structstd.crypto.25519.ed25519.Ed25519.Verifier[src]

A Verifier is used to incrementally verify a signature. It can be obtained from a Signature, using the verifier() function.

Fields

h: Sha512
s: CompressedScalar
a: Curve
expected_r: Curve

Error Sets

Error SetInitError[src]

Errors

anyerror means the error set is known only at runtime.

IdentityElement IdentityElementError
InvalidEncoding EncodingError
NonCanonical NonCanonicalError

Source Code

Source code
pub const InitError = NonCanonicalError || EncodingError || IdentityElementError

Error SetVerifyError[src]

Errors

anyerror means the error set is known only at runtime.

IdentityElement IdentityElementError
SignatureVerificationFailed SignatureVerificationError
WeakPublicKey WeakPublicKeyError

Source Code

Source code
pub const VerifyError = WeakPublicKeyError || IdentityElementError ||
    SignatureVerificationError

Functions

Functionupdate[src]

pub fn update(self: *Verifier, msg: []const u8) void

Add new content to the message to be verified.

Parameters

self: *Verifier
msg: []const u8

Source Code

Source code
pub fn update(self: *Verifier, msg: []const u8) void {
    self.h.update(msg);
}

Functionverify[src]

pub fn verify(self: *Verifier) VerifyError!void

Verify that the signature is valid for the entire message.

Parameters

self: *Verifier

Source Code

Source code
pub fn verify(self: *Verifier) VerifyError!void {
    var hram64: [Sha512.digest_length]u8 = undefined;
    self.h.final(&hram64);
    const hram = Curve.scalar.reduce64(hram64);

    const sb_ah = try Curve.basePoint.mulDoubleBasePublic(self.s, self.a.neg(), hram);
    if (self.expected_r.sub(sb_ah).rejectLowOrder()) {
        return error.SignatureVerificationFailed;
    } else |_| {}
}

Source Code

Source code
pub const Verifier = struct {
    h: Sha512,
    s: CompressedScalar,
    a: Curve,
    expected_r: Curve,

    pub const InitError = NonCanonicalError || EncodingError || IdentityElementError;

    fn init(sig: Signature, public_key: PublicKey) InitError!Verifier {
        const r = sig.r;
        const s = sig.s;
        try Curve.scalar.rejectNonCanonical(s);
        const a = try Curve.fromBytes(public_key.bytes);
        try a.rejectIdentity();
        try Curve.rejectNonCanonical(r);
        const expected_r = try Curve.fromBytes(r);
        try expected_r.rejectIdentity();

        var h = Sha512.init(.{});
        h.update(&r);
        h.update(&public_key.bytes);

        return Verifier{ .h = h, .s = s, .a = a, .expected_r = expected_r };
    }

    /// Add new content to the message to be verified.
    pub fn update(self: *Verifier, msg: []const u8) void {
        self.h.update(msg);
    }

    pub const VerifyError = WeakPublicKeyError || IdentityElementError ||
        SignatureVerificationError;

    /// Verify that the signature is valid for the entire message.
    pub fn verify(self: *Verifier) VerifyError!void {
        var hram64: [Sha512.digest_length]u8 = undefined;
        self.h.final(&hram64);
        const hram = Curve.scalar.reduce64(hram64);

        const sb_ah = try Curve.basePoint.mulDoubleBasePublic(self.s, self.a.neg(), hram);
        if (self.expected_r.sub(sb_ah).rejectLowOrder()) {
            return error.SignatureVerificationFailed;
        } else |_| {}
    }
}