public void Sign(Ed448.Algorithm algorithm, byte[] ctx, byte[] msg, int msgOff, int msgLen,
byte[] sig, int sigOff)
{
Ed448PublicKeyParameters publicKey = GeneratePublicKey();
byte[] pk = new byte[Ed448.PublicKeySize];
publicKey.Encode(pk, 0);
switch (algorithm)
{
case Ed448.Algorithm.Ed448:
{
Ed448.Sign(data, 0, pk, 0, ctx, msg, msgOff, msgLen, sig, sigOff);
break;
}
case Ed448.Algorithm.Ed448ph:
{
if (Ed448.PrehashSize != msgLen)
{
throw new ArgumentException("msgLen");
}
Ed448.SignPrehash(data, 0, pk, 0, ctx, msg, msgOff, sig, sigOff);
break;
}
default:
{
throw new ArgumentException("algorithm");
}
}
}
public void TestEd448phConsistency()
{
byte[] sk = new byte[Ed448.SecretKeySize];
byte[] pk = new byte[Ed448.PublicKeySize];
byte[] ctx = new byte[Random.NextInt() & 7];
byte[] m = new byte[255];
byte[] ph = new byte[Ed448.PrehashSize];
byte[] sig1 = new byte[Ed448.SignatureSize];
byte[] sig2 = new byte[Ed448.SignatureSize];
Random.NextBytes(ctx);
Random.NextBytes(m);
for (int i = 0; i < 10; ++i)
{
Random.NextBytes(sk);
Ed448.GeneratePublicKey(sk, 0, pk, 0);
int mLen = Random.NextInt() & 255;
IXof prehash = Ed448.CreatePrehash();
prehash.BlockUpdate(m, 0, mLen);
prehash.DoFinal(ph, 0, ph.Length);
Ed448.SignPrehash(sk, 0, ctx, ph, 0, sig1, 0);
Ed448.SignPrehash(sk, 0, pk, 0, ctx, ph, 0, sig2, 0);
Assert.IsTrue(Arrays.AreEqual(sig1, sig2), "Ed448ph consistent signatures #" + i);
bool shouldVerify = Ed448.VerifyPrehash(sig1, 0, pk, 0, ctx, ph, 0);
Assert.IsTrue(shouldVerify, "Ed448ph consistent sign/verify #" + i);
sig1[Ed448.PublicKeySize - 1] ^= 0x80;
bool shouldNotVerify = Ed448.VerifyPrehash(sig1, 0, pk, 0, ctx, ph, 0);
Assert.IsFalse(shouldNotVerify, "Ed448ph consistent verification failure #" + i);
}
}
private static void CheckEd448phVector(string sSK, string sPK, string sM, string sCTX, string sSig, string text)
{
byte[] sk = Hex.Decode(sSK);
byte[] pk = Hex.Decode(sPK);
byte[] pkGen = new byte[Ed448.PublicKeySize];
Ed448.GeneratePublicKey(sk, 0, pkGen, 0);
Assert.IsTrue(Arrays.AreEqual(pk, pkGen), text);
byte[] m = Hex.Decode(sM);
byte[] ctx = Hex.Decode(sCTX);
byte[] sig = Hex.Decode(sSig);
byte[] badsig = Arrays.Clone(sig);
badsig[Ed448.SignatureSize - 1] ^= 0x80;
byte[] sigGen = new byte[Ed448.SignatureSize];
{
IXof prehash = Ed448.CreatePrehash();
prehash.BlockUpdate(m, 0, m.Length);
byte[] ph = new byte[Ed448.PrehashSize];
prehash.DoFinal(ph, 0, ph.Length);
Ed448.SignPrehash(sk, 0, ctx, ph, 0, sigGen, 0);
Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text);
Ed448.SignPrehash(sk, 0, pk, 0, ctx, ph, 0, sigGen, 0);
Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text);
bool shouldVerify = Ed448.VerifyPrehash(sig, 0, pk, 0, ctx, ph, 0);
Assert.IsTrue(shouldVerify, text);
bool shouldNotVerify = Ed448.VerifyPrehash(badsig, 0, pk, 0, ctx, ph, 0);
Assert.IsFalse(shouldNotVerify, text);
}
{
IXof ph = Ed448.CreatePrehash();
ph.BlockUpdate(m, 0, m.Length);
Ed448.SignPrehash(sk, 0, ctx, ph, sigGen, 0);
Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text);
}
{
IXof ph = Ed448.CreatePrehash();
ph.BlockUpdate(m, 0, m.Length);
Ed448.SignPrehash(sk, 0, pk, 0, ctx, ph, sigGen, 0);
Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text);
}
{
IXof ph = Ed448.CreatePrehash();
ph.BlockUpdate(m, 0, m.Length);
bool shouldVerify = Ed448.VerifyPrehash(sig, 0, pk, 0, ctx, ph);
Assert.IsTrue(shouldVerify, text);
}
{
IXof ph = Ed448.CreatePrehash();
ph.BlockUpdate(m, 0, m.Length);
bool shouldNotVerify = Ed448.VerifyPrehash(badsig, 0, pk, 0, ctx, ph);
Assert.IsFalse(shouldNotVerify, text);
}
}