public static bool nonce_function_rfc6979(byte[] nonce32, byte[] msg32, byte[] key32, byte[] algo16, byte[] data, uint counter) { int size = 112; byte[] numArray = new byte[size]; Rfc6979HmacSha256T rng = new Rfc6979HmacSha256T(); uint dstOffset1 = 0; Util.Memcpy((Array)key32, 0U, (Array)numArray, dstOffset1, 32U); uint dstOffset2 = dstOffset1 + 32U; Util.Memcpy((Array)msg32, 0U, (Array)numArray, dstOffset2, 32U); uint num = dstOffset2 + 32U; if (data != null) { Util.Memcpy((Array)data, 0, (Array)numArray, 64, 32); num = 96U; } if (algo16 != null) { Util.Memcpy((Array)algo16, 0U, (Array)numArray, num, 16U); num += 16U; } Hash.Rfc6979HmacSha256Initialize(rng, numArray, num); Util.MemSet(numArray, (byte)0, size); for (uint index = 0; index <= counter; ++index) { Hash.Rfc6979HmacSha256Generate(rng, nonce32, 32); } Hash.Rfc6979HmacSha256Finalize(rng); return(true); }
public static void Blind(EcmultGenContext ctx, byte[] seed32) { var scalar = new Scalar(); var fe = new Fe(); var rng = new Rfc6979HmacSha256T(); var numArray = new byte[64]; if (seed32 == null) { Group.secp256k1_gej_set_ge(ctx.Initial, Group.Secp256K1GeConstG); Group.secp256k1_gej_neg(ctx.Initial, ctx.Initial); ctx.Blind.SetInt(1U); } var b32 = Scalar.GetB32(ctx.Blind); Util.Memcpy((Array)b32, 0, (Array)numArray, 0, 32); if (seed32 != null) { Util.Memcpy((Array)seed32, 0, (Array)numArray, 32, 32); } Hash.Rfc6979HmacSha256Initialize(rng, numArray, seed32 != null ? 64U : 32U); Util.MemSet(numArray, (byte)0, numArray.Length); bool overflow; do { Hash.Rfc6979HmacSha256Generate(rng, b32, 32); overflow = !Field.SetB32(fe, b32) | Field.IsZero(fe); }while (overflow); Group.secp256k1_gej_rescale(ctx.Initial, fe); Field.Clear(fe); do { Hash.Rfc6979HmacSha256Generate(rng, b32, 32); Scalar.SetB32(scalar, b32, ref overflow); overflow |= Scalar.IsZero(scalar); }while (overflow); Hash.Rfc6979HmacSha256Finalize(rng); Util.MemSet(b32, (byte)0, 32); GeJ r; EcMultGen.secp256k1_ecmult_gen(ctx, out r, scalar); Scalar.Negate(scalar, scalar); ctx.Blind = scalar.Clone(); ctx.Initial = r.Clone(); Scalar.Clear(scalar); Group.secp256k1_gej_clear(r); }
public static bool nonce_function_rfc6979(byte[] nonce32, byte[] msg32, byte[] key32, byte[] algo16, byte[] data, uint counter) { var sizeofkeydata = 112; var keydata = new byte[sizeofkeydata]; Rfc6979HmacSha256T rng = new Rfc6979HmacSha256T(); uint i; // We feed a byte array to the PRNG as input, consisting of: // - the private key (32 bytes) and message (32 bytes), see RFC 6979 3.2d. // - optionally 32 extra bytes of data, see RFC 6979 3.6 Additional Data. // - optionally 16 extra bytes with the algorithm name. // Because the arguments have distinct fixed lengths it is not possible for // different argument mixtures to emulate each other and result in the same // nonces. UInt32 keylen = 0; Util.Memcpy(key32, 0, keydata, keylen, 32); //memcpy(keydata, key32, 32); keylen += 32; Util.Memcpy(msg32, 0, keydata, keylen, 32); //memcpy(keydata + 32, msg32, 32); keylen += 32; if (data != null) { Util.Memcpy(data, 0, keydata, 64, 32); //memcpy(keydata + 64, data, 32); keylen = 96; } if (algo16 != null) { Util.Memcpy(algo16, 0, keydata, keylen, 16); //memcpy(keydata + keylen, algo16, 16); keylen += 16; } Hash.Rfc6979HmacSha256Initialize(rng, keydata, keylen); Util.MemSet(keydata, 0, sizeofkeydata);//memset(keydata, 0, sizeof(keydata)); for (i = 0; i <= counter; i++) { Hash.Rfc6979HmacSha256Generate(rng, nonce32, 32); } Hash.Rfc6979HmacSha256Finalize(rng); return(true); }