ge_p3_tobytes() static private method

static private ge_p3_tobytes ( Array, s, int offset, GroupElementP3, &h ) : void
s Array,
offset int
h GroupElementP3,
return void
        public static void GenerateSignature(
            byte[] sig, int sigoffset,
            byte[] m, int moffset, int mlen,
            byte[] sk, int skoffset)
        {
            byte[]         az;
            byte[]         r;
            byte[]         hram;
            GroupElementP3 R;
            var            hasher = new SHA512();
            {
                hasher.Update(sk, skoffset, 32);
                az = hasher.Finish();
                ScalarOperations.sc_clamp(az, 0);

                hasher.Init();
                hasher.Update(az, 32, 32);
                hasher.Update(m, moffset, mlen);
                r = hasher.Finish();

                ScalarOperations.sc_reduce(r);
                GroupOperations.ge_scalarmult_base(out R, r, 0);
                GroupOperations.ge_p3_tobytes(sig, sigoffset, ref R);

                hasher.Init();
                hasher.Update(sig, sigoffset, 32);
                hasher.Update(sk, skoffset + 32, 32);
                hasher.Update(m, moffset, mlen);
                hram = hasher.Finish();

                ScalarOperations.sc_reduce(hram);
                var s = new byte[32];//todo: remove allocation
                Array.Copy(sig, sigoffset + 32, s, 0, 32);
                ScalarOperations.sc_muladd(s, hram, az, r);
                Array.Copy(s, 0, sig, sigoffset + 32, 32);
                CryptoExtensions.Wipe(s);
            }
        }
示例#2
0
        public byte[] CreateResponse(string password, ReadOnlySpan <byte> authenticationData)
        {
            // Java reference: https://github.com/MariaDB/mariadb-connector-j/blob/master/src/main/java/org/mariadb/jdbc/internal/com/send/authentication/Ed25519PasswordPlugin.java
            // C reference:  https://github.com/MariaDB/server/blob/592fe954ef82be1bc08b29a8e54f7729eb1e1343/plugin/auth_ed25519/ref10/sign.c#L7

            /*** Java
             *      byte[] bytePwd;
             *      if (passwordCharacterEncoding != null && !passwordCharacterEncoding.isEmpty()) {
             *              bytePwd = password.getBytes(passwordCharacterEncoding);
             *      } else {
             *              bytePwd = password.getBytes();
             *      }
             */
            byte[] passwordBytes = Encoding.UTF8.GetBytes(password);

            /*** Java
             *      MessageDigest hash = MessageDigest.getInstance("SHA-512");
             *
             *      byte[] az = hash.digest(bytePwd);
             *      az[0] &= 248;
             *      az[31] &= 63;
             *      az[31] |= 64;
             */
            /*** C
             *      unsigned char az[64];
             *
             *      crypto_hash_sha512(az,pw,pwlen);
             *      az[0] &= 248;
             *      az[31] &= 63;
             *      az[31] |= 64;
             */

            using (var sha512 = SHA512.Create())
            {
                byte[] az = sha512.ComputeHash(passwordBytes);
                ScalarOperations.sc_clamp(az, 0);

                /*** Java
                 *      int mlen = seed.length;
                 *      final byte[] sm = new byte[64 + mlen];
                 *
                 *      System.arraycopy(seed, 0, sm, 64, mlen);
                 *      System.arraycopy(az, 32, sm, 32, 32);
                 *
                 *      byte[] buff = Arrays.copyOfRange(sm, 32, 96);
                 *      hash.reset();
                 *      byte[] nonce = hash.digest(buff);
                 */
                /*** C
                 *      unsigned char nonce[64];
                 *      unsigned char hram[64];
                 *
                 *      memmove(sm + 64,m,mlen);
                 *      memmove(sm + 32,az + 32,32);
                 *      crypto_hash_sha512(nonce,sm + 32,mlen + 32);
                 */

                byte[] sm = new byte[64 + authenticationData.Length];
                authenticationData.CopyTo(sm.AsSpan().Slice(64));
                Buffer.BlockCopy(az, 32, sm, 32, 32);
                byte[] nonce = sha512.ComputeHash(sm, 32, authenticationData.Length + 32);

                /*** Java
                 *      ScalarOps scalar = new ScalarOps();
                 *
                 *      EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519");
                 *      GroupElement elementAvalue = spec.getB().scalarMultiply(az);
                 *      byte[] elementAarray = elementAvalue.toByteArray();
                 *      System.arraycopy(elementAarray, 0, sm, 32, elementAarray.length);
                 */
                /*** C
                 *      ge_p3 A;
                 *
                 *      ge_scalarmult_base(&A,az);
                 *      ge_p3_tobytes(sm + 32,&A);
                 */

                GroupOperations.ge_scalarmult_base(out var A, az, 0);
                GroupOperations.ge_p3_tobytes(sm, 32, ref A);

                /*** Java
                 *      nonce = scalar.reduce(nonce);
                 *      GroupElement elementRvalue = spec.getB().scalarMultiply(nonce);
                 *      byte[] elementRarray = elementRvalue.toByteArray();
                 *      System.arraycopy(elementRarray, 0, sm, 0, elementRarray.length);
                 */
                /*** C
                 *      ge_p3 R;
                 *
                 *      sc_reduce(nonce);
                 *      ge_scalarmult_base(&R,nonce);
                 *      ge_p3_tobytes(sm,&R);
                 */
                ScalarOperations.sc_reduce(nonce);
                GroupOperations.ge_scalarmult_base(out var R, nonce, 0);
                GroupOperations.ge_p3_tobytes(sm, 0, ref R);

                /*** Java
                 *      hash.reset();
                 *      byte[] hram = hash.digest(sm);
                 *      hram = scalar.reduce(hram);
                 *      byte[] tt = scalar.multiplyAndAdd(hram, az, nonce);
                 *      System.arraycopy(tt, 0, sm, 32, tt.length);
                 *
                 *      return Arrays.copyOfRange(sm, 0, 64);
                 */
                /*** C
                 *      unsigned char hram[64];
                 *
                 *      crypto_hash_sha512(hram,sm,mlen + 64);
                 *      sc_reduce(hram);
                 *      sc_muladd(sm + 32,hram,az,nonce);
                 *
                 *      return 0;
                 */
                var hram = sha512.ComputeHash(sm);
                ScalarOperations.sc_reduce(hram);
                var temp = new byte[32];
                ScalarOperations.sc_muladd(temp, hram, az, nonce);
                Buffer.BlockCopy(temp, 0, sm, 32, temp.Length);

                var result = new byte[64];
                Buffer.BlockCopy(sm, 0, result, 0, result.Length);
                return(result);
            }
        }