cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

edwards25519sha512batch: reuse ge_scalarmult()

Browse Source 
Check public key and R order by the way.
This commit is contained in:
Frank Denis 2017-10-31 15:56:31 +01:00
parent 52fce922f4
commit ce56bb596f
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libsodium/crypto_sign/ed25519/ref10/obsolete.c
View File

@ -90,14 +90,14 @@ crypto_sign_edwards25519sha512batch_open(unsigned char *m,
if (sm[smlen - 1] & 224) { if (sm[smlen - 1] & 224) {
return -1; return -1;
} }
if (ge_frombytes_negate_vartime(&A, pk) != 0 || if (ge_frombytes_negate_vartime(&A, pk) != 0 || ge_has_small_order(pk) != 0 ||
ge_frombytes_negate_vartime(&R, sm) != 0) { ge_frombytes_negate_vartime(&R, sm) != 0 || ge_has_small_order(sm) != 0) {
return -1; return -1;
} }
ge_p3_to_cached(&Ai, &A); ge_p3_to_cached(&Ai, &A);
crypto_hash_sha512(h, sm, mlen + 32); crypto_hash_sha512(h, sm, mlen + 32);
sc_reduce(h); sc_reduce(h);
ge_scalarmult_vartime(&cs3, h, &R); ge_scalarmult(&cs3, h, &R);
ge_add(&csa, &cs3, &Ai); ge_add(&csa, &cs3, &Ai);
ge_p1p1_to_p2(&cs, &csa); ge_p1p1_to_p2(&cs, &csa);
ge_tobytes(t1, &cs); ge_tobytes(t1, &cs);