From a36271190362c9dc851a97d1f204626bbe51cb51 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Thu, 10 Jul 2014 22:29:05 -0700
Subject: [PATCH] Add crypto_sign_verify_detached()

---
 src/libsodium/crypto_sign/crypto_sign.c       |  7 +++
 src/libsodium/crypto_sign/ed25519/ref10/api.h |  1 +
 .../crypto_sign/ed25519/ref10/open.c          | 46 +++++++++++--------
 src/libsodium/include/sodium/crypto_sign.h    |  5 ++
 .../include/sodium/crypto_sign_ed25519.h      |  6 +++
 5 files changed, 47 insertions(+), 18 deletions(-)

diff --git a/src/libsodium/crypto_sign/crypto_sign.c b/src/libsodium/crypto_sign/crypto_sign.c
index d6fd6f30..4f868993 100644
--- a/src/libsodium/crypto_sign/crypto_sign.c
+++ b/src/libsodium/crypto_sign/crypto_sign.c
@@ -67,3 +67,10 @@ crypto_sign_detached(unsigned char *sig, unsigned long long *siglen,
 {
     return crypto_sign_ed25519_detached(sig, siglen, m, mlen, sk);
 }
+
+int
+crypto_sign_verify_detached(const unsigned char *sig, const unsigned char *m,
+                            unsigned long long mlen, const unsigned char *pk)
+{
+    return crypto_sign_ed25519_verify_detached(sig, m, mlen, pk);
+}
diff --git a/src/libsodium/crypto_sign/ed25519/ref10/api.h b/src/libsodium/crypto_sign/ed25519/ref10/api.h
index c55b05c4..0106cf13 100644
--- a/src/libsodium/crypto_sign/ed25519/ref10/api.h
+++ b/src/libsodium/crypto_sign/ed25519/ref10/api.h
@@ -4,6 +4,7 @@
 #define crypto_sign crypto_sign_ed25519
 #define crypto_sign_detached crypto_sign_ed25519_detached
 #define crypto_sign_open crypto_sign_ed25519_open
+#define crypto_sign_verify_detached crypto_sign_ed25519_verify_detached
 #define crypto_sign_keypair crypto_sign_ed25519_keypair
 #define crypto_sign_seed_keypair crypto_sign_ed25519_seed_keypair
 #define crypto_sign_BYTES crypto_sign_ed25519_BYTES
diff --git a/src/libsodium/crypto_sign/ed25519/ref10/open.c b/src/libsodium/crypto_sign/ed25519/ref10/open.c
index 77fe7b34..0f98eb29 100644
--- a/src/libsodium/crypto_sign/ed25519/ref10/open.c
+++ b/src/libsodium/crypto_sign/ed25519/ref10/open.c
@@ -1,4 +1,5 @@
 
+#include <limits.h>
 #include <string.h>
 
 #include "api.h"
@@ -8,9 +9,8 @@
 #include "sc.h"
 
 int
-crypto_sign_open(unsigned char *m, unsigned long long *mlen,
-                 const unsigned char *sm, unsigned long long smlen,
-                 const unsigned char *pk)
+crypto_sign_verify_detached(const unsigned char *sig, const unsigned char *m,
+                            unsigned long long mlen, const unsigned char *pk)
 {
     crypto_hash_sha512_state hs;
     unsigned char h[64];
@@ -20,14 +20,11 @@ crypto_sign_open(unsigned char *m, unsigned long long *mlen,
     ge_p3 A;
     ge_p2 R;
 
-    if (smlen < 64) {
-        goto badsig;
-    }
-    if (sm[63] & 224) {
-        goto badsig;
+    if (sig[63] & 224) {
+        return -1;
     }
     if (ge_frombytes_negate_vartime(&A, pk) != 0) {
-        goto badsig;
+        return -1;
     }
     for (i = 0; i < 32; ++i) {
         d |= pk[i];
@@ -36,23 +33,36 @@ crypto_sign_open(unsigned char *m, unsigned long long *mlen,
         return -1;
     }
     crypto_hash_sha512_init(&hs);
-    crypto_hash_sha512_update(&hs, sm, 32);
+    crypto_hash_sha512_update(&hs, sig, 32);
     crypto_hash_sha512_update(&hs, pk, 32);
-    crypto_hash_sha512_update(&hs, sm + 64, smlen - 64);
+    crypto_hash_sha512_update(&hs, m, mlen);
     crypto_hash_sha512_final(&hs, h);
     sc_reduce(h);
 
-    ge_double_scalarmult_vartime(&R, h, &A, sm + 32);
+    ge_double_scalarmult_vartime(&R, h, &A, sig + 32);
     ge_tobytes(rcheck, &R);
-    if (crypto_verify_32(rcheck, sm) == 0) {
-        memmove(m, sm + 64, smlen - 64);
-        *mlen = smlen - 64;
-        return 0;
+
+    return crypto_verify_32(rcheck, sig);
+}
+
+int
+crypto_sign_open(unsigned char *m, unsigned long long *mlen,
+                 const unsigned char *sm, unsigned long long smlen,
+                 const unsigned char *pk)
+{
+    if (smlen < 64 || smlen > SIZE_MAX) {
+        goto badsig;
     }
+    if (crypto_sign_verify_detached(sm, sm + 64, smlen - 64, pk) != 0) {
+        memset(m, 0, smlen - 64);
+        goto badsig;
+    }
+    *mlen = smlen - 64;
+    memmove(m, sm + 64, *mlen);
+
+    return 0;
 
 badsig:
     *mlen = 0;
-    memset(m, 0, smlen - 64);
-
     return -1;
 }
diff --git a/src/libsodium/include/sodium/crypto_sign.h b/src/libsodium/include/sodium/crypto_sign.h
index b1a7f98c..c8358acd 100644
--- a/src/libsodium/include/sodium/crypto_sign.h
+++ b/src/libsodium/include/sodium/crypto_sign.h
@@ -62,6 +62,11 @@ int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen,
                          const unsigned char *m, unsigned long long mlen,
                          const unsigned char *sk);
 
+SODIUM_EXPORT
+int crypto_sign_verify_detached(const unsigned char *sig,
+                                const unsigned char *m,
+                                unsigned long long mlen,
+                                const unsigned char *pk);
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/libsodium/include/sodium/crypto_sign_ed25519.h b/src/libsodium/include/sodium/crypto_sign_ed25519.h
index e0331019..101b6c95 100644
--- a/src/libsodium/include/sodium/crypto_sign_ed25519.h
+++ b/src/libsodium/include/sodium/crypto_sign_ed25519.h
@@ -44,6 +44,12 @@ int crypto_sign_ed25519_detached(unsigned char *sig,
                                  unsigned long long mlen,
                                  const unsigned char *sk);
 
+SODIUM_EXPORT
+int crypto_sign_ed25519_verify_detached(const unsigned char *sig,
+                                        const unsigned char *m,
+                                        unsigned long long mlen,
+                                        const unsigned char *pk);
+
 SODIUM_EXPORT
 int crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk);