_verify (dap_sign_t *a_chain_sign, const void *a_data, const size_t a_data_size)
+{
+ return dap_sign_verify_by_pkey(a_chain_sign, a_data, a_data_size, NULL);
+}
/**
- * @brief dap_sign_verify_data
- * @param a_chain_sign
- * @param a_data
- * @param a_data_size
- * @return
+ * @brief verify, if a_sign->header.sign_pkey_size and a_sign->header.sign_size bigger, then a_max_key_size
+ * @param a_sign signed data object
+ * @param a_max_sign_size max size of signature
+ * @return 0 if pass, otjer if not
*/
-static inline bool dap_sign_verify_data (dap_sign_t * a_chain_sign, const void * a_data, const size_t a_data_size){
- return !dap_sign_verify(a_chain_sign, a_data, a_data_size);
+DAP_STATIC_INLINE int dap_sign_verify_size(dap_sign_t *a_sign, size_t a_max_sign_size)
+{
+ return !(a_sign && (a_max_sign_size > sizeof(dap_sign_t)) && (a_sign->header.sign_size) &&
+ (a_sign->header.sign_pkey_size) && (a_sign->header.type.type != SIG_TYPE_NULL) &&
+ ((uint64_t)a_sign->header.sign_size + a_sign->header.sign_pkey_size + sizeof(dap_sign_t) <= (uint64_t)a_max_sign_size));
}
/**
@@ -119,13 +123,11 @@ static inline bool dap_sign_verify_data (dap_sign_t * a_chain_sign, const void *
* @param a_data_size
* @return
*/
-static inline int dap_sign_verify_all(dap_sign_t * a_sign, const size_t a_sign_size_max, const void * a_data, const size_t a_data_size)
+DAP_STATIC_INLINE int dap_sign_verify_all(dap_sign_t *a_sign, const size_t a_sign_size_max, const void * a_data, const size_t a_data_size)
{
- if( a_sign_size_max < sizeof(dap_sign_t)){
- return -3;
- }else if ( ! dap_sign_verify_size(a_sign,a_sign_size_max) ){
+ if ( dap_sign_verify_size(a_sign,a_sign_size_max) ) {
return -2;
- }else if (! dap_sign_verify_data(a_sign,a_data, a_data_size) ){
+ } else if ( dap_sign_verify(a_sign,a_data, a_data_size) ) {
return -1;
}
return 0;
@@ -155,7 +157,14 @@ uint8_t* dap_sign_get_pkey(dap_sign_t *a_sign, size_t *a_pub_key_out);
bool dap_sign_get_pkey_hash(dap_sign_t *a_sign, dap_chain_hash_fast_t *a_sign_hash);
bool dap_sign_compare_pkeys(dap_sign_t *l_sign1, dap_sign_t *l_sign2);
-dap_enc_key_t *dap_sign_to_enc_key(dap_sign_t * a_chain_sign);
+dap_enc_key_t *dap_sign_to_enc_key_by_pkey(dap_sign_t *a_chain_sign, dap_pkey_t *a_pkey);
+DAP_STATIC_INLINE dap_enc_key_t *dap_sign_to_enc_key(dap_sign_t * a_chain_sign)
+{
+ return dap_sign_to_enc_key_by_pkey(a_chain_sign, NULL);
+}
+
+
+
const char * dap_sign_type_to_str(dap_sign_type_t a_chain_sign_type);
dap_sign_type_t dap_sign_type_from_str(const char * a_type_str);
bool dap_sign_type_is_depricated(dap_sign_type_t a_sign_type);
@@ -166,6 +175,16 @@ void dap_sign_get_information_json(json_object* a_json_arr_reply, dap_sign_t* a_
int dap_sign_set_pkey_by_hash_callback (dap_sign_callback_t a_callback);
+/**
+ * @brief get SHA3 hash of buffer (a_sign), storing in output buffer a_sign_hash
+ * @param a_sign to check
+ * @return true or false
+ */
+DAP_STATIC_INLINE bool dap_sign_is_use_pkey_hash(dap_sign_t *a_sign)
+{
+ return a_sign && DAP_SIGN_GET_PKEY_HASHING_FLAG(a_sign->header.hash_type);
+}
+
#ifdef __cplusplus
}
#endif
diff --git a/crypto/src/dap_sign.c b/crypto/src/dap_sign.c
index 33b95feca..693344cae 100755
--- a/crypto/src/dap_sign.c
