public override Boolean Verify(byte[] publicKey, byte[] message, byte[] signature, byte[] rgbContext = null) { EdDSAPoint A = DecodePoint(publicKey); byte[] r = new byte[signature.Length / 2]; Array.Copy(signature, r, r.Length); EdDSAPoint R = DecodePoint(r); byte[] s = new byte[signature.Length / 2]; Array.Copy(signature, r.Length, s, 0, r.Length); Array.Reverse(s); BigInteger S = new BigInteger(1, s); message = PreHash(message); ShakeDigest sha256 = new ShakeDigest(256); byte[] rgbDom = Dom(rgbContext); sha256.BlockUpdate(rgbDom, 0, rgbDom.Length); sha256.BlockUpdate(r, 0, r.Length); sha256.BlockUpdate(publicKey, 0, publicKey.Length); sha256.BlockUpdate(message, 0, message.Length); byte[] h = new byte[114]; sha256.DoFinal(h, 0, 114); Array.Reverse(h); BigInteger k = new BigInteger(1, h).Mod(EdDSAPoint448.L); EdDSAPoint left = EdDSAPoint448.B.MultipleByScalar(S).Normalize(); EdDSAPoint right = EdDSAPoint448.Add((EdDSAPoint448)R, (EdDSAPoint448)A.MultipleByScalar(k)).Normalize(); return(left.equal(right)); }
public override byte[] Sign(byte[] publicKey, byte[] privateKey, byte[] M, byte[] context = null) { ShakeDigest sha512 = new ShakeDigest(256); sha512.BlockUpdate(privateKey, 0, privateKey.Length); byte[] h = new byte[114]; sha512.DoFinal(h, 0, 114); byte[] x = new byte[57]; Array.Copy(h, x, 57); x[0] &= 0xfc; // Clear lowest 2 bits x[56] = 0; // Clear the highest byte x[55] |= 0x80; // Set the highest bit Array.Reverse(x); BigInteger a = new BigInteger(1, x); byte[] A = publicKey; byte[] prefix = new byte[57]; Array.Copy(h, 57, prefix, 0, 57); M = PreHash(M); sha512.Reset(); byte[] domBytes = Dom(context); sha512.BlockUpdate(domBytes, 0, domBytes.Length); sha512.BlockUpdate(prefix, 0, prefix.Length); sha512.BlockUpdate(M, 0, M.Length); byte[] r1 = new byte[114]; sha512.DoFinal(r1, 0, 114); Array.Reverse(r1); BigInteger r = new BigInteger(1, r1).Mod(EdDSAPoint448.L); EdDSAPoint rB = EdDSAPoint448.B.MultipleByScalar(r); byte[] R = rB.Encode(); sha512.Reset(); sha512.BlockUpdate(domBytes, 0, domBytes.Length); sha512.BlockUpdate(R, 0, R.Length); sha512.BlockUpdate(A, 0, A.Length); sha512.BlockUpdate(M, 0, M.Length); byte[] kBytes = new byte[114]; sha512.DoFinal(kBytes, 0, 114); Array.Reverse(kBytes); BigInteger k = new BigInteger(1, kBytes).Mod(EdDSAPoint448.L); BigInteger S = r.Add(k.Multiply(a)).Mod(EdDSAPoint448.L); byte[] hash = new byte[57 * 2]; byte[] rgbS = S.ToByteArrayUnsigned(); Array.Copy(rgbS, 0, hash, 57 - rgbS.Length, rgbS.Length); Array.Reverse(hash); Array.Copy(R, hash, 57); return(hash); }
override public byte[] Encode() { EdDSAPoint point = this.Normalize(); byte[] rgbY = new byte[57]; byte[] y = point.Y.ToByteArrayUnsigned(); Array.Copy(y, 0, rgbY, 57 - y.Length, y.Length); rgbY[0] |= (byte)(point.X.TestBit(0) ? 0x80 : 0); Array.Reverse(rgbY); return(rgbY); }
public Boolean equal(EdDSAPoint other) { if (!this.X.Equals(other.X)) { return(false); } if (!this.Y.Equals(other.Y)) { return(false); } return(true); }
static public void SelfTest() { BigInteger privateKey = new BigInteger("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", 16); byte[] message0 = new byte[0]; EdDSA25517 x = new EdDSA25517(); EdDSAPoint publicKey = x.GetPublic(privateKey.ToByteArrayUnsigned()); publicKey = (EdDSAPoint25517)publicKey.Normalize(); byte[] rgbPublicKey = publicKey.Encode(); EdDSAPoint pt2 = x.DecodePoint(rgbPublicKey); byte[] signature = x.Sign(rgbPublicKey, privateKey.ToByteArrayUnsigned(), message0); x.Verify(rgbPublicKey, message0, signature); }
public static void SelfTest() { BigInteger secretkey = new BigInteger("6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b", 16); BigInteger publicKey = new BigInteger("b3da079b0aa493a5772029f0467baebee5a8112d9d3a22532361da294f7bb3815c5dc59e176b4d9f381ca0938e13c6c07b174be65dfa578e80", 16); //byte[] rgbMessage = new byte[] { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd, 0x66, 0x81, 0x1e, 0x29, 0x15, 0xe7 }; byte[] rgbMessage = new byte[0]; EdDSA448 x = new EdDSA448(); BigInteger signature = new BigInteger("6a12066f55331b6c22acd5d5bfc5d71228fbda80ae8dec26bdd306743c5027cb4890810c162c027468675ecf645a83176c0d7323a2ccde2d80efe5a1268e8aca1d6fbc194d3f77c44986eb4ab4177919ad8bec33eb47bbb5fc6e28196fd1caf56b4e7e0ba5519234d047155ac727a1053100", 16); EdDSAPoint publicPoint = x.GetPublic(secretkey.ToByteArrayUnsigned()); byte[] rgbPublic = publicPoint.Normalize().Encode(); byte[] rgbSig = x.Sign(rgbPublic, secretkey.ToByteArrayUnsigned(), rgbMessage); EdDSAPoint decodePoint = x.DecodePoint(rgbPublic); x.Verify(rgbPublic, rgbMessage, rgbSig); }
public byte[] Sign(EdDSAPoint publicPoint, byte[] privateKey, byte[] M, byte[] rgbContext = null) { return(Sign(publicPoint.Encode(), privateKey, M, rgbContext)); }