本文整理汇总了Golang中github.com/yahoo/coname/ed25519/edwards25519.ExtendedGroupElement类的典型用法代码示例。如果您正苦于以下问题:Golang ExtendedGroupElement类的具体用法?Golang ExtendedGroupElement怎么用?Golang ExtendedGroupElement使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了ExtendedGroupElement类的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: Verify
// Verify returns true iff sig is a valid signature of message by publicKey.
func Verify(publicKey *[PublicKeySize]byte, message []byte, sig *[SignatureSize]byte) bool {
if sig[63]&224 != 0 {
return false
}
var A edwards25519.ExtendedGroupElement
if !A.FromBytes(publicKey) {
return false
}
edwards25519.FeNeg(&A.X, &A.X)
edwards25519.FeNeg(&A.T, &A.T)
h := sha512.New()
h.Write(sig[:32])
h.Write(publicKey[:])
h.Write(message)
var digest [64]byte
h.Sum(digest[:0])
var hReduced [32]byte
edwards25519.ScReduce(&hReduced, &digest)
var R edwards25519.ProjectiveGroupElement
var b [32]byte
copy(b[:], sig[32:])
edwards25519.GeDoubleScalarMultVartime(&R, &hReduced, &A, &b)
var checkR [32]byte
R.ToBytes(&checkR)
return subtle.ConstantTimeCompare(sig[:32], checkR[:]) == 1
}示例2: GenerateKey
// GenerateKey generates a public/private key pair using randomness from rand.
func GenerateKey(rand io.Reader) (publicKey *[PublicKeySize]byte, privateKey *[PrivateKeySize]byte, err error) {
privateKey = new([64]byte)
publicKey = new([32]byte)
_, err = io.ReadFull(rand, privateKey[:32])
if err != nil {
return nil, nil, err
}
h := sha512.New()
h.Write(privateKey[:32])
digest := h.Sum(nil)
digest[0] &= 248
digest[31] &= 127
digest[31] |= 64
var A edwards25519.ExtendedGroupElement
var hBytes [32]byte
copy(hBytes[:], digest)
edwards25519.GeScalarMultBase(&A, &hBytes)
A.ToBytes(publicKey)
copy(privateKey[32:], publicKey[:])
return
}示例3: HashToEdwards
// HashToEdwards converts a 256-bit hash output into a point on the Edwards
// curve isomorphic to Curve25519 in a manner that preserves
// collision-resistance. The returned curve points are NOT indistinguishable
// from random even if the hash value is.
// Specifically, first one bit of the hash output is set aside for parity and
// the rest is tuncated and fed into the elligator bijection (which covers half
// of the points on the elliptic curve).
func HashToEdwards(out *edwards25519.ExtendedGroupElement, h *[32]byte) {
hh := *h
bit := hh[31] >> 7
hh[31] &= 127
edwards25519.FeFromBytes(&out.Y, &hh)
representativeToMontgomeryX(&out.X, &out.Y)
montgomeryXToEdwardsY(&out.Y, &out.X)
if ok := out.FromParityAndY(bit, &out.Y); !ok {
panic("HashToEdwards: point not on curve")
}
}示例4: PublicKeyToCurve25519
// PublicKeyToCurve25519 converts an Ed25519 public key into the curve25519
// public key that would be generated from the same private key.
func PublicKeyToCurve25519(curve25519Public *[32]byte, publicKey *[32]byte) bool {
var A edwards25519.ExtendedGroupElement
if !A.FromBytes(publicKey) {
return false
}
// A.Z = 1 as a postcondition of FromBytes.
