public static byte[] ComputeHash(byte[] key, byte[] msg)
{
var _sha512 = new SHA512();
if (key.Length > BlockSize)
{
_sha512.Init();
_sha512.Update(key, 0, key.Length);
key = _sha512.Finish();
}
_sha512.Init();
var i_pad = GeneratePadding(key, IPAD);
_sha512.Update(i_pad, 0, i_pad.Length);
_sha512.Update(msg, 0, msg.Length);
var temp = _sha512.Finish();
_sha512.Init();
var o_pad = GeneratePadding(key, OPAD);
_sha512.Update(o_pad, 0, o_pad.Length);
_sha512.Update(temp, 0, temp.Length);
return(_sha512.Finish());
}
public void TestSha512Repeatability()
{
byte[] source = Encoding.ASCII.GetBytes(
"asjdhweiurhwiuthedkgsdkfjh4otuiheriughdfjkgnsdçfjherslighjsghnoçiljhoçitujgpe8rotu89pearthkjdf.");
SHA512 sharedTest = new SHA512();
int testFails = 0; //differences in reused and fresh custom sha256 hashes
for (int i = 0; i < 10000; i++)
{
SHA512 freshTest = new SHA512();
sharedTest.Update(source, 0, source.Length);
freshTest.Update(source, 0, source.Length);
var sharedTestHash = sharedTest.Finish();
var freshTestHash = freshTest.Finish();
testFails += sharedTestHash.SequenceEqual(freshTestHash) ? 0 : 1;
sharedTest.Init();
}
Assert.IsTrue(testFails == 0);
}
public static void GenerateSignature(
byte[] sig, int sigoffset,
byte[] m, int moffset, int mlen,
byte[] sk, int skoffset)
{
byte[] az;
byte[] r;
byte[] hram;
GroupElementP3 R;
var hasher = new SHA512();
{
hasher.Update(sk, skoffset, 32);
az = hasher.Finish();
ScalarOperations.sc_clamp(az, 0);
hasher.Init();
hasher.Update(az, 32, 32);
hasher.Update(m, moffset, mlen);
r = hasher.Finish();
ScalarOperations.sc_reduce(r);
GroupOperations.ge_scalarmult_base(out R, r, 0);
GroupOperations.ge_p3_tobytes(sig, sigoffset, ref R);
hasher.Init();
hasher.Update(sig, sigoffset, 32);
hasher.Update(sk, skoffset + 32, 32);
hasher.Update(m, moffset, mlen);
hram = hasher.Finish();
ScalarOperations.sc_reduce(hram);
var s = new byte[32];//todo: remove allocation
Array.Copy(sig, sigoffset + 32, s, 0, 32);
ScalarOperations.sc_muladd(s, hram, az, r);
Array.Copy(s, 0, sig, sigoffset + 32, 32);
CryptoExtensions.Wipe(s);
}
}
public static bool VerifySignature(
byte[] sig, int sigoffset,
byte[] m, int moffset, int mlen,
byte[] pk, int pkoffset)
{
byte[] h;
byte[] checkr = new byte[32];
GroupElementP3 A;
GroupElementP2 R;
if ((sig[sigoffset + 63] & 224) != 0)
{
return(false);
}
if (GroupOperations.ge_frombytes_negate_vartime(out A, pk, pkoffset) != 0)
{
return(false);
}
var hasher = new SHA512();
hasher.Update(sig, sigoffset, 32);
hasher.Update(pk, pkoffset, 32);
hasher.Update(m, moffset, mlen);
h = hasher.Finish();
ScalarOperations.sc_reduce(h);
var sm32 = new byte[32];//todo: remove allocation
Array.Copy(sig, sigoffset + 32, sm32, 0, 32);
GroupOperations.ge_double_scalarmult_vartime(out R, h, ref A, sm32);
GroupOperations.ge_tobytes(checkr, 0, ref R);
var result = CryptoExtensions.ConstantTimeEquals(checkr, 0, sig, sigoffset, 32);
CryptoExtensions.Wipe(h);
CryptoExtensions.Wipe(checkr);
return(result);
}
