首页 发现 帮助
登录
YanoPettanko
/
mkp224o
镜像自地址 https://github.com/cathugger/mkp224o
1
0
派生 0
文件 工单管理 0 Wiki
分支: master
分支列表 标签列表
mkp224o
/
ed25519
/
ref10
/
open.c

open.c 1.0 KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 
  1. #include <string.h>
    2. 

  2. #include "crypto_sign.h"
    3. 

  3. #include "crypto_hash_sha512.h"
    4. 

  4. #include "crypto_verify_32.h"
    5. 

  5. #include "ge.h"
    6. 

  6. #include "sc.h"
    7. 

  7. 

  8. int crypto_sign_open(
    9. 

  9.   unsigned char *m,unsigned long long *mlen,
    10. 

  10.   const unsigned char *sm,unsigned long long smlen,
    11. 

  11.   const unsigned char *pk
    12. 

  12. )
    13. 

  13. {
    14. 

  14.   unsigned char pkcopy[32];
    15. 

  15.   unsigned char rcopy[32];
    16. 

  16.   unsigned char scopy[32];
    17. 

  17.   unsigned char h[64];
    18. 

  18.   unsigned char rcheck[32];
    19. 

  19.   ge_p3 A;
    20. 

  20.   ge_p2 R;
    21. 

  21. 

  22.   if (smlen < 64) goto badsig;
    23. 

  23.   if (sm[63] & 224) goto badsig;
    24. 

  24.   if (ge_frombytes_negate_vartime(&A,pk) != 0) goto badsig;
    25. 

  25. 

  26.   memmove(pkcopy,pk,32);
    27. 

  27.   memmove(rcopy,sm,32);
    28. 

  28.   memmove(scopy,sm + 32,32);
    29. 

  29. 

  30.   memmove(m,sm,smlen);
    31. 

  31.   memmove(m + 32,pkcopy,32);
    32. 

  32.   crypto_hash_sha512(h,m,smlen);
    33. 

  33.   sc_reduce(h);
    34. 

  34. 

  35.   ge_double_scalarmult_vartime(&R,h,&A,scopy);
    36. 

  36.   ge_tobytes(rcheck,&R);
    37. 

  37.   if (crypto_verify_32(rcheck,rcopy) == 0) {
    38. 

  38.     memmove(m,m + 64,smlen - 64);
    39. 

  39.     memset(m + smlen - 64,0,64);
    40. 

  40.     *mlen = smlen - 64;
    41. 

  41.     return 0;
    42. 

  42.   }
    43. 

  43. 

  44. badsig:
    45. 

  45.   *mlen = -1;
    46. 

  46.   memset(m,0,smlen);
    47. 

  47.   return -1;
    48. 

  48. }
    49.