1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-20 02:25:14 -07:00

Add crypto_sign_verify_detached()

This commit is contained in:
Frank Denis 2014-07-10 22:29:05 -07:00
parent 5b4a3b5715
commit a362711903
5 changed files with 47 additions and 18 deletions

View File

@ -67,3 +67,10 @@ crypto_sign_detached(unsigned char *sig, unsigned long long *siglen,
{
return crypto_sign_ed25519_detached(sig, siglen, m, mlen, sk);
}
int
crypto_sign_verify_detached(const unsigned char *sig, const unsigned char *m,
unsigned long long mlen, const unsigned char *pk)
{
return crypto_sign_ed25519_verify_detached(sig, m, mlen, pk);
}

View File

@ -4,6 +4,7 @@
#define crypto_sign crypto_sign_ed25519
#define crypto_sign_detached crypto_sign_ed25519_detached
#define crypto_sign_open crypto_sign_ed25519_open
#define crypto_sign_verify_detached crypto_sign_ed25519_verify_detached
#define crypto_sign_keypair crypto_sign_ed25519_keypair
#define crypto_sign_seed_keypair crypto_sign_ed25519_seed_keypair
#define crypto_sign_BYTES crypto_sign_ed25519_BYTES

View File

@ -1,4 +1,5 @@
#include <limits.h>
#include <string.h>
#include "api.h"
@ -8,9 +9,8 @@
#include "sc.h"
int
crypto_sign_open(unsigned char *m, unsigned long long *mlen,
const unsigned char *sm, unsigned long long smlen,
const unsigned char *pk)
crypto_sign_verify_detached(const unsigned char *sig, const unsigned char *m,
unsigned long long mlen, const unsigned char *pk)
{
crypto_hash_sha512_state hs;
unsigned char h[64];
@ -20,14 +20,11 @@ crypto_sign_open(unsigned char *m, unsigned long long *mlen,
ge_p3 A;
ge_p2 R;
if (smlen < 64) {
goto badsig;
}
if (sm[63] & 224) {
goto badsig;
if (sig[63] & 224) {
return -1;
}
if (ge_frombytes_negate_vartime(&A, pk) != 0) {
goto badsig;
return -1;
}
for (i = 0; i < 32; ++i) {
d |= pk[i];
@ -36,23 +33,36 @@ crypto_sign_open(unsigned char *m, unsigned long long *mlen,
return -1;
}
crypto_hash_sha512_init(&hs);
crypto_hash_sha512_update(&hs, sm, 32);
crypto_hash_sha512_update(&hs, sig, 32);
crypto_hash_sha512_update(&hs, pk, 32);
crypto_hash_sha512_update(&hs, sm + 64, smlen - 64);
crypto_hash_sha512_update(&hs, m, mlen);
crypto_hash_sha512_final(&hs, h);
sc_reduce(h);
ge_double_scalarmult_vartime(&R, h, &A, sm + 32);
ge_double_scalarmult_vartime(&R, h, &A, sig + 32);
ge_tobytes(rcheck, &R);
if (crypto_verify_32(rcheck, sm) == 0) {
memmove(m, sm + 64, smlen - 64);
*mlen = smlen - 64;
return 0;
return crypto_verify_32(rcheck, sig);
}
int
crypto_sign_open(unsigned char *m, unsigned long long *mlen,
const unsigned char *sm, unsigned long long smlen,
const unsigned char *pk)
{
if (smlen < 64 || smlen > SIZE_MAX) {
goto badsig;
}
if (crypto_sign_verify_detached(sm, sm + 64, smlen - 64, pk) != 0) {
memset(m, 0, smlen - 64);
goto badsig;
}
*mlen = smlen - 64;
memmove(m, sm + 64, *mlen);
return 0;
badsig:
*mlen = 0;
memset(m, 0, smlen - 64);
return -1;
}

View File

@ -62,6 +62,11 @@ int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen,
const unsigned char *m, unsigned long long mlen,
const unsigned char *sk);
SODIUM_EXPORT
int crypto_sign_verify_detached(const unsigned char *sig,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *pk);
#ifdef __cplusplus
}
#endif

View File

@ -44,6 +44,12 @@ int crypto_sign_ed25519_detached(unsigned char *sig,
unsigned long long mlen,
const unsigned char *sk);
SODIUM_EXPORT
int crypto_sign_ed25519_verify_detached(const unsigned char *sig,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *pk);
SODIUM_EXPORT
int crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk);