Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 64521a9d35
Branches Tags
tor
/
src
/
ext
/
ed25519
/
ref10
/
open.c

open.c 960 B
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243 
  1. /* (Modified by Tor to verify signature separately from message) */
    2. 

  2. 

  3. #include "crypto_sign.h"
    4. 

  4. #include <string.h>
    5. 

  5. #include "crypto_hash_sha512.h"
    6. 

  6. #include "crypto_verify_32.h"
    7. 

  7. #include "ge.h"
    8. 

  8. #include "sc.h"
    9. 

  9. 

  10. /* 'signature' must be 64-bytes long. */
    11. 

  11. int crypto_sign_open(
    12. 

  12.   const unsigned char *signature,
    13. 

  13.   const unsigned char *m, size_t mlen,
    14. 

  14.   const unsigned char *pk
    15. 

  15. )
    16. 

  16. {
    17. 

  17.   unsigned char pkcopy[32];
    18. 

  18.   unsigned char rcopy[32];
    19. 

  19.   unsigned char scopy[32];
    20. 

  20.   unsigned char h[64];
    21. 

  21.   unsigned char rcheck[32];
    22. 

  22.   ge_p3 A;
    23. 

  23.   ge_p2 R;
    24. 

  24. 

  25.   if (signature[63] & 224) goto badsig;
    26. 

  26.   if (ge_frombytes_negate_vartime(&A,pk) != 0) goto badsig;
    27. 

  27. 

  28.   memmove(pkcopy,pk,32);
    29. 

  29.   memmove(rcopy,signature,32);
    30. 

  30.   memmove(scopy,signature + 32,32);
    31. 

  31. 

  32.   crypto_hash_sha512_3(h, rcopy, 32, pkcopy, 32, m, mlen);
    33. 

  33.   sc_reduce(h);
    34. 

  34. 

  35.   ge_double_scalarmult_vartime(&R,h,&A,scopy);
    36. 

  36.   ge_tobytes(rcheck,&R);
    37. 

  37.   if (crypto_verify_32(rcheck,rcopy) == 0) {
    38. 

  38.     return 0;
    39. 

  39.   }
    40. 

  40. 

  41. badsig:
    42. 

  42.   return -1;
    43. 

  43. }
    44.