1

I'm trying to implement curve25519 verification with CryptoPP. I tried the libsignal library first, witch shows correct result. Then I tried the same data with CryptoPP, but shows wrong result.

Here is the code using libsignal to verify a signature:

string pub = str2hex("0504f05568cc7a16fa9b4bc1c9d9294a80b7727e349365f855031a180bf0f80910");
ec_public_key* pub_key;
curve_decode_point(&pub_key, (uint8_t*)pub.data(), pub.size(), 0);

string message = str2hex("05f1fd491d63f1860bdaf3f9b0eb46c2494b7f184a32d9e6c859a421ad284f4307");
string signature = str2hex("5e525df3360ea62281efe8fb9e183521105bb3d9ba8ad43be9fac9d87dd216a6ea9e64099f6f05fbcd6e5a39ab239aad8c1e03d27a1378e4bcbf8937eac4300a");

int ret = curve_verify_signature(
    pub_key, 
    (uint8_t*)message.data(), message.size(), 
    (uint8_t*)signature.data(), signature.size()
    );

cout << "ret: " << ret << endl; // shows 1 (correct)

The result is 1 which means corrent. Please note libsignal requires the pub_key begin with a byte 0x05(key-type), not for CryptoPP here.

The code using CryptoPP:

string pub = str2hex("04f05568cc7a16fa9b4bc1c9d9294a80b7727e349365f855031a180bf0f80910");

string message = str2hex("05f1fd491d63f1860bdaf3f9b0eb46c2494b7f184a32d9e6c859a421ad284f4307");
string signature = str2hex("5e525df3360ea62281efe8fb9e183521105bb3d9ba8ad43be9fac9d87dd216a6ea9e64099f6f05fbcd6e5a39ab239aad8c1e03d27a1378e4bcbf8937eac4300a");

ed25519::Verifier verifier((uint8_t*)pub.data());
bool ret = verifier.VerifyMessage(
    (uint8_t*)message.data(), message.size(), 
    (uint8_t*)signature.data(), signature.size()
    );
cout << "ret: " << ret << endl; // shows 0 (wrong)

It shows 0, what's wrong with the code?

aj3423
  • 2,003
  • 3
  • 32
  • 70
  • Which crypto++ version is this? My understanding is that the recently released 8.3 fixed some ECC-related bugs ([link](https://github.com/weidai11/cryptopp/issues/869), [link](https://github.com/weidai11/cryptopp/issues/878)), but possibly not all, unfortunately ([link](https://stackoverflow.com/questions/65290544/elliptic-curve-point-arithmetic-in-crypto)). – f9c69e9781fa194211448473495534 Dec 28 '20 at 00:54
  • It's version 8.3, `#define CRYPTOPP_VERSION 830` – aj3423 Dec 28 '20 at 06:10

1 Answers1

0

libsignal has a customized implementation on curve25519_verification:

  • curve25519 public key is converted to ed25519 public key (see here)
  • the verification is done using ed25519 signature verification algorithm (see here)

If you try to verify the signature using the converted ed25519 public key with CryptoPP, the verification would fail. That's because the sign and edd25519_verify operations are also slightly adjusted in libsignal.

aietcn
  • 346
  • 3
  • 9