diff options
author | Mark Haines <mark.haines@matrix.org> | 2015-03-03 11:14:50 +0000 |
---|---|---|
committer | Mark Haines <mark.haines@matrix.org> | 2015-03-03 11:14:50 +0000 |
commit | 3ce450fc1984ac480ae158a40d60e9d42f77f74a (patch) | |
tree | eb120d958eac8361d3760b9ad680fd8dc826d7a3 /lib/ed25519/src/verify.c | |
parent | 8bf99544160b1fd787e666b893c5117ab717bc99 (diff) | |
parent | 498dfabf9848286be003b42941c323a045d9fa46 (diff) |
Merge commit '498dfabf9848286be003b42941c323a045d9fa46' as 'lib/ed25519'
Diffstat (limited to 'lib/ed25519/src/verify.c')
-rw-r--r-- | lib/ed25519/src/verify.c | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/lib/ed25519/src/verify.c b/lib/ed25519/src/verify.c new file mode 100644 index 0000000..32f988e --- /dev/null +++ b/lib/ed25519/src/verify.c @@ -0,0 +1,77 @@ +#include "ed25519.h" +#include "sha512.h" +#include "ge.h" +#include "sc.h" + +static int consttime_equal(const unsigned char *x, const unsigned char *y) { + unsigned char r = 0; + + r = x[0] ^ y[0]; + #define F(i) r |= x[i] ^ y[i] + F(1); + F(2); + F(3); + F(4); + F(5); + F(6); + F(7); + F(8); + F(9); + F(10); + F(11); + F(12); + F(13); + F(14); + F(15); + F(16); + F(17); + F(18); + F(19); + F(20); + F(21); + F(22); + F(23); + F(24); + F(25); + F(26); + F(27); + F(28); + F(29); + F(30); + F(31); + #undef F + + return !r; +} + +int ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key) { + unsigned char h[64]; + unsigned char checker[32]; + sha512_context hash; + ge_p3 A; + ge_p2 R; + + if (signature[63] & 224) { + return 0; + } + + if (ge_frombytes_negate_vartime(&A, public_key) != 0) { + return 0; + } + + sha512_init(&hash); + sha512_update(&hash, signature, 32); + sha512_update(&hash, public_key, 32); + sha512_update(&hash, message, message_len); + sha512_final(&hash, h); + + sc_reduce(h); + ge_double_scalarmult_vartime(&R, h, &A, signature + 32); + ge_tobytes(checker, &R); + + if (!consttime_equal(checker, signature)) { + return 0; + } + + return 1; +} |