2

In my C++ project I'm using libsodium library to create and verify the signature of a message.

To verify the signature I'm using the libsodium crypto_sign_open function in this way

bool Signature::signatureVerification(const char* content, unsigned char* unsigned_message)
{
    bool verified;

    unsigned long long unsigned_message_len;

    if (crypto_sign_open(unsigned_message, &unsigned_message_len, (const unsigned char *)content, signed_message_len, pk) != 0)
    {
        verified = false;
        std::cout << "incorrect signature " << std::endl;
    }
    else{
        verified = true;
    }
    //print variable unsigned_message
    return verified;
}

If I "print" the variable unsigned_message I get the unsigned message followed by some characters coming from the signature. For example, if the message is 'hello', after the signature verification I get 'hello�*�'.

For now I "solved" the issue using the original length of the message (stored in the variable unsigned_message_len) to truncate the message returned by the function.

What could be the issue? Why in the unsigned_message variable there are some additional characters and not only the original message?

Thanks

Ricla
  • 105
  • 1
  • 9

2 Answers2

3

That is because you don't have a null terminator, try adding + 1 after unsigned_message wherever that is being printed from. Your code obviously is going to print random characters out after the text because it is 'unisgned' meaning it does not have a signed data bit value. + 1 should terminate the random symbols.

Joshua
  • 56
  • 8
  • The problem is not the printing of the variable, I use the value of the variable as an identifier but in this way I never get the correct id. – Ricla Mar 23 '19 at 20:29
  • 1
    I realize that, and my response was that you are missing a null or zero-terminating character. If you use strlen it is not necessary but other wise were you either std::cout or print unsigned_message it must be unsigned_message + 1 in order to terminate the rest of the character symbols you are describing. – Joshua Mar 24 '19 at 04:01
0

For starters, unsigned_message should have been preallocated in order to receive unsigned_message_len bytes.

Is it the case? Your code snippet doesn't show that part.

Did the length of the original message include the terminating \0?

If you used strlen(), it is not the case, so printing it will print your string, followed that anything until there's (by accident) a \0 byte somewhere in memory. Or until it hits a guard page and crashes.

The issue is not really about signatures here. Strings must be zero-terminated if they don't have an explicit length.

Frank Denis
  • 1,475
  • 9
  • 12