1
0

open.c 1.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
  1. #include <string.h>
  2. #include "crypto_sign.h"
  3. #include "crypto_hash_sha512.h"
  4. #include "crypto_verify_32.h"
  5. #include "ge.h"
  6. #include "sc.h"
  7. int crypto_sign_open(
  8. unsigned char *m,unsigned long long *mlen,
  9. const unsigned char *sm,unsigned long long smlen,
  10. const unsigned char *pk
  11. )
  12. {
  13. unsigned char pkcopy[32];
  14. unsigned char rcopy[32];
  15. unsigned char scopy[32];
  16. unsigned char h[64];
  17. unsigned char rcheck[32];
  18. ge_p3 A;
  19. ge_p2 R;
  20. if (smlen < 64) goto badsig;
  21. if (sm[63] & 224) goto badsig;
  22. if (ge_frombytes_negate_vartime(&A,pk) != 0) goto badsig;
  23. memmove(pkcopy,pk,32);
  24. memmove(rcopy,sm,32);
  25. memmove(scopy,sm + 32,32);
  26. memmove(m,sm,smlen);
  27. memmove(m + 32,pkcopy,32);
  28. crypto_hash_sha512(h,m,smlen);
  29. sc_reduce(h);
  30. ge_double_scalarmult_vartime(&R,h,&A,scopy);
  31. ge_tobytes(rcheck,&R);
  32. if (crypto_verify_32(rcheck,rcopy) == 0) {
  33. memmove(m,m + 64,smlen - 64);
  34. memset(m + smlen - 64,0,64);
  35. *mlen = smlen - 64;
  36. return 0;
  37. }
  38. badsig:
  39. *mlen = -1;
  40. memset(m,0,smlen);
  41. return -1;
  42. }