open.c 962 B

123456789101112131415161718192021222324252627282930313233343536373839404142
  1. #include "crypto_sign.h"
  2. #include "ge.h"
  3. #include "sc.h"
  4. #include "rust/cjdns_sys/Rffi.h"
  5. #include <sodium/crypto_verify_32.h>
  6. int crypto_sign_open(
  7. unsigned char *m,unsigned long long *mlen,
  8. const unsigned char *sm,unsigned long long smlen,
  9. const unsigned char *pk
  10. )
  11. {
  12. unsigned char h[64];
  13. unsigned char checkr[32];
  14. ge_p3 A;
  15. ge_p2 R;
  16. unsigned long long i;
  17. *mlen = -1;
  18. if (smlen < 64) return -1;
  19. if (sm[63] & 224) return -1;
  20. if (ge_frombytes_negate_vartime(&A,pk) != 0) return -1;
  21. for (i = 0;i < smlen;++i) m[i] = sm[i];
  22. for (i = 0;i < 32;++i) m[32 + i] = pk[i];
  23. Rffi_crypto_hash_sha512(h,m,smlen);
  24. sc_reduce(h);
  25. ge_double_scalarmult_vartime(&R,h,&A,sm + 32);
  26. ge_tobytes(checkr,&R);
  27. if (crypto_verify_32(checkr,sm) != 0) {
  28. for (i = 0;i < smlen;++i) m[i] = 0;
  29. return -1;
  30. }
  31. for (i = 0;i < smlen - 64;++i) m[i] = sm[64 + i];
  32. for (i = smlen - 64;i < smlen;++i) m[i] = 0;
  33. *mlen = smlen - 64;
  34. return 0;
  35. }