// Verify implements the Crypto interface for CryptoCommon.
func (c *CryptoCommon) Verify(msg []byte, sigInfo SignatureInfo) (err error) {
defer func() {
c.log.Debug("Verify result for %d-byte message with %s: %v",
len(msg), sigInfo, err)
}()
if sigInfo.Version != SigED25519 {
err = UnknownSigVer{sigInfo.Version}
return
}
publicKey := libkb.KIDToNaclSigningKeyPublic(sigInfo.VerifyingKey.kid.ToBytes())
if publicKey == nil {
err = libkb.KeyCannotVerifyError{}
return
}
var naclSignature libkb.NaclSignature
if len(sigInfo.Signature) != len(naclSignature) {
err = libkb.VerificationError{}
return
}
copy(naclSignature[:], sigInfo.Signature)
if !publicKey.Verify(msg, &naclSignature) {
err = libkb.VerificationError{}
return
}
return
}
func (fc FakeCryptoClient) Call(ctx context.Context, s string, args interface{}, res interface{}) error {
switch s {
case "keybase.1.crypto.signED25519":
if err := fc.maybeWaitOnChannel(ctx); err != nil {
return err
}
arg := args.([]interface{})[0].(keybase1.SignED25519Arg)
sigInfo, err := fc.Local.Sign(context.Background(), arg.Msg)
if err != nil {
return err
}
sigRes := res.(*keybase1.ED25519SignatureInfo)
// Normally, we'd have to validate all the parameters
// in sigInfo, but since this is used in tests only,
// there's no need.
var ed25519Signature keybase1.ED25519Signature
copy(ed25519Signature[:], sigInfo.Signature)
publicKey :=
libkb.KIDToNaclSigningKeyPublic(sigInfo.VerifyingKey.kid.ToBytes())
*sigRes = keybase1.ED25519SignatureInfo{
Sig: ed25519Signature,
PublicKey: keybase1.ED25519PublicKey(*publicKey),
}
return nil
case "keybase.1.crypto.unboxBytes32":
if err := fc.maybeWaitOnChannel(ctx); err != nil {
return err
}
arg := args.([]interface{})[0].(keybase1.UnboxBytes32Arg)
publicKey := MakeTLFEphemeralPublicKey(arg.PeersPublicKey)
encryptedClientHalf := EncryptedTLFCryptKeyClientHalf{
Version: EncryptionSecretbox,
EncryptedData: arg.EncryptedBytes32[:],
Nonce: arg.Nonce[:],
}
clientHalf, err := fc.Local.DecryptTLFCryptKeyClientHalf(
context.Background(), publicKey, encryptedClientHalf)
if err != nil {
return err
}
res := res.(*keybase1.Bytes32)
*res = clientHalf.data
return nil
case "keybase.1.crypto.unboxBytes32Any":
if err := fc.maybeWaitOnChannel(ctx); err != nil {
return err
}
arg := args.([]interface{})[0].(keybase1.UnboxBytes32AnyArg)
keys := make([]EncryptedTLFCryptKeyClientAndEphemeral, 0, len(arg.Bundles))
for _, k := range arg.Bundles {
ePublicKey := MakeTLFEphemeralPublicKey(k.PublicKey)
encryptedClientHalf := EncryptedTLFCryptKeyClientHalf{
Version: EncryptionSecretbox,
EncryptedData: make([]byte, len(k.Ciphertext)),
Nonce: make([]byte, len(k.Nonce)),
}
copy(encryptedClientHalf.EncryptedData, k.Ciphertext[:])
copy(encryptedClientHalf.Nonce, k.Nonce[:])
keys = append(keys, EncryptedTLFCryptKeyClientAndEphemeral{
EPubKey: ePublicKey,
ClientHalf: encryptedClientHalf,
PubKey: MakeCryptPublicKey(k.Kid),
})
}
clientHalf, index, err := fc.Local.DecryptTLFCryptKeyClientHalfAny(
context.Background(), keys, arg.PromptPaper)
if err != nil {
return err
}
res := res.(*keybase1.UnboxAnyRes)
res.Plaintext = clientHalf.data
res.Index = index
res.Kid = keys[index].PubKey.kidContainer.kid
return nil
default:
return fmt.Errorf("Unknown call: %s %v %v", s, args, res)
}
}