+++ b/crypto/src/dap_sign.c
@@ -405,34 +405,20 @@ bool dap_sign_compare_pkeys(dap_sign_t *l_sign1, dap_sign_t *l_sign2)
return (l_pkey_ser_size1 == l_pkey_ser_size2) && !memcmp(l_pkey_ser1, l_pkey_ser2, l_pkey_ser_size1);
}
-/**
- * @brief verify, if a_sign->header.sign_pkey_size and a_sign->header.sign_size bigger, then a_max_key_size
- *
- * @param a_sign signed data object
- * @param a_max_sign_size max size of signature
- * @return true
- * @return false
- */
-bool dap_sign_verify_size(dap_sign_t *a_sign, size_t a_max_sign_size)
-{
- return (a_max_sign_size > sizeof(dap_sign_t)) && (a_sign->header.sign_size) &&
- (a_sign->header.sign_pkey_size) && (a_sign->header.type.type != SIG_TYPE_NULL) &&
- ((uint64_t)a_sign->header.sign_size + a_sign->header.sign_pkey_size + sizeof(dap_sign_t) <= (uint64_t)a_max_sign_size);
-}
/**
* @brief get deserialized pub key from dap_sign_t
- *
* @param a_chain_sign dap_sign_t object
+ * @param a_pkey
* @return dap_enc_key_t*
*/
-dap_enc_key_t *dap_sign_to_enc_key(dap_sign_t * a_chain_sign)
+dap_enc_key_t *dap_sign_to_enc_key_by_pkey(dap_sign_t *a_chain_sign, dap_pkey_t *a_pkey)
{
dap_enc_key_type_t l_type = dap_sign_type_to_key_type(a_chain_sign->header.type);
dap_return_val_if_pass(l_type == DAP_ENC_KEY_TYPE_INVALID, NULL);
size_t l_pkey_size = 0;
- uint8_t *l_pkey = dap_sign_get_pkey(a_chain_sign, &l_pkey_size);
+ uint8_t *l_pkey = a_pkey ? a_pkey->pkey : dap_sign_get_pkey(a_chain_sign, &l_pkey_size);
dap_enc_key_t * l_ret = dap_enc_key_new(l_type);
// deserialize public key
if (dap_enc_key_deserialize_pub_key(l_ret, l_pkey, l_pkey_size)) {
@@ -447,13 +433,14 @@ dap_enc_key_t *dap_sign_to_enc_key(dap_sign_t * a_chain_sign)
* @param a_chain_sign dap_sign_t a_chain_sign object
* @param a_data const void * buffer with data
* @param a_data_size const size_t buffer size
+ * @param a_pkey pkey to verofy sign
* @return 0 valid signature, else invalid signature with error code
*/
-int dap_sign_verify(dap_sign_t *a_chain_sign, const void *a_data, const size_t a_data_size)
+int dap_sign_verify_by_pkey(dap_sign_t *a_chain_sign, const void *a_data, const size_t a_data_size, dap_pkey_t *a_pkey)
{
dap_return_val_if_pass(!a_chain_sign || !a_data, -2);
- dap_enc_key_t *l_key = dap_sign_to_enc_key(a_chain_sign);
+ dap_enc_key_t *l_key = dap_sign_to_enc_key_by_pkey(a_chain_sign, a_pkey);
if ( !l_key ){
log_it(L_WARNING,"Incorrect signature, can't extract key");
return -3;
--
GitLab
From 61aa8efc286894ed62da252a436bf2862fe3cc66 Mon Sep 17 00:00:00 2001
From: "pavel.uhanov" <pavel.uhanov@demlabs.net>
Date: Fri, 7 Mar 2025 08:00:58 +0000
Subject: [PATCH 2/3] [*] remove s_get_pkey_by_hash_callback using
---
crypto/src/dap_sign.c | 19 ++-----------------
1 file changed, 2 insertions(+), 17 deletions(-)
diff --git a/crypto/src/dap_sign.c b/crypto/src/dap_sign.c
index 693344cae..12c1370c1 100755
--- a/crypto/src/dap_sign.c
+++ b/crypto/src/dap_sign.c
@@ -345,24 +345,9 @@ uint8_t* dap_sign_get_sign(dap_sign_t *a_sign, size_t *a_sign_size)
* @param a_pub_key_out [option] output pointer to a_sign->header.sign_pkey_size
* @return uint8_t*
*/
-uint8_t* dap_sign_get_pkey(dap_sign_t *a_sign, size_t *a_pub_key_out)
+uint8_t *dap_sign_get_pkey(dap_sign_t *a_sign, size_t *a_pub_key_out)
