2014-09-24 14:40:21 -07:00
|
|
|
/*
|
|
|
|
* GraxRabble
|
2015-05-27 12:36:54 -07:00
|
|
|
* example programs for libsodium.
|
2014-09-24 14:40:21 -07:00
|
|
|
*/
|
|
|
|
|
2015-05-27 04:02:56 -07:00
|
|
|
#include <sodium.h> /* library header */
|
2014-09-24 14:40:21 -07:00
|
|
|
|
2015-05-27 12:36:54 -07:00
|
|
|
#include "utils.h" /* utility functions shared by examples */
|
2014-09-24 14:40:21 -07:00
|
|
|
|
|
|
|
/*
|
2015-05-27 07:34:06 -07:00
|
|
|
* This operation computes an authentication tag for a message and a
|
|
|
|
* secret key, and provides a way to verify that a given tag is valid
|
|
|
|
* for a given message and a key.
|
|
|
|
*
|
|
|
|
* The function computing the tag deterministic: the same (message,
|
|
|
|
* key) tuple will always produce the same output.
|
|
|
|
*
|
|
|
|
* However, even if the message is public, knowing the key is
|
|
|
|
* required in order to be able to compute a valid tag. Therefore,
|
|
|
|
* the key should remain confidential. The tag, however, can be
|
|
|
|
* public.
|
|
|
|
*
|
|
|
|
* A typical use case is:
|
|
|
|
*
|
|
|
|
* - A prepares a message, add an authentication tag, sends it to B
|
|
|
|
* - A doesn't store the message
|
|
|
|
* - Later on, B sends the message and the authentication tag to A
|
|
|
|
* - A uses the authentication tag to verify that it created this message.
|
|
|
|
*
|
|
|
|
* This operation does not encrypt the message. It only computes and
|
|
|
|
* verifies an authentication tag.
|
2014-09-24 14:40:21 -07:00
|
|
|
*/
|
|
|
|
static int
|
|
|
|
auth(void)
|
|
|
|
{
|
2015-05-27 07:29:57 -07:00
|
|
|
unsigned char key[crypto_auth_KEYBYTES];
|
|
|
|
unsigned char mac[crypto_auth_BYTES];
|
2015-05-27 12:19:17 -07:00
|
|
|
unsigned char message[MAX_INPUT_LEN];
|
2015-05-27 07:29:57 -07:00
|
|
|
size_t message_len;
|
|
|
|
int ret;
|
2014-09-24 14:40:21 -07:00
|
|
|
|
|
|
|
puts("Example: crypto_auth\n");
|
2015-05-27 04:02:56 -07:00
|
|
|
|
2015-05-27 09:10:28 -07:00
|
|
|
prompt_input("a key", (char*)key, sizeof key, 0);
|
|
|
|
message_len = prompt_input("a message", (char*)message, sizeof message, 1);
|
2014-09-24 14:40:21 -07:00
|
|
|
|
|
|
|
printf("Generating %s authentication...\n", crypto_auth_primitive());
|
2015-05-27 07:29:57 -07:00
|
|
|
crypto_auth(mac, message, message_len, key);
|
2014-09-24 14:40:21 -07:00
|
|
|
|
2015-05-27 12:09:32 -07:00
|
|
|
printf("Authentication tag: ");
|
2015-05-27 07:29:57 -07:00
|
|
|
print_hex(mac, sizeof mac);
|
2014-09-24 14:40:21 -07:00
|
|
|
|
2015-05-27 07:29:57 -07:00
|
|
|
puts("Verifying authentication tag...");
|
|
|
|
ret = crypto_auth_verify(mac, message, message_len, key);
|
|
|
|
print_verification(ret);
|
2014-09-24 14:40:21 -07:00
|
|
|
|
2015-05-27 07:29:57 -07:00
|
|
|
sodium_memzero(key, sizeof key); /* wipe sensitive data */
|
|
|
|
|
|
|
|
return ret;
|
2014-09-24 14:40:21 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2015-05-27 03:41:43 -07:00
|
|
|
main(void)
|
2014-09-24 14:40:21 -07:00
|
|
|
{
|
2015-05-27 07:10:07 -07:00
|
|
|
init();
|
2014-09-24 14:40:21 -07:00
|
|
|
|
2015-05-27 03:41:43 -07:00
|
|
|
return auth() != 0;
|
2014-09-24 14:40:21 -07:00
|
|
|
}
|