示例#1
0
        public static void CryptoSign(
            byte[] sig, int sigoffset,
            byte[] m, int moffset, int mlen,
            byte[] sk, int skoffset)
        {
            var hasher = new Sha512();
            {
                hasher.Update(sk, skoffset, 32);
                var az = hasher.Finalize();
                ScalarOperations.Clamp(az, 0);

                hasher.Init();
                hasher.Update(az, 32, 32);
                hasher.Update(m, moffset, mlen);
                var r = hasher.Finalize();

                ScalarOperations.Reduce(r);
                GroupElementP3 R;
                GroupOperations.ScalarMultBase(out R, r, 0);
                GroupOperations.P3ToBytes(sig, sigoffset, ref R);

                hasher.Init();
                hasher.Update(sig, sigoffset, 32);
                hasher.Update(sk, skoffset + 32, 32);
                hasher.Update(m, moffset, mlen);
                var hram = hasher.Finalize();

                ScalarOperations.Reduce(hram);
                var s = new byte[32];
                Array.Copy(sig, sigoffset + 32, s, 0, 32);
                ScalarOperations.MulAdd(s, hram, az, r);
                Array.Copy(s, 0, sig, sigoffset + 32, 32);
                CryptoBytes.Wipe(s);
            }
        }
示例#2
0
        public static bool CryptoSignVerify(
            byte[] sig, int sigoffset,
            byte[] m, int moffset, int mlen,
            byte[] pk, int pkoffset)
        {
            var            checker = new byte[32];
            GroupElementP3 A;
            GroupElementP2 R;

            if ((sig[sigoffset + 63] & 224) != 0)
            {
                return(false);
            }
            if (GroupOperations.FromBytes(out A, pk, pkoffset) != 0)
            {
                return(false);
            }

            var hasher = new Sha512();

            hasher.Update(sig, sigoffset, 32);
            hasher.Update(pk, pkoffset, 32);
            hasher.Update(m, moffset, mlen);
            var h = hasher.Finalize();

            ScalarOperations.Reduce(h);

            var sm32 = new byte[32];

            Array.Copy(sig, sigoffset + 32, sm32, 0, 32);
            GroupOperations.DoubleScalarMult(out R, h, ref A, sm32);
            GroupOperations.ToBytes(checker, 0, ref R);
            var result = CryptoBytes.ConstantTimeEquals(checker, 0, sig, sigoffset, 32);

            CryptoBytes.Wipe(h);
            CryptoBytes.Wipe(checker);
            return(result);
        }