libsodium/demos/auth.c
Frank Denis 9060457fac Make prompt_input accept fixed-length and variable-length input.
Now that strings have the correct size, but no trailing \0, puts() cannot safely be
used any more.
2015-05-27 18:10:28 +02:00

75 lines
2.0 KiB
C

/*
* GraxRabble
* Demo programs for libsodium.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sodium.h> /* library header */
#include "utils.h" /* utility functions shared by demos */
/*
* This operation computes an authentication tag for a message and a
* secret key, and provides a way to verify that a given tag is valid
* for a given message and a key.
*
* The function computing the tag deterministic: the same (message,
* key) tuple will always produce the same output.
*
* However, even if the message is public, knowing the key is
* required in order to be able to compute a valid tag. Therefore,
* the key should remain confidential. The tag, however, can be
* public.
*
* A typical use case is:
*
* - A prepares a message, add an authentication tag, sends it to B
* - A doesn't store the message
* - Later on, B sends the message and the authentication tag to A
* - A uses the authentication tag to verify that it created this message.
*
* This operation does not encrypt the message. It only computes and
* verifies an authentication tag.
*/
static int
auth(void)
{
unsigned char key[crypto_auth_KEYBYTES];
unsigned char mac[crypto_auth_BYTES];
unsigned char message[MAX_INPUT_SIZE];
size_t message_len;
int ret;
puts("Example: crypto_auth\n");
prompt_input("a key", (char*)key, sizeof key, 0);
message_len = prompt_input("a message", (char*)message, sizeof message, 1);
putchar('\n');
printf("Generating %s authentication...\n", crypto_auth_primitive());
crypto_auth(mac, message, message_len, key);
fputs("Authentication tag: ", stdout);
print_hex(mac, sizeof mac);
putchar('\n');
puts("Verifying authentication tag...");
ret = crypto_auth_verify(mac, message, message_len, key);
print_verification(ret);
sodium_memzero(key, sizeof key); /* wipe sensitive data */
return ret;
}
int
main(void)
{
init();
return auth() != 0;
}