public static void crypto_sign_keypair(byte[] pk, int pkoffset, byte[] sk, int skoffset, byte[] seed, int seedoffset)
{
GroupElementP3 A;
int i;
Array.Copy(seed, seedoffset, sk, skoffset, 32);
var blake2bConfig = new Blake2BConfig
{
OutputSizeInBytes = 64
};
var hasher = Blake2B.Create(blake2bConfig);
hasher.Update(sk, skoffset, 32);
byte[] h = hasher.Finish();
//byte[] h = Sha512.Hash(sk, skoffset, 32);//ToDo: Remove alloc
ScalarOperations.sc_clamp(h, 0);
GroupOperations.ge_scalarmult_base(out A, h, 0);
GroupOperations.ge_p3_tobytes(pk, pkoffset, ref A);
for (i = 0; i < 32; ++i)
{
sk[skoffset + 32 + i] = pk[pkoffset + i];
}
CryptoBytes.Wipe(h);
}
/// <summary>
/// Generates public key from secret.
/// </summary>
/// <param name="tmp">Temporary array of 64 bytes.</param>
/// <remarks>This method is added by @alexanderdna to reduce allocation and redundant code.</remarks>
public static void crypto_public_key(byte[] secret, int secretOffset, byte[] publicKey, int publicKeyOffset, byte[] tmp)
{
var hasher = Blake2Fast.Blake2b.CreateIncrementalHasher(64);
hasher.Update(new ArraySegment <byte>(secret, secretOffset, 32));
hasher.Finish(tmp);
GroupElementP3 A;
ScalarOperations.sc_clamp(tmp, 0);
GroupOperations.ge_scalarmult_base(out A, tmp, 0);
GroupOperations.ge_p3_tobytes(publicKey, publicKeyOffset, ref A);
}
public static void crypto_sign_keypair(byte[] pk, int pkoffset, byte[] sk, int skoffset, byte[] seed, int seedoffset)
{
GroupElementP3 A;
int i;
Array.Copy(seed, seedoffset, sk, skoffset, 32);
byte[] h = Sha512.Hash(sk, skoffset, 32);//ToDo: Remove alloc
ScalarOperations.sc_clamp(h, 0);
GroupOperations.ge_scalarmult_base(out A, h, 0);
GroupOperations.ge_p3_tobytes(pk, pkoffset, ref A);
for (i = 0; i \
public static void crypto_sign_keypair(byte[] pk, int pkoffset, byte[] sk, int skoffset)
{
GroupElementP3 A;
int i;
ScalarOperations.sc_clamp(sk, 0);
GroupOperations.ge_scalarmult_base(out A, sk, 0);
GroupOperations.ge_p3_tobytes(pk, pkoffset, ref A);
for (i = 0; i < 32; ++i)
{
sk[skoffset + 32 + i] = pk[pkoffset + i];
}
}
internal static void crypto_sign_keypair(byte[] pk, int pkoffset, byte[] sk, int skoffset, byte[] seed, int seedoffset)
{
GroupElementP3 A;
int i;
Array.Copy(seed, seedoffset, sk, skoffset, 32);
byte[] h = Sha512.Hash(sk, skoffset, 32);//ToDo: Remove alloc
ScalarOperations.sc_clamp(h, 0);
GroupOperations.ge_scalarmult_base(out A, h, 0);
GroupOperations.ge_p3_tobytes(pk, pkoffset, ref A);
for (i = 0; i < 32; ++i)
{
sk[skoffset + 32 + i] = pk[pkoffset + i];
}
CryptoBytes.Wipe(h);
}
/*public static void crypto_sign(
* byte[] sm, out int smlen,
* byte[] m, int mlen,
* byte[] sk
* )
* {
* byte[] az = new byte[64];
* byte[] r = new byte[64];
* byte[] hram = new byte[64];
* GroupElementP3 R;
* int i;
*
* Helpers.crypto_hash_sha512(az, sk, 0, 32);
* az[0] &= 248;
* az[31] &= 63;
* az[31] |= 64;
*
* smlen = mlen + 64;
* for (i = 0; i < mlen; ++i) sm[64 + i] = m[i];
* for (i = 0; i < 32; ++i) sm[32 + i] = az[32 + i];
* Helpers.crypto_hash_sha512(r, sm, 32, mlen + 32);
* for (i = 0; i < 32; ++i) sm[32 + i] = sk[32 + i];
*
* ScalarOperations.sc_reduce(r);
* GroupOperations.ge_scalarmult_base(out R, r, 0);
* GroupOperations.ge_p3_tobytes(sm, 0, ref R);
*
* Helpers.crypto_hash_sha512(hram, sm, 0, mlen + 64);
