add sign, needs testing

interfaces.go

@@ -164,6 +164,65 @@ type ShortHash128 interface {
 	Sum128() (s1, s2 uint64)
 }
 
+// Sign
+type Sign interface {
+	Wiper
+
+	// Detached signs the message data in unsigned, and returns a message with
+	// the signature
+	Sign(dst, unsigned []byte) (signed []byte)
+
+	// SignDetached creates a signature
+	SignDetached(dst, unsigned []byte) (signature []byte)
+
+	// io.Writer provides the Write method to the Signature interface. When
+	// Write is used, the Signature implementation moves to Multipart mode,
+	// which pre-hashes the message before signing.
+	//
+	// Note that this may produce a different signature then when full-message
+	// signatures are used, as the pre-hashing generated a different value for
+	// the signature key to sign.
+	io.Writer
+
+	// Final is the SignDetached method's equivalent for Multipart messages.
+	// This operation will fail if Write has not been called before.
+	Final(dst []byte) (signature []byte)
+
+	PublicKeyBytes() (c int)
+	SecretKeyBytes() (c int)
+	Bytes() (c int)
+	SeedBytes() (c int)
+}
+
+// SignVerifier
+type SignVerifier interface {
+	// Open will verify the signature, and return the message data without the
+	// signature.
+	Open(dst, signed []byte) (unsigned []byte, valid bool)
+
+	// VerifyDetached is the detached equivalent of Open, which simply verifies
+	// the signature.
+	VerifyDetached(signature, message []byte) (valid bool)
+
+	// io.Writer provides the Write method to the Signature interface. When
+	// Write is used, the Signature implementation moves to Multipart mode,
+	// which pre-hashes the message before signing.
+	//
+	// Note that this may produce a different signature then when full-message
+	// signatures are used, as the pre-hashing generated a different value for
+	// the signature key to sign.
+	io.Writer
+
+	// FinalVerify is the Verify method's equivalent for Multipart messages.
+	// This operation will fail if Write has not been called before.
+	FinalVerify(signature []byte) (valid bool)
+
+	PublicKeyBytes() (c int)
+	SecretKeyBytes() (c int)
+	Bytes() (c int)
+	SeedBytes() (c int)
+}
+
 // Stream
 type Stream interface {
 	cipher.Stream
@@ -179,7 +238,7 @@ type Stream interface {
 	// example: stream.Seek(1).KeyStream(stream)
 	Seek(counter uint64) Stream
 
-	// ReKey will re-initialize the stream with the given key/nonce conbination.
+	// ReKey will re-initialize the stream with the given key/nonce combination.
 	ReKey(key, nonce []byte)
 
 	KeyBytes() (c int)

sign/doc.go

@@ -0,0 +1,31 @@
+// Copyright 2017, Project ArteMisc
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+package sign // import "go.artemisc.eu/godium/sign"
+
+import (
+	"go.artemisc.eu/godium"
+)
+
+const (
+	Primitive          = "ed25519"
+	PrimitiveMultipart = "ed25519ph"
+	PublicKeyBytes     = Ed25519_PublicKeyBytes
+	SecretKeyBytes     = Ed25519_SecretKeyBytes
+	Bytes              = Ed25519_Bytes
+	SeedBytes          = Ed25519_SeedBytes
+)
+
+// New
+func New(key godium.PrivateKey) (s godium.Sign) {
+	s = NewEd25519(key)
+	return
+}
+
+// NewVerifier
+func NewVerifier(key godium.PublicKey) (v godium.SignVerifier) {
+	v = NewEd25519Verifier(key)
+	return
+}

