// Verify implements the Crypto interface for CryptoCommon. func (c *CryptoCommon) Verify(msg []byte, sigInfo SignatureInfo) (err error) { defer func() { c.log.Debug("Verify result for %d-byte message with %s: %v", len(msg), sigInfo, err) }() if sigInfo.Version != SigED25519 { err = UnknownSigVer{sigInfo.Version} return } publicKey := libkb.KIDToNaclSigningKeyPublic(sigInfo.VerifyingKey.kid.ToBytes()) if publicKey == nil { err = libkb.KeyCannotVerifyError{} return } var naclSignature libkb.NaclSignature if len(sigInfo.Signature) != len(naclSignature) { err = libkb.VerificationError{} return } copy(naclSignature[:], sigInfo.Signature) if !publicKey.Verify(msg, &naclSignature) { err = libkb.VerificationError{} return } return }
func (fc FakeCryptoClient) Call(ctx context.Context, s string, args interface{}, res interface{}) error { switch s { case "keybase.1.crypto.signED25519": if err := fc.maybeWaitOnChannel(ctx); err != nil { return err } arg := args.([]interface{})[0].(keybase1.SignED25519Arg) sigInfo, err := fc.Local.Sign(context.Background(), arg.Msg) if err != nil { return err } sigRes := res.(*keybase1.ED25519SignatureInfo) // Normally, we'd have to validate all the parameters // in sigInfo, but since this is used in tests only, // there's no need. var ed25519Signature keybase1.ED25519Signature copy(ed25519Signature[:], sigInfo.Signature) publicKey := libkb.KIDToNaclSigningKeyPublic(sigInfo.VerifyingKey.kid.ToBytes()) *sigRes = keybase1.ED25519SignatureInfo{ Sig: ed25519Signature, PublicKey: keybase1.ED25519PublicKey(*publicKey), } return nil case "keybase.1.crypto.unboxBytes32": if err := fc.maybeWaitOnChannel(ctx); err != nil { return err } arg := args.([]interface{})[0].(keybase1.UnboxBytes32Arg) publicKey := MakeTLFEphemeralPublicKey(arg.PeersPublicKey) encryptedClientHalf := EncryptedTLFCryptKeyClientHalf{ Version: EncryptionSecretbox, EncryptedData: arg.EncryptedBytes32[:], Nonce: arg.Nonce[:], } clientHalf, err := fc.Local.DecryptTLFCryptKeyClientHalf( context.Background(), publicKey, encryptedClientHalf) if err != nil { return err } res := res.(*keybase1.Bytes32) *res = clientHalf.data return nil case "keybase.1.crypto.unboxBytes32Any": if err := fc.maybeWaitOnChannel(ctx); err != nil { return err } arg := args.([]interface{})[0].(keybase1.UnboxBytes32AnyArg) keys := make([]EncryptedTLFCryptKeyClientAndEphemeral, 0, len(arg.Bundles)) for _, k := range arg.Bundles { ePublicKey := MakeTLFEphemeralPublicKey(k.PublicKey) encryptedClientHalf := EncryptedTLFCryptKeyClientHalf{ Version: EncryptionSecretbox, EncryptedData: make([]byte, len(k.Ciphertext)), Nonce: make([]byte, len(k.Nonce)), } copy(encryptedClientHalf.EncryptedData, k.Ciphertext[:]) copy(encryptedClientHalf.Nonce, k.Nonce[:]) keys = append(keys, EncryptedTLFCryptKeyClientAndEphemeral{ EPubKey: ePublicKey, ClientHalf: encryptedClientHalf, PubKey: MakeCryptPublicKey(k.Kid), }) } clientHalf, index, err := fc.Local.DecryptTLFCryptKeyClientHalfAny( context.Background(), keys, arg.PromptPaper) if err != nil { return err } res := res.(*keybase1.UnboxAnyRes) res.Plaintext = clientHalf.data res.Index = index res.Kid = keys[index].PubKey.kidContainer.kid return nil default: return fmt.Errorf("Unknown call: %s %v %v", s, args, res) } }