* ScalarOperations.sc_reduce(hram);
* var sm32 = new byte[32];
* Array.Copy(sm, 32, sm32, 0, 32);
* ScalarOperations.sc_muladd(sm32, hram, az, r);
* Array.Copy(sm32, 0, sm, 32, 32);
* }*/
public static void crypto_sign2(
byte[] sig, int sigoffset,
byte[] m, int moffset, int mlen,
byte[] sk, int skoffset)
{
byte[] az;
byte[] r;
byte[] hram;
GroupElementP3 R;
var blake2bConfig = new Blake2BConfig
{
OutputSizeInBytes = 64
};
var hasher = Blake2B.Create(blake2bConfig);
//var hasher = new Sha512();
{
hasher.Update(sk, skoffset, 32);
az = hasher.Finish();
ScalarOperations.sc_clamp(az, 0);
hasher.Init();
hasher.Update(az, 32, 32);
hasher.Update(m, moffset, mlen);
r = hasher.Finish();
ScalarOperations.sc_reduce(r);
GroupOperations.ge_scalarmult_base(out R, r, 0);
GroupOperations.ge_p3_tobytes(sig, sigoffset, ref R);
hasher.Init();
hasher.Update(sig, sigoffset, 32);
hasher.Update(sk, skoffset + 32, 32);
hasher.Update(m, moffset, mlen);
hram = hasher.Finish();
ScalarOperations.sc_reduce(hram);
var s = new byte[32]; //todo: remove allocation
Array.Copy(sig, sigoffset + 32, s, 0, 32);
ScalarOperations.sc_muladd(s, hram, az, r);
Array.Copy(s, 0, sig, sigoffset + 32, 32);
CryptoBytes.Wipe(s);
}
}
/*public static void crypto_sign(
* byte[] sm, out int smlen,
* byte[] m, int mlen,
* byte[] sk
* )
* {
* byte[] az = new byte[64];
* byte[] r = new byte[64];
* byte[] hram = new byte[64];
* GroupElementP3 R;
* int i;
*
* Helpers.crypto_hash_sha512(az, sk, 0, 32);
* az[0] &= 248;
* az[31] &= 63;
* az[31] |= 64;
*
* smlen = mlen + 64;
* for (i = 0; i < mlen; ++i) sm[64 + i] = m[i];
* for (i = 0; i < 32; ++i) sm[32 + i] = az[32 + i];
* Helpers.crypto_hash_sha512(r, sm, 32, mlen + 32);
* for (i = 0; i < 32; ++i) sm[32 + i] = sk[32 + i];
*
* ScalarOperations.sc_reduce(r);
* GroupOperations.ge_scalarmult_base(out R, r, 0);
* GroupOperations.ge_p3_tobytes(sm, 0, ref R);
*
* Helpers.crypto_hash_sha512(hram, sm, 0, mlen + 64);
* ScalarOperations.sc_reduce(hram);
* var sm32 = new byte[32];
* Array.Copy(sm, 32, sm32, 0, 32);
* ScalarOperations.sc_muladd(sm32, hram, az, r);
* Array.Copy(sm32, 0, sm, 32, 32);
* }*/
public static void crypto_sign2(
byte[] sig, int sigoffset,
byte[] m, int moffset, int mlen,
byte[] sk, int skoffset)
{
byte[] az = new byte[64];
byte[] r = new byte[64];
byte[] hram = new byte[64];
GroupElementP3 R;
var DigestSha3 = new KeccakDigest(512);
{
DigestSha3.BlockUpdate(sk, skoffset, 32);
DigestSha3.DoFinal(az, 0);
ScalarOperations.sc_clamp(az, 0);
DigestSha3.Reset();
DigestSha3.BlockUpdate(az, 32, 32);
DigestSha3.BlockUpdate(m, moffset, mlen);
DigestSha3.DoFinal(r, 0);
ScalarOperations.sc_reduce(r);
GroupOperations.ge_scalarmult_base(out R, r, 0);
GroupOperations.ge_p3_tobytes(sig, sigoffset, ref R);
DigestSha3.Reset();
DigestSha3.BlockUpdate(sig, sigoffset, 32);
DigestSha3.BlockUpdate(sk, skoffset + 32, 32);
DigestSha3.BlockUpdate(m, moffset, mlen);
DigestSha3.DoFinal(hram, 0);
ScalarOperations.sc_reduce(hram);
var s = new byte[32]; //todo: remove allocation
Array.Copy(sig, sigoffset + 32, s, 0, 32);
ScalarOperations.sc_muladd(s, hram, az, r);
Array.Copy(s, 0, sig, sigoffset + 32, 32);
CryptoBytes.Wipe(s);
}
}
public static void crypto_sign_keypair(byte[] pk, int pkoffset, byte[] sk, int skoffset, byte[] seed, int seedoffset)
{
GroupElementP3 A;