var x edwards25519.FieldElement
edwardsToMontgomeryX(&x, &A.Y)
edwards25519.FeToBytes(curve25519Public, &x)
return true
}示例5: Compute
func Compute(m []byte, sk *[SecretKeySize]byte) []byte {
x, _ := expandSecret(sk)
var ii edwards25519.ExtendedGroupElement
var iiB [32]byte
edwards25519.GeScalarMult(&ii, x, hashToCurve(m))
ii.ToBytes(&iiB)
hash := sha3.NewShake256()
hash.Write(iiB[:]) // const length: Size
hash.Write(m)
var vrf [Size]byte
hash.Read(vrf[:])
return vrf[:]
}示例6: TestUnmarshalMarshal
func TestUnmarshalMarshal(t *testing.T) {
pk, _, _ := GenerateKey(rand.Reader)
var A edwards25519.ExtendedGroupElement
ret := A.FromBytes(pk)
var pk2 [32]byte
A.ToBytes(&pk2)
if *pk != pk2 {
_ = ret
t.Errorf("FromBytes(%v)->ToBytes not idempotent:\n%x\nbytes:\n\t%x\n\t%x\ndelta: %x\n", ret, A, *pk, pk2, int(pk[31])-int(pk2[31]))
}
}示例7: TestUnmarshalMarshalNegative
func TestUnmarshalMarshalNegative(t *testing.T) {
pk, _, _ := GenerateKey(rand.Reader)
var A edwards25519.ExtendedGroupElement
ret := A.FromBytes(pk)
var pk2 [32]byte
A.ToBytes(&pk2)
pk2[31] ^= 0x80
if *pk == pk2 {
t.Errorf("FromBytes(%v)->flipping sign did not change public key:\n%x\nbytes:\n\t%x\n\t%x\ndelta: %x\n", ret, A, *pk, pk2, int(pk[31])-int(pk2[31]))
}
}示例8: GenerateKey
// GenerateKey creates a public/private key pair. rnd is used for randomness.
// If it is nil, `crypto/rand` is used.
func GenerateKey(rnd io.Reader) (pk []byte, sk *[SecretKeySize]byte, err error) {
if rnd == nil {
rnd = rand.Reader
}
sk = new([SecretKeySize]byte)
_, err = io.ReadFull(rnd, sk[:32])
if err != nil {
return nil, nil, err
}
x, _ := expandSecret(sk)
var pkP edwards25519.ExtendedGroupElement
edwards25519.GeScalarMultBase(&pkP, x)
var pkBytes [PublicKeySize]byte
pkP.ToBytes(&pkBytes)
copy(sk[32:], pkBytes[:])
return pkBytes[:], sk, err
}示例9: Verify
// Verify returns true iff vrf=Compute(m, sk) for the sk that corresponds to pk.
func Verify(pkBytes, m, vrfBytes, proof []byte) bool {
if len(proof) != ProofSize || len(vrfBytes) != Size || len(pkBytes) != PublicKeySize {
return false
}
var pk, c, cRef, t, vrf, iiB, ABytes, BBytes [32]byte
copy(vrf[:], vrfBytes)
copy(pk[:], pkBytes)
copy(c[:32], proof[:32])
copy(t[:32], proof[32:64])
copy(iiB[:], proof[64:96])
hash := sha3.NewShake256()
hash.Write(iiB[:]) // const length
hash.Write(m)
var hCheck [Size]byte
hash.Read(hCheck[:])
if !bytes.Equal(hCheck[:], vrf[:]) {
return false
}
hash.Reset()
var P, B, ii, iic edwards25519.ExtendedGroupElement
var A, hmtP, iicP edwards25519.ProjectiveGroupElement
if !P.FromBytesBaseGroup(&pk) {
return false
}
if !ii.FromBytesBaseGroup(&iiB) {
return false
}
edwards25519.GeDoubleScalarMultVartime(&A, &c, &P, &t)
A.ToBytes(&ABytes)
hm := hashToCurve(m)
edwards25519.GeDoubleScalarMultVartime(&hmtP, &t, hm, &[32]byte{})
edwards25519.GeDoubleScalarMultVartime(&iicP, &c, &ii, &[32]byte{})
iicP.ToExtended(&iic)
hmtP.ToExtended(&B)
edwards25519.GeAdd(&B, &B, &iic)
B.ToBytes(&BBytes)
var cH [64]byte
hash.Write(ABytes[:]) // const length
hash.Write(BBytes[:]) // const length
hash.Write(m)
hash.Read(cH[:])
edwards25519.ScReduce(&cRef, &cH)
return cRef == c
}示例10: Sign
// Sign signs the message with privateKey and returns a signature.
