open.c (960B)
1 /* (Modified by Tor to verify signature separately from message) */ 2 3 #include "crypto_sign.h" 4 #include <string.h> 5 #include "crypto_hash_sha512.h" 6 #include "crypto_verify_32.h" 7 #include "ge.h" 8 #include "sc.h" 9 10 /* 'signature' must be 64-bytes long. */ 11 int crypto_sign_open( 12 const unsigned char *signature, 13 const unsigned char *m, size_t mlen, 14 const unsigned char *pk 15 ) 16 { 17 unsigned char pkcopy[32]; 18 unsigned char rcopy[32]; 19 unsigned char scopy[32]; 20 unsigned char h[64]; 21 unsigned char rcheck[32]; 22 ge_p3 A; 23 ge_p2 R; 24 25 if (signature[63] & 224) goto badsig; 26 if (ge_frombytes_negate_vartime(&A,pk) != 0) goto badsig; 27 28 memmove(pkcopy,pk,32); 29 memmove(rcopy,signature,32); 30 memmove(scopy,signature + 32,32); 31 32 crypto_hash_sha512_3(h, rcopy, 32, pkcopy, 32, m, mlen); 33 sc_reduce(h); 34 35 ge_double_scalarmult_vartime(&R,h,&A,scopy); 36 ge_tobytes(rcheck,&R); 37 if (crypto_verify_32(rcheck,rcopy) == 0) { 38 return 0; 39 } 40 41 badsig: 42 return -1; 43 }