int
crypto_dh_nistp256_wbl(unsigned char *out, const unsigned char *p,
const unsigned char *n)
{
point temp;
p256unpack(&temp, p);
if(!p256oncurvefinite(&temp)){ //we don't have a good point
p256scalarmult_base(&temp, n); //use the basepoint instead
} else {
p256scalarmult(&temp, &temp, n);
}
p256pack(out, &temp);
return 0;
}
int crypto_sign_open_ecdsa256sha512(unsigned char *m, unsigned long long *mlen,
const unsigned char *sm,
unsigned long long smlen,
const unsigned char *pk){
//all data here is public: don't worry about revelations
unsigned char mhash[64];
point Q;
point u1B;
point u2Q;
point result;
unsigned char resultchar[64];
scp256 u1;
scp256 u2;
unsigned char u1char[32];
unsigned char u2char[32];
scp256 z;
scp256 s;
scp256 r;
scp256 w;
scp256 newr;
scp256 t;
if(smlen<64) return -1;
p256unpack(&Q, pk);
if(!p256oncurvefinite(&Q)) return -1; //check key validity
//just some message manipulation
memcpy(m, sm+64, smlen-64);
*mlen=smlen-64;
crypto_hash(mhash, m, *mlen);
scp256_unpack(&z, mhash);
scp256_unpack(&s, sm+32);
scp256_unpack(&r, sm);
if(scp256_iszero(&r)||scp256_iszero(&s)) return -1;
scp256_inv(&w, &s);
scp256_mul(&u1, &z, &w);
scp256_mul(&u2, &r, &w);
scp256_pack(u1char, &u1);
scp256_pack(u2char, &u2);
p256dblmult_base(&result, &Q, u2char, u1char);
if(!p256oncurvefinite(&result)) return -1;
p256pack(resultchar, &result);
scp256_unpack(&newr, resultchar);
scp256_sub(&t, &newr, &r);
if(scp256_iszero(&t)){
return 0;
}
return -1;
}