{
dap_return_val_if_pass(!a_sign, NULL);
- bool l_use_pkey_hash = DAP_SIGN_GET_PKEY_HASHING_FLAG(a_sign->header.hash_type);
- if (l_use_pkey_hash) {
- if (!s_get_pkey_by_hash_callback) {
- log_it(L_ERROR, "Can't get pkey by hash, callback s_get_pkey_by_hash_callback not inited");
- return NULL;
- }
- dap_pkey_t *l_pkey = s_get_pkey_by_hash_callback(a_sign->pkey_n_sign);
- if (!l_pkey) {
- log_it(L_ERROR, "Can't get pkey by hash %s", dap_hash_fast_to_str_static((dap_hash_fast_t *)a_sign->pkey_n_sign));
- return NULL;
- }
- if (a_pub_key_out)
- *a_pub_key_out = l_pkey->header.size;
- return l_pkey->pkey;
- }
if (a_pub_key_out)
*a_pub_key_out = a_sign->header.sign_pkey_size;
return a_sign->pkey_n_sign;
@@ -417,7 +402,7 @@ dap_enc_key_t *dap_sign_to_enc_key_by_pkey(dap_sign_t *a_chain_sign, dap_pkey_t
dap_enc_key_type_t l_type = dap_sign_type_to_key_type(a_chain_sign->header.type);
dap_return_val_if_pass(l_type == DAP_ENC_KEY_TYPE_INVALID, NULL);
- size_t l_pkey_size = 0;
+ size_t l_pkey_size = a_pkey ? a_pkey->header.size : 0;
uint8_t *l_pkey = a_pkey ? a_pkey->pkey : dap_sign_get_pkey(a_chain_sign, &l_pkey_size);
dap_enc_key_t * l_ret = dap_enc_key_new(l_type);
// deserialize public key
--
GitLab
From c68d541df022ed50c0daef6367ba6b10e1408c90 Mon Sep 17 00:00:00 2001
From: "pavel.uhanov" <pavel.uhanov@demlabs.net>
Date: Fri, 7 Mar 2025 13:11:55 +0300
Subject: [PATCH 3/3] [*] fix tests
---
crypto/test/crypto/dap_enc_benchmark_test.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/crypto/test/crypto/dap_enc_benchmark_test.c b/crypto/test/crypto/dap_enc_benchmark_test.c
index e70c2623f..6ef80da7a 100644
--- a/crypto/test/crypto/dap_enc_benchmark_test.c
+++ b/crypto/test/crypto/dap_enc_benchmark_test.c
@@ -208,12 +208,24 @@ static void s_sign_verify_ser_test(dap_enc_key_type_t a_key_type, int a_times, i
l_t1 = get_cur_time_msec();
for(int i = 0; i < a_times; ++i) {
int l_verified = 0;
- if (dap_sign_type_to_key_type(l_signs[i]->header.type) == DAP_ENC_KEY_TYPE_SIG_ECDSA)
- l_verified = dap_sign_verify(l_signs[i], l_source[i], l_source_size[i]);
- else {
+ if (dap_sign_type_to_key_type(l_signs[i]->header.type) == DAP_ENC_KEY_TYPE_SIG_ECDSA) {
+ if (dap_sign_is_use_pkey_hash(l_signs[i])) {
+ dap_hash_fast_t l_sign_pkey_hash = {};
+ dap_sign_get_pkey_hash(l_signs[i], &l_sign_pkey_hash);
+ l_verified = dap_sign_verify_by_pkey(l_signs[i], l_source[i], l_source_size[i], s_get_pkey_by_hash_callback( (const uint8_t *)&l_sign_pkey_hash));
+ } else {
+ l_verified = dap_sign_verify(l_signs[i], l_source[i], l_source_size[i]);
+ }
+ } else {
dap_chain_hash_fast_t l_hash;
dap_hash_fast(l_source[i], l_source_size[i], &l_hash);
- l_verified = dap_sign_verify(l_signs[i], &l_hash, sizeof(l_hash));
+ if (dap_sign_is_use_pkey_hash(l_signs[i])) {
+ dap_hash_fast_t l_sign_pkey_hash = {};
+ dap_sign_get_pkey_hash(l_signs[i], &l_sign_pkey_hash);
+ l_verified = dap_sign_verify_by_pkey(l_signs[i], &l_hash, sizeof(l_hash), s_get_pkey_by_hash_callback( (const uint8_t *)&l_sign_pkey_hash));
+ } else {
+ l_verified = dap_sign_verify(l_signs[i], &l_hash, sizeof(l_hash));
+ }
}
dap_assert_PIF(!l_verified, "Deserialize and verifying signature");
}
--
GitLab