-rw-r--r-- 953 lib25519-20221222/crypto_sign/ed25519/amd64/open.c raw
#include <string.h>
#include "crypto_sign.h"
#include "crypto_verify_32.h"
#include "crypto_hash_sha512.h"
#include "crypto_mGnP_ed25519.h"

int crypto_sign_open(
    unsigned char *m,long long *mlen,
    const unsigned char *sm,long long smlen,
    const unsigned char *pk
    )
{
  unsigned char Acopy[32];
  unsigned char Rcopy[32];
  unsigned char Scopy[32];
  unsigned char hram[64];
  unsigned char Rcheck[33];

  if (smlen < 64) goto badsig;
  if (sm[63] & 224) goto badsig;

  memmove(Acopy,pk,32);
  memmove(Rcopy,sm,32);
  memmove(Scopy,sm+32,32);

  memmove(m,sm,smlen);
  memmove(m+32,Acopy,32);
  crypto_hash_sha512(hram,m,smlen);
  crypto_mGnP_ed25519(Rcheck,Scopy,hram,Acopy);
  if (Rcheck[32] != 1) goto badsig;

  if (crypto_verify_32(Rcopy,Rcheck) == 0) {
    memmove(m,m+64,smlen-64);
    memset(m+smlen-64,0,64);
    *mlen = smlen-64;
    return 0;
  }

badsig:
  *mlen = (unsigned long long) -1;
  memset(m,0,smlen);
  return -1;
}