summaryrefslogtreecommitdiff
path: root/ext/ed25519-amd64-asm/open.c
diff options
context:
space:
mode:
Diffstat (limited to 'ext/ed25519-amd64-asm/open.c')
-rw-r--r--ext/ed25519-amd64-asm/open.c49
1 files changed, 49 insertions, 0 deletions
diff --git a/ext/ed25519-amd64-asm/open.c b/ext/ed25519-amd64-asm/open.c
new file mode 100644
index 00000000..104d48dc
--- /dev/null
+++ b/ext/ed25519-amd64-asm/open.c
@@ -0,0 +1,49 @@
+#include <string.h>
+#include "crypto_sign.h"
+#include "crypto_verify_32.h"
+#include "crypto_hash_sha512.h"
+#include "ge25519.h"
+
+int crypto_sign_open(
+ unsigned char *m,unsigned long long *mlen,
+ const unsigned char *sm,unsigned long long smlen,
+ const unsigned char *pk
+ )
+{
+ unsigned char pkcopy[32];
+ unsigned char rcopy[32];
+ unsigned char hram[64];
+ unsigned char rcheck[32];
+ ge25519 get1, get2;
+ sc25519 schram, scs;
+
+ if (smlen < 64) goto badsig;
+ if (sm[63] & 224) goto badsig;
+ if (ge25519_unpackneg_vartime(&get1,pk)) goto badsig;
+
+ memmove(pkcopy,pk,32);
+ memmove(rcopy,sm,32);
+
+ sc25519_from32bytes(&scs, sm+32);
+
+ memmove(m,sm,smlen);
+ memmove(m + 32,pkcopy,32);
+ crypto_hash_sha512(hram,m,smlen);
+
+ sc25519_from64bytes(&schram, hram);
+
+ ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &scs);
+ ge25519_pack(rcheck, &get2);
+
+ if (crypto_verify_32(rcopy,rcheck) == 0) {
+ memmove(m,m + 64,smlen - 64);
+ memset(m + smlen - 64,0,64);
+ *mlen = smlen - 64;
+ return 0;
+ }
+
+badsig:
+ *mlen = (unsigned long long) -1;
+ memset(m,0,smlen);
+ return -1;
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-27 03:16:54 +0000