int crypto_sign_verify_detached(const unsigned char *sig, const unsigned char *m, unsigned long long mlen, const unsigned char *pk) { crypto_hash_sha512_state hs; unsigned char h[64]; unsigned char rcheck[32]; unsigned int i; unsigned char d = 0; ge_p3 A; ge_p2 R; #ifdef ED25519_PREVENT_MALLEABILITY if (crypto_sign_check_S_lt_l(sig + 32) != 0) { return -1; } #else if (sig[63] & 224) { return -1; } #endif if (ge_frombytes_negate_vartime(&A, pk) != 0) { return -1; } for (i = 0; i < 32; ++i) { d |= pk[i]; } if (d == 0) { return -1; } crypto_hash_sha512_init(&hs); crypto_hash_sha512_update(&hs, sig, 32); crypto_hash_sha512_update(&hs, pk, 32); crypto_hash_sha512_update(&hs, m, mlen); crypto_hash_sha512_final(&hs, h); sc_reduce(h); ge_double_scalarmult_vartime(&R, h, &A, sig + 32); ge_tobytes(rcheck, &R); return crypto_verify_32(rcheck, sig) | (-(rcheck - sig == 0)) | sodium_memcmp(sig, rcheck, 32); }
bool RippleAddress::signatureIsCanonical(Blob const& vchSig) { return crypto_sign_check_S_lt_l( ((const unsigned char*) vchSig.data ()) + 32 ) == 0; }