2

I apologize for asking somewhat of a programming question, but I want to be sure I'm properly using this library cryptographically.

I have managed to implement ed25519-donna except for hashing the data for a signature.

As far as I can tell, this is the function that hashes data:

void ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen);

but I can't figure out what *hash is. I'm fairly certain that *in and inlen are the data to be hashed and its length.

Is it something specific to SHA512?

How can one hash with ed25519-donna?

Program hangs

I've compiled with ed25519-donna-master/ed25519.o and the OpenSSL flags -lssl -lcrypto. The key generation, signing, and verification functions work as expected.

It's running without error, but the application hangs on these lines, and the cores are not running at 100%, so I don't think it's busy processing:

extern "C"
{
  #include "ed25519-donna-master/ed25519.h"
  #include "ed25519-donna-master/ed25519-hash.h"
}
#include <openssl/rand.h>

unsigned char* hash;
const unsigned char* in = convertStringToUnsignedCharStar( myString );
std::cout << in << std::endl;
std::cout << "this is the last portion output and 'in' outputs correctly" << std::endl;
ed25519_hash(hash, in, sizeof(in) );
std::cout << hash << std::endl;
std::cout << "this is never output" << std::endl;

How can this code be modified so that ed25519_hash can function? It works the same way regardless of whether hash and in are unsigned char* or uint8_t*s.

For uint8_t*, I used this code:

uint8_t* hash;
const uint8_t* in = reinterpret_cast<const uint8_t*>(myString.c_str());

1 Answers1

3

“…but I can't figure out what *hash is.”

That uint8_t *hash is the buffer (unsigned char*) that will contain the resulting hash after you called the function.

So, you're looking at a function that expects 3 parameters (also known as arguments):

  1. an uint8_t * buffer to hold the resulting hash,
  2. the input data to be hashed,
  3. the length of the input data to be hashed.

“Is it something specific to SHA512?”

Nope, it's regular C source. But I think you’re a bit confused by the documentation. It states…

If you are not compiling against OpenSSL, you will need a hash function.
…
To use a custom hash function, use -DED25519_CUSTOMHASH
when compiling ed25519.c and put your custom hash implementation
in ed25519-hash-custom.h. The hash must have a 512bit digest and
implement
…
void ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen);

So, unless you are not compiling against OpenSSL and implementing your own hash function, you won't be needing this function. Looking at your code, you are compiling against OpenSSL, which means you're playing with the wrong function.

“How can one hash with ed25519-donna?”

By using the provided functionality the library offers.

Your question makes me wonder if you scrolled down to the “Usage” part of the readme, because it completely answers your question and tells you what functions to use.

For your convenience, let me point you to the part of the documentation you need to follow and where you find the functions you need to hash, sign, verify etc. using ed25519-donna:

To use the code, link against ed25519.o -mbits and:

#include "ed25519.h"

Add -lssl -lcrypto when using OpenSSL (Some systems don't need -lcrypto? It might be trial and error).

To generate a private key, simply generate 32 bytes from a secure cryptographic source:

ed25519_secret_key sk;
randombytes(sk, sizeof(ed25519_secret_key));

To generate a public key:

ed25519_public_key pk;
ed25519_publickey(sk, pk);

To sign a message:

ed25519_signature sig;
ed25519_sign(message, message_len, sk, pk, signature);

To verify a signature:

int valid = ed25519_sign_open(message, message_len, pk, signature) == 0;

To batch verify signatures:

const unsigned char *mp[num] = {message1, message2..}
size_t ml[num] = {message_len1, message_len2..}
const unsigned char *pkp[num] = {pk1, pk2..}
const unsigned char *sigp[num] = {signature1, signature2..}
int valid[num]

/* valid[i] will be set to 1 if the individual signature was valid, 0 otherwise */
int all_valid = ed25519_sign_open_batch(mp, ml, pkp, sigp, num, valid) == 0;

As you see, it's all in there… just follow the documentation.

e-sushi
  • 13,786
  • 10
  • 38
  • 57
  • 1
    @Gracchus I've already flagged it for a moderator to migrate it to StackOverflow… I would leave it as-is. – e-sushi Feb 24 '14 at 22:24
  • @Gracchus I think I've spotted your problem: you're using the wrong function for what you're trying to do. I've updated my answer to point you to the part of the documentation you obviously missed. ;) – e-sushi Feb 24 '14 at 23:14
  • 1
    @Gracchus Yep. The function you were playing with is only to be used (better: implemented) when you're NOT linking to OpenSSL. But if you do link to OpenSSL – which you are doing – you can forget those nitbits and enjoy the functionality (including hashing) the library wraps for you. For example `ed25519_sign(message, message_len, sk, pk, signature);` will take the message and put the signature into `ed25519_signature sig;`. No further steps needed… which is one of the reasons to use such a library. ;) – e-sushi Feb 24 '14 at 23:30