public static bool nonce_function_rfc6979(byte[] nonce32, byte[] msg32, byte[] key32, byte[] algo16, byte[] data, uint counter)
{
int size = 112;
byte[] numArray = new byte[size];
Rfc6979HmacSha256T rng = new Rfc6979HmacSha256T();
uint dstOffset1 = 0;
Util.Memcpy((Array)key32, 0U, (Array)numArray, dstOffset1, 32U);
uint dstOffset2 = dstOffset1 + 32U;
Util.Memcpy((Array)msg32, 0U, (Array)numArray, dstOffset2, 32U);
uint num = dstOffset2 + 32U;
if (data != null)
{
Util.Memcpy((Array)data, 0, (Array)numArray, 64, 32);
num = 96U;
}
if (algo16 != null)
{
Util.Memcpy((Array)algo16, 0U, (Array)numArray, num, 16U);
num += 16U;
}
Hash.Rfc6979HmacSha256Initialize(rng, numArray, num);
Util.MemSet(numArray, (byte)0, size);
for (uint index = 0; index <= counter; ++index)
{
Hash.Rfc6979HmacSha256Generate(rng, nonce32, 32);
}
Hash.Rfc6979HmacSha256Finalize(rng);
return(true);
}
public static void Blind(EcmultGenContext ctx, byte[] seed32)
{
var scalar = new Scalar();
var fe = new Fe();
var rng = new Rfc6979HmacSha256T();
var numArray = new byte[64];
if (seed32 == null)
{
Group.secp256k1_gej_set_ge(ctx.Initial, Group.Secp256K1GeConstG);
Group.secp256k1_gej_neg(ctx.Initial, ctx.Initial);
ctx.Blind.SetInt(1U);
}
var b32 = Scalar.GetB32(ctx.Blind);
Util.Memcpy((Array)b32, 0, (Array)numArray, 0, 32);
if (seed32 != null)
{
Util.Memcpy((Array)seed32, 0, (Array)numArray, 32, 32);
}
Hash.Rfc6979HmacSha256Initialize(rng, numArray, seed32 != null ? 64U : 32U);
Util.MemSet(numArray, (byte)0, numArray.Length);
bool overflow;
do
{
Hash.Rfc6979HmacSha256Generate(rng, b32, 32);
overflow = !Field.SetB32(fe, b32) | Field.IsZero(fe);
}while (overflow);
Group.secp256k1_gej_rescale(ctx.Initial, fe);
Field.Clear(fe);
do
{
Hash.Rfc6979HmacSha256Generate(rng, b32, 32);
Scalar.SetB32(scalar, b32, ref overflow);
overflow |= Scalar.IsZero(scalar);
}while (overflow);
Hash.Rfc6979HmacSha256Finalize(rng);
Util.MemSet(b32, (byte)0, 32);
GeJ r;
EcMultGen.secp256k1_ecmult_gen(ctx, out r, scalar);
Scalar.Negate(scalar, scalar);
ctx.Blind = scalar.Clone();
ctx.Initial = r.Clone();
Scalar.Clear(scalar);
Group.secp256k1_gej_clear(r);
}
public static bool nonce_function_rfc6979(byte[] nonce32, byte[] msg32, byte[] key32, byte[] algo16, byte[] data, uint counter)
{
var sizeofkeydata = 112;
var keydata = new byte[sizeofkeydata];
Rfc6979HmacSha256T rng = new Rfc6979HmacSha256T();
uint i;
// We feed a byte array to the PRNG as input, consisting of:
// - the private key (32 bytes) and message (32 bytes), see RFC 6979 3.2d.
// - optionally 32 extra bytes of data, see RFC 6979 3.6 Additional Data.
// - optionally 16 extra bytes with the algorithm name.
// Because the arguments have distinct fixed lengths it is not possible for
// different argument mixtures to emulate each other and result in the same
// nonces.
UInt32 keylen = 0;
Util.Memcpy(key32, 0, keydata, keylen, 32); //memcpy(keydata, key32, 32);
keylen += 32;
Util.Memcpy(msg32, 0, keydata, keylen, 32); //memcpy(keydata + 32, msg32, 32);
keylen += 32;
if (data != null)
{
Util.Memcpy(data, 0, keydata, 64, 32); //memcpy(keydata + 64, data, 32);
keylen = 96;
}
if (algo16 != null)
{
Util.Memcpy(algo16, 0, keydata, keylen, 16); //memcpy(keydata + keylen, algo16, 16);
keylen += 16;
}
Hash.Rfc6979HmacSha256Initialize(rng, keydata, keylen);
Util.MemSet(keydata, 0, sizeofkeydata);//memset(keydata, 0, sizeof(keydata));
for (i = 0; i <= counter; i++)
{
Hash.Rfc6979HmacSha256Generate(rng, nonce32, 32);
}
Hash.Rfc6979HmacSha256Finalize(rng);
return(true);
}
