示例#1
0
        public static int uxed25519_sign(ISha512 sha512provider,
                                         byte[] signature_out,
                                         byte[] curve25519_privkey,
                                         byte[] msg, int msg_len,
                                         byte[] random)
        {
            // just return -1 as this shouldn't be used
            return(-1);

            byte[] a    = new byte[32];
            byte[] aneg = new byte[32];
            byte[] A    = new byte[32];

            Ge_p3 Bu = new Ge_p3();
            Ge_p3 ed_pubkey_point = new Ge_p3();

            byte[] sigbuf   = new byte[crypto_additions.MAX_MSG_LEN + 160]; /* working buffer */
            byte   sign_bit = 0;

            if (msg_len > crypto_additions.MAX_MSG_LEN)
            {
                //memset(signature_out, 0, 96);
                return(-1);
            }

            /* Convert the Curve25519 privkey to an Ed25519 public key */
            Ge_scalarmult_base.ge_scalarmult_base(ed_pubkey_point, curve25519_privkey);
            Ge_p3_tobytes.ge_p3_tobytes(A, ed_pubkey_point);

            /* Force Edwards sign bit to zero */
            sign_bit = (byte)((A[31] & 0x80) >> 7);
            Array.Copy(curve25519_privkey, 0, a, 0, 32);
            Sc_neg.sc_neg(aneg, a);
            Sc_cmov.sc_cmov(a, aneg, sign_bit);
            A[31] &= 0x7F;

            //Elligator.calculate_Bv_and_V(sha512provider, Bu, signature_out, sigbuf, a, msg, msg_len);

            /* Perform an Ed25519 signature with explicit private key */
            usign_modified.crypto_usign_modified(sha512provider, sigbuf, msg, msg_len, a, A, random, Bu, signature_out /*U*/);
            Array.Copy(sigbuf, 0, signature_out, 32, 64);

            Zeroize.zeroize(a, 32);
            return(0);
        }
示例#2
0
        public static int xed25519_sign(ISha512 sha512provider,
                                        byte[] signature_out,
                                        byte[] curve25519_privkey,
                                        byte[] msg, int msg_len,
                                        byte[] random)
        {
            byte[] a               = new byte[32];
            byte[] A               = new byte[32];
            byte[] aneg            = new byte[32];
            Ge_p3  ed_pubkey_point = new Ge_p3();

            // see link below
            byte[] sigbuf   = new byte[msg_len + 128]; /* working buffer */
            byte   sign_bit = 0;

            // this should be different but whatever
            // https://github.com/WhisperSystems/curve25519-java/commit/2f388f601afdac6a78a19ced2f0629da1ff9800f#diff-6e488e4e28814b3fa524b6781fcaf912R19
            //if (msg_len > crypto_additions.MAX_MSG_LEN)
            //{
            //    //memset(signature_out, 0, 64);
            //    return -1;
            //}

            /* Convert the Curve25519 privkey to an Ed25519 public key */
            Ge_scalarmult_base.ge_scalarmult_base(ed_pubkey_point, curve25519_privkey);
            Ge_p3_tobytes.ge_p3_tobytes(A, ed_pubkey_point);

            /* Force Edwards sign bit to zero */
            sign_bit = (byte)((A[31] & 0x80) >> 7);
            Array.Copy(curve25519_privkey, 0, a, 0, 32);
            Sc_neg.sc_neg(aneg, a);
            Sc_cmov.sc_cmov(a, aneg, sign_bit);
            A[31] &= 0x7F;

            /* Perform an Ed25519 signature with explicit private key */
            sign_modified.crypto_sign_modified(sha512provider, sigbuf, msg, msg_len, a, A, random);
            Array.Copy(sigbuf, 0, signature_out, 0, 64);

            Zeroize.zeroize(a, 32);
            Zeroize.zeroize(aneg, 32);
            return(0);
        }