int i;
Array.Copy(seed, seedoffset, sk, skoffset, 32);
var digest = new KeccakDigest(512); //new // tried and failed -> new Sha3Digest(512);
byte[] h = new byte[64]; // byte[] ha = Sha512.Hash(sk, skoffset, 32);//ToDo: Remove alloc
digest.BlockUpdate(sk, skoffset, 32); // new
digest.DoFinal(h, 0); // new
ScalarOperations.sc_clamp(h, 0);
GroupOperations.ge_scalarmult_base(out A, h, 0);
GroupOperations.ge_p3_tobytes(pk, pkoffset, ref A);
for (i = 0; i < 32; ++i)
{
sk[skoffset + 32 + i] = pk[pkoffset + i];
}
CryptoBytes.Wipe(h);
}
/*public static void crypto_sign(
* byte[] sm, out int smlen,
* byte[] m, int mlen,
* byte[] sk
* )
* {
* byte[] az = new byte[64];
* byte[] r = new byte[64];
* byte[] hram = new byte[64];
* GroupElementP3 R;
* int i;
*
* Helpers.crypto_hash_sha512(az, sk, 0, 32);
* az[0] &= 248;
* az[31] &= 63;
* az[31] |= 64;
*
* smlen = mlen + 64;
* for (i = 0; i < mlen; ++i) sm[64 + i] = m[i];
* for (i = 0; i < 32; ++i) sm[32 + i] = az[32 + i];
* Helpers.crypto_hash_sha512(r, sm, 32, mlen + 32);
* for (i = 0; i < 32; ++i) sm[32 + i] = sk[32 + i];
*
* ScalarOperations.sc_reduce(r);
* GroupOperations.ge_scalarmult_base(out R, r, 0);
* GroupOperations.ge_p3_tobytes(sm, 0, ref R);
*
* Helpers.crypto_hash_sha512(hram, sm, 0, mlen + 64);
* ScalarOperations.sc_reduce(hram);
* var sm32 = new byte[32];
* Array.Copy(sm, 32, sm32, 0, 32);
* ScalarOperations.sc_muladd(sm32, hram, az, r);
* Array.Copy(sm32, 0, sm, 32, 32);
* }*/
public static void crypto_sign2(
byte[] sig, int sigoffset,
byte[] m, int moffset, int mlen,
byte[] sk, int skoffset)
{
byte[] az;
byte[] r;
byte[] hram;
GroupElementP3 R;
var hasher = Blake2Fast.Blake2b.CreateIncrementalHasher(64);
//var hasher = new Sha512();
{
hasher.Update(new ArraySegment <byte>(sk, skoffset, 32));
az = hasher.Finish();
ScalarOperations.sc_clamp(az, 0);
hasher = Blake2Fast.Blake2b.CreateIncrementalHasher(64);
hasher.Update(new ArraySegment <byte>(az, 32, 32));
hasher.Update(new ArraySegment <byte>(m, moffset, mlen));
r = hasher.Finish();
ScalarOperations.sc_reduce(r);
GroupOperations.ge_scalarmult_base(out R, r, 0);
GroupOperations.ge_p3_tobytes(sig, sigoffset, ref R);
hasher = Blake2Fast.Blake2b.CreateIncrementalHasher(64);
hasher.Update(new ArraySegment <byte>(sig, sigoffset, 32));
hasher.Update(new ArraySegment <byte>(sk, skoffset + 32, 32));
hasher.Update(new ArraySegment <byte>(m, moffset, mlen));
hram = hasher.Finish();
ScalarOperations.sc_reduce(hram);
var s = new byte[32]; //todo: remove allocation
Array.Copy(sig, sigoffset + 32, s, 0, 32);
ScalarOperations.sc_muladd(s, hram, az, r);
Array.Copy(s, 0, sig, sigoffset + 32, 32);
CryptoBytes.Wipe(s);
}
}
public static void crypto_sign_keypair(byte[] pk, int pkoffset, byte[] sk, int skoffset, byte[] seed, int seedoffset)
{
GroupElementP3 A;
int i;
Array.Copy(seed, seedoffset, sk, skoffset, 32);
var hasher = Blake2Fast.Blake2b.CreateIncrementalHasher(64);
hasher.Update(new ArraySegment <byte>(sk, skoffset, 32));
byte[] h = hasher.Finish();
//byte[] h = Sha512.Hash(sk, skoffset, 32);//ToDo: Remove alloc
ScalarOperations.sc_clamp(h, 0);
GroupOperations.ge_scalarmult_base(out A, h, 0);
GroupOperations.ge_p3_tobytes(pk, pkoffset, ref A);
for (i = 0; i < 32; ++i)
{
sk[skoffset + 32 + i] = pk[pkoffset + i];
}
CryptoBytes.Wipe(h);
}
