int crypto_dh_nistp256_wbl(unsigned char *out, const unsigned char *p, const unsigned char *n) { point temp; p256unpack(&temp, p); if(!p256oncurvefinite(&temp)){ //we don't have a good point p256scalarmult_base(&temp, n); //use the basepoint instead } else { p256scalarmult(&temp, &temp, n); } p256pack(out, &temp); return 0; }
int crypto_sign_open_ecdsa256sha512(unsigned char *m, unsigned long long *mlen, const unsigned char *sm, unsigned long long smlen, const unsigned char *pk){ //all data here is public: don't worry about revelations unsigned char mhash[64]; point Q; point u1B; point u2Q; point result; unsigned char resultchar[64]; scp256 u1; scp256 u2; unsigned char u1char[32]; unsigned char u2char[32]; scp256 z; scp256 s; scp256 r; scp256 w; scp256 newr; scp256 t; if(smlen<64) return -1; p256unpack(&Q, pk); if(!p256oncurvefinite(&Q)) return -1; //check key validity //just some message manipulation memcpy(m, sm+64, smlen-64); *mlen=smlen-64; crypto_hash(mhash, m, *mlen); scp256_unpack(&z, mhash); scp256_unpack(&s, sm+32); scp256_unpack(&r, sm); if(scp256_iszero(&r)||scp256_iszero(&s)) return -1; scp256_inv(&w, &s); scp256_mul(&u1, &z, &w); scp256_mul(&u2, &r, &w); scp256_pack(u1char, &u1); scp256_pack(u2char, &u2); p256dblmult_base(&result, &Q, u2char, u1char); if(!p256oncurvefinite(&result)) return -1; p256pack(resultchar, &result); scp256_unpack(&newr, resultchar); scp256_sub(&t, &newr, &r); if(scp256_iszero(&t)){ return 0; } return -1; }