You are here

Home » API reference » Automatic Updates 7 » Ed25519.php » ParagonIE_Sodium_Core32_Ed25519

public static function ParagonIE_Sodium_Core32_Ed25519::verify_detached in Automatic Updates 7

Same name and namespace in other branches
  1. 8 vendor/paragonie/sodium_compat/src/Core32/Ed25519.php \ParagonIE_Sodium_Core32_Ed25519::verify_detached()

@internal You should not use this directly from another application

Parameters

string $sig:

string $message:

string $pk:

Return value

bool

Throws

SodiumException

TypeError

2 calls to ParagonIE_Sodium_Core32_Ed25519::verify_detached()
ParagonIE_Sodium_Core32_Ed25519::sign_open in vendor/paragonie/sodium_compat/src/Core32/Ed25519.php
@internal You should not use this directly from another application
ParagonIE_Sodium_Crypto32::sign_verify_detached in vendor/paragonie/sodium_compat/src/Crypto32.php
Verify a detached signature of a given message and public key.

File

vendor/paragonie/sodium_compat/src/Core32/Ed25519.php, line 276

Class

ParagonIE_Sodium_Core32_Ed25519
Class ParagonIE_Sodium_Core32_Ed25519

Code

public static function verify_detached($sig, $message, $pk) {
  if (self::strlen($sig) < 64) {
    throw new SodiumException('Signature is too short');
  }
  if (self::chrToInt($sig[63]) & 240 && self::check_S_lt_L(self::substr($sig, 32, 32))) {
    throw new SodiumException('S < L - Invalid signature');
  }
  if (self::small_order($sig)) {
    throw new SodiumException('Signature is on too small of an order');
  }
  if ((self::chrToInt($sig[63]) & 224) !== 0) {
    throw new SodiumException('Invalid signature');
  }
  $d = 0;
  for ($i = 0; $i < 32; ++$i) {
    $d |= self::chrToInt($pk[$i]);
  }
  if ($d === 0) {
    throw new SodiumException('All zero public key');
  }

  /** @var bool The original value of ParagonIE_Sodium_Compat::$fastMult */
  $orig = ParagonIE_Sodium_Compat::$fastMult;

  // Set ParagonIE_Sodium_Compat::$fastMult to true to speed up verification.
  ParagonIE_Sodium_Compat::$fastMult = true;

  /** @var ParagonIE_Sodium_Core32_Curve25519_Ge_P3 $A */
  $A = self::ge_frombytes_negate_vartime($pk);

  /** @var string $hDigest */
  $hDigest = hash('sha512', self::substr($sig, 0, 32) . self::substr($pk, 0, 32) . $message, true);

  /** @var string $h */
  $h = self::sc_reduce($hDigest) . self::substr($hDigest, 32);

  /** @var ParagonIE_Sodium_Core32_Curve25519_Ge_P2 $R */
  $R = self::ge_double_scalarmult_vartime($h, $A, self::substr($sig, 32));

  /** @var string $rcheck */
  $rcheck = self::ge_tobytes($R);

  // Reset ParagonIE_Sodium_Compat::$fastMult to what it was before.
  ParagonIE_Sodium_Compat::$fastMult = $orig;
  return self::verify_32($rcheck, self::substr($sig, 0, 32));
}