/// <summary> /// Signs data using the EdDSA algorithm. /// </summary> /// <param name="Data">Data to be signed.</param> /// <param name="PrivateKey">Private key.</param> /// <param name="Prefix">Prefix</param> /// <param name="HashFunction">Hash function to use</param> /// <param name="Curve">Elliptic curve</param> /// <returns>Signature</returns> public static byte[] Sign(Stream Data, byte[] PrivateKey, byte[] Prefix, HashFunctionStream HashFunction, EdwardsCurveBase Curve) { // 5.1.6 of RFC 8032 int ScalarBytes = PrivateKey.Length; if (Prefix.Length != ScalarBytes) { throw new ArgumentException("Invalid prefix.", nameof(Prefix)); } BigInteger a = EllipticCurve.ToInt(PrivateKey); PointOnCurve P = Curve.ScalarMultiplication(PrivateKey, Curve.BasePoint, true); byte[] A = Encode(P, Curve); byte[] h; using (TemporaryFile TempFile = new TemporaryFile()) // dom2(F, C) = blank string { TempFile.Write(Prefix, 0, ScalarBytes); // prefix Data.Position = 0; Data.CopyTo(TempFile); // PH(M)=M TempFile.Position = 0; h = HashFunction(TempFile); } BigInteger r = BigInteger.Remainder(EllipticCurve.ToInt(h), Curve.Order); PointOnCurve R = Curve.ScalarMultiplication(r, Curve.BasePoint, true); byte[] Rs = Encode(R, Curve); using (TemporaryFile TempFile = new TemporaryFile()) // dom2(F, C) = blank string { TempFile.Write(Rs, 0, ScalarBytes); TempFile.Write(A, 0, ScalarBytes); Data.Position = 0; Data.CopyTo(TempFile); // PH(M)=M TempFile.Position = 0; h = HashFunction(TempFile); } BigInteger k = BigInteger.Remainder(EllipticCurve.ToInt(h), Curve.Order); BigInteger s = Curve.ModulusN.Add(r, Curve.ModulusN.Multiply(k, a)); byte[] Bin = s.ToByteArray(); if (Bin.Length != ScalarBytes) { Array.Resize <byte>(ref Bin, ScalarBytes); } byte[] Signature = new byte[ScalarBytes << 1]; Array.Copy(Rs, 0, Signature, 0, ScalarBytes); Array.Copy(Bin, 0, Signature, ScalarBytes, ScalarBytes); return(Signature); }