internal static void crypto_sign2(
byte[] sig,
byte[] m,
byte[] sk,
int keylen)
{
byte[] privHash = new byte[64];
byte[] seededHash = new byte[64];
byte[] result = new byte[64];
GroupElementP3 R = new GroupElementP3();
var hasher = new Sha3Digest(512);
{
hasher.BlockUpdate(sk, 0, keylen);
hasher.DoFinal(privHash, 0);
ScalarOperations.sc_clamp(privHash, 0);
hasher.Reset();
hasher.BlockUpdate(privHash, 32, 32);
hasher.BlockUpdate(m, 0, m.Length);
hasher.DoFinal(seededHash, 0);
ScalarOperations.sc_reduce(seededHash);
GroupOperations.ge_scalarmult_base(out R, seededHash, 0);
GroupOperations.ge_p3_tobytes(sig, 0, ref R);
hasher.Reset();
hasher.BlockUpdate(sig, 0, 32);
hasher.BlockUpdate(sk, keylen, 32);
hasher.BlockUpdate(m, 0, m.Length);
hasher.DoFinal(result, 0);
ScalarOperations.sc_reduce(result);
var s = new byte[32]; //todo: remove allocation
Array.Copy(sig, 32, s, 0, 32);
ScalarOperations.sc_muladd(s, result, privHash, seededHash);
Array.Copy(s, 0, sig, 32, 32);
CryptoBytes.Wipe(s);
}
}
public static void crypto_sign2(
byte[] sig, int sigoffset,
byte[] m, int moffset, int mlen,
byte[] sk, int skoffset)
{
byte[] az = new byte[64];
byte[] r = new byte[64];
byte[] hram = new byte[64];
GroupElementP3 R;
var hasher2 = new Sha3Digest(512);
{
hasher2.BlockUpdate(sk, 0, 32);
hasher2.DoFinal(az, 0);
ScalarOperations.sc_clamp(az, 0);
hasher2.Reset();
hasher2.BlockUpdate(az, 32, 32);
hasher2.BlockUpdate(m, moffset, mlen);
hasher2.DoFinal(r, 0);
ScalarOperations.sc_reduce(r);
GroupOperations.ge_scalarmult_base(out R, r, 0);
GroupOperations.ge_p3_tobytes(sig, sigoffset, ref R);
hasher2.Reset();
hasher2.BlockUpdate(sig, sigoffset, 32);
hasher2.BlockUpdate(sk, skoffset + 32, 32);
hasher2.BlockUpdate(m, moffset, mlen);
hasher2.DoFinal(hram, 0);
ScalarOperations.sc_reduce(hram);
var s = new byte[32];
Array.Copy(sig, sigoffset + 32, s, 0, 32);
ScalarOperations.sc_muladd(s, hram, az, r);
Array.Copy(s, 0, sig, sigoffset + 32, 32);
CryptoBytes.Wipe(s);
}
}
public void Reset()
{
sha3Digest.Reset();
}
