我正在绑定到libsodium,所以我可以在Haskell中签名字节串,但是签名与C为相同消息和密钥创建的签名不匹配。
我在libsodium中绑定到此功能:
int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen,
const unsigned char *m, unsigned long long mlen,
const unsigned char *sk);
文档说:
crypto_sign_detached()函数使用密钥sk对长度为mlen字节的消息m进行签名,并将签名放入sig中,最长为crypto_sign_BYTES。
如果siglen不为NULL,则将签名的实际长度放入siglen。
可以忽略siglen,并始终将签名视为crypto_sign_BYTES字节长:如果需要,较短的签名将透明地填充零。
crypto_sign_BYTES是64。
这是Haskell代码(很抱歉,它的长度很短,但是尽可能短):
{-# LANGUAGE OverloadedStrings #-}
module Main where
import qualified Data.ByteString as B
import qualified Data.ByteString.Base16 as B16
import qualified Data.ByteString.Internal as Bi
import qualified Foreign as F
import qualified Foreign.C.Types as T
import System.IO.Unsafe (unsafePerformIO)
secretkey :: B.ByteString
secretkey = B.pack [0x34, 0xEB, 0xA3, 0x9F, 0xC5, 0xA1, 0xB4, 0x1D,
0x64, 0x12, 0xCE, 0xC3, 0xD2, 0x0A, 0x7F, 0xA8,
0x24, 0x24, 0x2A, 0xDC, 0x1E, 0x6C, 0x04, 0x48,
0xCE, 0x91, 0xB3, 0xC4, 0x84, 0xCC, 0x7A, 0xC6]
main :: IO ()
main = do
status <- c_sodium_init
case status of
0 ->
case sign "test" secretkey of
Right sig -> do
print $ B16.encode sig
Left err -> print err
_ -> putStrLn "Could not initialize."
crypto_sign_BYTES :: Int
crypto_sign_BYTES = 64
packCString :: Int -> F.Ptr F.Word8 -> IO B.ByteString
packCString len cstr = create len $ \p -> Bi.memcpy p cstr len
create :: Int -> (F.Ptr F.Word8 -> IO ()) -> IO B.ByteString
create l f = do
fp <- Bi.mallocByteString l
F.withForeignPtr fp f
return $! Bi.PS fp 0 l
foreign import ccall unsafe "sodium.h crypto_sign_detached"
c_crypto_sign_detached
:: CUString
-> F.Ptr T.CULLong
-> CUString
-> T.CULLong
-> CUString
-> IO T.CInt
sign :: B.ByteString -> B.ByteString -> Either Int B.ByteString
sign message secretKey = unsafePerformIO $
useAsCString message $ \messagePtr ->
useAsCString secretKey $ \secretKeyPtr ->
F.allocaBytes crypto_sign_BYTES $ \sig -> do
status <- c_crypto_sign_detached
sig
F.nullPtr
messagePtr
(fromIntegral $ B.length message)
secretKeyPtr
case status of
0 -> do
packed <- packCString crypto_sign_BYTES $ F.castPtr sig
return $ Right packed
errCode -> return $ Left $ fromIntegral errCode
foreign import ccall unsafe "sodium.h sodium_init"
c_sodium_init :: IO T.CInt
type CUString = F.Ptr T.CUChar
useAsCString :: B.ByteString -> (CUString -> IO a) -> IO a
useAsCString (Bi.PS fp o l) action =
F.allocaBytes (l+1) $ \buf ->
F.withForeignPtr fp $ \p -> do
Bi.memcpy buf (p `F.plusPtr` o) (fromIntegral l)
F.pokeByteOff buf l (0::F.Word8)
action (F.castPtr buf)
这是C代码:
#include <sodium.h>
#include <stdio.h>
int main (void)
{
if (sodium_init() < 0) {
printf("could not initialize");
}
unsigned char message[4] = "test";
unsigned char sk[32] = {0x34, 0xEB, 0xA3, 0x9F, 0xC5, 0xA1, 0xB4,
0x1D, 0x64, 0x12, 0xCE, 0xC3, 0xD2, 0x0A,
0x7F, 0xA8, 0x24, 0x24, 0x2A, 0xDC, 0x1E,
0x6C, 0x04, 0x48, 0xCE, 0x91, 0xB3, 0xC4,
0x84, 0xCC, 0x7A, 0xC6};
unsigned char sig[crypto_sign_BYTES];
crypto_sign_detached(sig, NULL, message, 4, sk);
int i;
for (i=0; i<64; i++)
{
printf("%02X", sig[i]);
}
printf("\n");
}
Haskell输出为:
"17aa8f20476a8e70f860707b8fd7f8f78ffd778690a755ddf3a432a81786ea3dea9efa2028d8896efaf1efe428781b3af83ab0450fc94a2ae6ec2c1a34ca830e"
C输出为:
17AA8F20476A8E70F860707B8FD7F8F78FFD778690A755DDF3A432A81786EA3D4B54ECDA53E7774C43BE7098A96C39A59664953E40AFFB54ACB84E09CBFF4E07
为什么这些签名仅与64个字符的前32个字节匹配?如果有帮助,我已将代码放在Github上。
答案 0 :(得分:2)
crypto_sign_SECRETKEYBYTES是64,而不是32。将密钥设置得如此之长,C和Haskell代码将彼此一致。