/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ /* SPDX-License-Identifier: Unlicense */ #include "tomcrypt_private.h" /** @file ed25519_verify.c Verify an Ed25519 signature, Steffen Jaeckel */ #ifdef LTC_CURVE25519 static int s_ed25519_verify(const unsigned char *msg, unsigned long msglen, const unsigned char *sig, unsigned long siglen, const unsigned char *ctx, unsigned long ctxlen, int *stat, const curve25519_key *public_key) { unsigned char* m; unsigned long long mlen; int err; LTC_ARGCHK(msg != NULL); LTC_ARGCHK(sig != NULL); LTC_ARGCHK(stat != NULL); LTC_ARGCHK(public_key != NULL); *stat = 0; if (siglen != 64uL) return CRYPT_INVALID_ARG; if (public_key->pka != LTC_PKA_ED25519) return CRYPT_PK_INVALID_TYPE; mlen = msglen + siglen; if ((mlen < msglen) || (mlen < siglen)) return CRYPT_OVERFLOW; m = XMALLOC(mlen); if (m == NULL) return CRYPT_MEM; XMEMCPY(m, sig, siglen); XMEMCPY(m + siglen, msg, msglen); err = tweetnacl_crypto_sign_open(stat, m, &mlen, m, mlen, ctx, ctxlen, public_key->pub); #ifdef LTC_CLEAN_STACK zeromem(m, msglen + siglen); #endif XFREE(m); return err; } /** Verify an Ed25519ctx signature. @param msg [in] The data to be verified @param msglen [in] The size of the data to be verified @param sig [in] The signature to be verified @param siglen [in] The size of the signature to be verified @param ctx [in] The context @param ctxlen [in] The size of the context @param stat [out] The result of the signature verification, 1==valid, 0==invalid @param public_key [in] The public Ed25519 key in the pair @return CRYPT_OK if successful */ int ed25519ctx_verify(const unsigned char *msg, unsigned long msglen, const unsigned char *sig, unsigned long siglen, const unsigned char *ctx, unsigned long ctxlen, int *stat, const curve25519_key *public_key) { unsigned char ctx_prefix[292]; unsigned long ctx_prefix_size = sizeof(ctx_prefix); LTC_ARGCHK(ctx != NULL); if (ec25519_crypto_ctx(ctx_prefix, &ctx_prefix_size, 0, ctx, ctxlen) != CRYPT_OK) return CRYPT_INVALID_ARG; return s_ed25519_verify(msg, msglen, sig, siglen, ctx_prefix, ctx_prefix_size, stat, public_key); } /** Verify an Ed25519ph signature. @param msg [in] The data to be verified @param msglen [in] The size of the data to be verified @param sig [in] The signature to be verified @param siglen [in] The size of the signature to be verified @param ctx [in] The context @param ctxlen [in] The size of the context @param stat [out] The result of the signature verification, 1==valid, 0==invalid @param public_key [in] The public Ed25519 key in the pair @return CRYPT_OK if successful */ int ed25519ph_verify(const unsigned char *msg, unsigned long msglen, const unsigned char *sig, unsigned long siglen, const unsigned char *ctx, unsigned long ctxlen, int *stat, const curve25519_key *public_key) { int err; unsigned char msg_hash[64]; unsigned char ctx_prefix[292]; unsigned long ctx_prefix_size = sizeof(ctx_prefix); if ((err = ec25519_crypto_ctx(ctx_prefix, &ctx_prefix_size, 1, ctx, ctxlen)) != CRYPT_OK) return err; if ((err = tweetnacl_crypto_ph(msg_hash, msg, msglen)) != CRYPT_OK) return err; return s_ed25519_verify(msg_hash, sizeof(msg_hash), sig, siglen, ctx_prefix, ctx_prefix_size, stat, public_key); } /** Verify an Ed25519 signature. @param msg [in] The data to be verified @param msglen [in] The size of the data to be verified @param sig [in] The signature to be verified @param siglen [in] The size of the signature to be verified @param stat [out] The result of the signature verification, 1==valid, 0==invalid @param public_key [in] The public Ed25519 key in the pair @return CRYPT_OK if successful */ int ed25519_verify(const unsigned char *msg, unsigned long msglen, const unsigned char *sig, unsigned long siglen, int *stat, const curve25519_key *public_key) { return s_ed25519_verify(msg, msglen, sig, siglen, NULL, 0, stat, public_key); } #endif