About ed25519 signature verification about cryptolib4pascal HOT 16 CLOSED

i found that's my mis understanding. just use TEd25519Signer and TEd25519PublicKeyParameters get public key from remote site.
than verify is correct

from cryptolib4pascal.

here are test samples for ED25519
please do ensure you are using the correct specification as there are many variations that use different hashes too.

from cryptolib4pascal.

i had read your test sample, but none of them same as SSH usage.
i dump and make a test code below:
//----------
s:='0D272BAD5D29C8ECE802C3B9D8A2C43EE341F6130CD93B5FD7E9124FFC2F9348';
remotePubKey:=THex.Decode(s);
edinstance:=TEd25519.Create;
edsigner:=TEd25519Signer.Create(edinstance);
pubkey:=TEd25519PublicKeyParameters.Create(remotePubKey,0);
edsigner.Init(false,pubkey);
//remote signature
s:='6AA8F2B39DF94A767BE445B615DCB7BF8F8BDF09137F8D825858454F79202C7781CB1F40320509ED575F89E6AF5E37DC33F8C0D70AA4C8E0A9AA1CB463C9730C';
remotesig:=THex.Decode(s);
if not edsigner.VerifySignature(remotesig) then
begin
writeln(stdout,'ed25519 Verify fail');
end;
//----------
from SSH Spec,
Signatures are encoded as follows:
mpint r
mpint s
and
get from PUTTY: Verify that sG == r + HpublicKey
where H = eddsa_signing_exponent_from_data( extra, r, HASH VALUE CALC FROM PROTOCOL);

that all infor what i got

from cryptolib4pascal.

you will need to do more than just dumping some values here.
where is the specs defined?
what hash is used for the ssh ed25519 implementation in putty?
these are the information you need to provide if I am going to be able to help you.

from cryptolib4pascal.

i check my dump
the exchange_hash:
A7FB2B3C5B81C02BBABA58EA7B3A0537A0A6C54EF3F61A49E4A12D45B59C0CC5

from cryptolib4pascal.

the length of the hash you just provided means it is a 32 byte hash.
now there are various hashes that their output are 32 bytes in length.
how do we know which putty uses?
that is why I am asking if there is any specs document that putty provides that we can use to understand what they do exactly.

from cryptolib4pascal.

HASH2-256

from cryptolib4pascal.

any other details?

from cryptolib4pascal.

from SSH Spec , i get
https://tools.ietf.org/html/rfc8709
AND verification algo from https://tools.ietf.org/html/rfc8032#section-5.1.7

from cryptolib4pascal.

can you share the private key and message been signed?

from cryptolib4pascal.

PUTTY Private Key:
length of int 32
E0712AD341699FDCFDC490963F652BC2B758A8E0D3F900400E44A11B64214046
and the code part of PUTTY that verify
EdwardsPoint r = eddsa_decode(rstr, ek->curve);
mp_int s = mp_from_bytes_le(sstr);
mp_int H = eddsa_signing_exponent_from_data(ek, extra, rstr, data); //<--- exchange_hash = data
/ Verify that sG == r + HpublicKey */
EdwardsPoint *lhs = ecc_edwards_multiply(ek->curve->e.G, s);
EdwardsPoint *hpk = ecc_edwards_multiply(ek->publicKey, H);
EdwardsPoint *rhs = ecc_edwards_add(r, hpk);
unsigned valid = ecc_edwards_eq(lhs, rhs);

from cryptolib4pascal.

from https://tools.ietf.org/html/rfc8032#section-5.1.7
it looks like your ClpEd25519.implverify()
but your s need 64 bytes.

from cryptolib4pascal.

i found there is an miss from me

1. PUBLIC KEY IS : 3AA337590966B82B63AB241AA5464FF2477A8651B9396744EDFC214284CDA5B4
   exchange_hash: A7FB2B3C5B81C02BBABA58EA7B3A0537A0A6C54EF3F61A49E4A12D45B59C0CC5
   remotesig: 6AA8F2B39DF94A767BE445B615DCB7BF8F8BDF09137F8D825858454F79202C7781CB1F40320509ED575F89E6AF5E37DC33F8C0D70AA4C8E0A9AA1CB463C9730C;

2. by calling ClpEd25519.implverify(), no matter phflag=0 or phflag=1 and ctx just generate like your high level test.
   the result was fail .

3. ClpEd25519.implverify() call EncodePoint(pR, check, 0); twice

4. failed because of TArrayUtils.ConstantTimeAreEqual(check, r) return false;

from cryptolib4pascal.

still trying to figure out why your input data are not verifying.
we must be missing something related to the input.

from cryptolib4pascal.

i got from http://ed25519.herokuapp.com/
Private Key:
n0htabTRTpckjTd8tQqPvN/Pr5J5uZSGGiK12Z1ucqxopyoZ1aRoRknWAud+PZfrl/CTquyYGXld6H5aS09p4g==
Public Key:
aKcqGdWkaEZJ1gLnfj2X65fwk6rsmBl5Xeh+WktPaeI=
Message: (Text to be signed or verified)
testing
Signature:
2xh3zLhpi+TGSXESwe7ff17QaaGCiwasJFG25GrgfqvTf1BwYIX4qEyIdriLarTXvTcKLIKzxdVzctKbdKudCA==
and write test code
qb:=TBase64.Decode('aKcqGdWkaEZJ1gLnfj2X65fwk6rsmBl5Xeh+WktPaeI='); hexstring:=TBase64.Decode('2xh3zLhpi+TGSXESwe7ff17QaaGCiwasJFG25GrgfqvTf1BwYIX4qEyIdriLarTXvTcKLIKzxdVzctKbdKudCA=='); h:=TEncoding.ASCII.GetAnsiBytes('testing'); if not edinstance.implverify(hexstring,0,qb,0,LCtx,1,h,0,length(h)) then begin writeln(stdout,'ed25519 Verify fail'); exit(-2); end;
but still fail, i just confuse, did i make wrong LCtx? or ?

from cryptolib4pascal.

glad you have resolved your issue and thanks for the feedback.
closing this ticket for now.

from cryptolib4pascal.