sign/ed25519_sign.go

@@ -0,0 +1,91 @@
+// Copyright 2017, Project ArteMisc
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+package sign
+
+import (
+	"unsafe"
+
+	"go.artemisc.eu/godium"
+	"go.artemisc.eu/godium/core"
+	"go.artemisc.eu/godium/hash"
+	"go.artemisc.eu/godium/sign/internal/edwards25519"
+)
+
+const (
+	Ed25519_PublicKeyBytes = 32
+	Ed25519_SecretKeyBytes = 64
+	Ed25519_Bytes          = 64
+	Ed25519_SeedBytes      = 32
+)
+
+type Ed25519Sign struct {
+	godium.PrivateKey
+	godium.PublicKey
+	Multipart godium.Hash
+}
+
+// NewEd25519
+func NewEd25519(key godium.PrivateKey) (s godium.Sign) {
+	key = core.Copy(key, Ed25519_SecretKeyBytes)
+	s = &Ed25519Sign{
+		PrivateKey: key,
+		PublicKey:  godium.PublicKey(key[Ed25519_SeedBytes:Ed25519_SecretKeyBytes]),
+	}
+	return
+}
+
+func (s *Ed25519Sign) Wipe() {
+	godium.Wipe(s.PrivateKey)
+}
+
+func (s *Ed25519Sign) Write(p []byte) (n int, err error) {
+	if s.Multipart == nil {
+		s.Multipart = hash.NewSha512()
+	}
+	n, err = s.Multipart.Write(p)
+	return
+}
+
+func (s *Ed25519Sign) Sign(dst, unsigned []byte) (signed []byte) {
+	mlen := uint64(len(unsigned))
+	signed = core.AllocDst(dst, mlen+Ed25519_Bytes)
+
+	if len(unsigned) == 0 {
+		signed = s.SignDetached(dst[:0], unsigned)
+		return
+	}
+
+	if uintptr(unsafe.Pointer(&dst[0])) != uintptr(unsafe.Pointer(&unsigned[Ed25519_Bytes])) {
+		copy(dst, unsigned)
+	}
+
+	s.SignDetached(signed[:0], signed[Ed25519_Bytes:])
+	return
+}
+
+// SignDetached
+func (s *Ed25519Sign) SignDetached(dst, unsigned []byte) (signature []byte) {
+	signature = core.AllocDst(dst, Ed25519_Bytes)
+	edSign := edwards25519.Sign(signature[:0], unsigned, s.PrivateKey, false)
+	copy(signature, edSign)
+	return
+}
+
+// Final
+func (s *Ed25519Sign) Final(dst []byte) (signature []byte) {
+	if s.Multipart == nil {
+		return // TODO fail/panic?
+	}
+	ph := make([]byte, 0, hash.Sha512_Bytes)
+	ph = s.Multipart.Sum(ph)
+	signature = edwards25519.Sign(dst, ph, s.PrivateKey, true)
+	return
+}
+
+func (s *Ed25519Sign) PublicKeyBytes() (c int) { return Ed25519_PublicKeyBytes }
+func (s *Ed25519Sign) SecretKeyBytes() (c int) { return Ed25519_SecretKeyBytes }
+func (s *Ed25519Sign) Bytes() (c int)          { return Ed25519_Bytes }
+func (s *Ed25519Sign) SeedBytes() (c int)      { return Ed25519_SeedBytes }

sign/ed25519_verify.go

@@ -0,0 +1,74 @@
+// Copyright 2017, Project ArteMisc
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+package sign
+
+import (
+	"go.artemisc.eu/godium"
+	"go.artemisc.eu/godium/core"
+	"go.artemisc.eu/godium/hash"
+	"go.artemisc.eu/godium/sign/internal/edwards25519"
+	"unsafe"
+)
+
+type Ed25519SignVerifier struct {
+	godium.PublicKey
+	Multipart godium.Hash
+}
+
+func NewEd25519Verifier(key godium.PublicKey) (v godium.SignVerifier) {
+	v = &Ed25519SignVerifier{
+		PublicKey: key,
+	}
+	return
+}
+
+func (v *Ed25519SignVerifier) Write(p []byte) (n int, err error) {
+	if v.Multipart == nil {
+		v.Multipart = hash.NewSha512()
+	}
+	n, err = v.Multipart.Write(p)
+	return
+}
+
+func (v *Ed25519SignVerifier) Open(dst, signed []byte) (unsigned []byte, valid bool) {
+	valid = v.VerifyDetached(signed[:Ed25519_Bytes], signed[Ed25519_Bytes:])
+	if !valid {
+		return
+	}
+
+	mlen := uint64(len(signed)) - Ed25519_Bytes
+	unsigned = core.AllocDst(dst, mlen)
+
+	if uintptr(unsafe.Pointer(&unsigned[0])) != uintptr(unsafe.Pointer(&signed[Ed25519_Bytes])) {
+		copy(unsigned, signed[:])
+	}
+	return
+}
+
+func (v *Ed25519SignVerifier) VerifyDetached(signature, message []byte) (valid bool) {
+	valid = edwards25519.Verify(message, signature, v.PublicKey, false)
+	return
+}
+
+func (v *Ed25519SignVerifier) FinalVerify(signature []byte) (valid bool) {
+	if v.Multipart == nil {
+		// fail/misuse?
+		return
+	}
+
+	ph := make([]byte, 0, hash.Sha512_Bytes)
+	ph = v.Multipart.Sum(ph)
+
+	valid = edwards25519.Verify(ph, signature, v.PublicKey, true)
+
+	v.Multipart = nil
+	return
+}
+
+func (v *Ed25519SignVerifier) PublicKeyBytes() (c int) { return Ed25519_PublicKeyBytes }
+func (v *Ed25519SignVerifier) SecretKeyBytes() (c int) { return Ed25519_SecretKeyBytes }
+func (v *Ed25519SignVerifier) Bytes() (c int)          { return Ed25519_Bytes }
+func (v *Ed25519SignVerifier) SeedBytes() (c int)      { return Ed25519_SeedBytes }

sign/internal/edwards25519/LICENSE

@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.