func Sign(privateKey *[PrivateKeySize]byte, message []byte) *[SignatureSize]byte {
h := sha512.New()
h.Write(privateKey[:32])
var digest1, messageDigest, hramDigest [64]byte
var expandedSecretKey [32]byte
h.Sum(digest1[:0])
copy(expandedSecretKey[:], digest1[:])
expandedSecretKey[0] &= 248
expandedSecretKey[31] &= 63
expandedSecretKey[31] |= 64
h.Reset()
h.Write(digest1[32:])
h.Write(message)
h.Sum(messageDigest[:0])
var messageDigestReduced [32]byte
edwards25519.ScReduce(&messageDigestReduced, &messageDigest)
var R edwards25519.ExtendedGroupElement
edwards25519.GeScalarMultBase(&R, &messageDigestReduced)
var encodedR [32]byte
R.ToBytes(&encodedR)
h.Reset()
h.Write(encodedR[:])
h.Write(privateKey[32:])
h.Write(message)
h.Sum(hramDigest[:0])
var hramDigestReduced [32]byte
edwards25519.ScReduce(&hramDigestReduced, &hramDigest)
var s [32]byte
edwards25519.ScMulAdd(&s, &hramDigestReduced, &expandedSecretKey, &messageDigestReduced)
signature := new([64]byte)
copy(signature[:], encodedR[:])
copy(signature[32:], s[:])
return signature
}示例11: Prove
// Prove returns the vrf value and a proof such that Verify(pk, m, vrf, proof)
// == true. The vrf value is the same as returned by Compute(m, sk).
func Prove(m []byte, sk *[SecretKeySize]byte) (vrf, proof []byte) {
x, skhr := expandSecret(sk)
var cH, rH [64]byte
var r, c, minusC, t, grB, hrB, iiB [32]byte
var ii, gr, hr edwards25519.ExtendedGroupElement
hm := hashToCurve(m)
edwards25519.GeScalarMult(&ii, x, hm)
ii.ToBytes(&iiB)
hash := sha3.NewShake256()
hash.Write(skhr[:])
hash.Write(sk[32:]) // public key, as in ed25519
hash.Write(m)
hash.Read(rH[:])
hash.Reset()
edwards25519.ScReduce(&r, &rH)
edwards25519.GeScalarMultBase(&gr, &r)
edwards25519.GeScalarMult(&hr, &r, hm)
gr.ToBytes(&grB)
hr.ToBytes(&hrB)
hash.Write(grB[:])
hash.Write(hrB[:])
hash.Write(m)
hash.Read(cH[:])
hash.Reset()
edwards25519.ScReduce(&c, &cH)
edwards25519.ScNeg(&minusC, &c)
edwards25519.ScMulAdd(&t, x, &minusC, &r)
proof = make([]byte, ProofSize)
copy(proof[:32], c[:])
copy(proof[32:64], t[:])
copy(proof[64:96], iiB[:])
hash.Write(iiB[:]) // const length: Size
hash.Write(m)
vrf = make([]byte, Size)
hash.Read(vrf[:])
return
}示例12: TestHashNoCollisions
func TestHashNoCollisions(t *testing.T) {
type intpair struct {
i int
j uint
}
rainbow := make(map[[32]byte]intpair)
N := 25
if testing.Short() {
N = 3
}
var h [32]byte
// NOTE: hash values 0b100000000000... and 0b00000000000... both map to
// the identity. this is a core part of the elligator function and not a
// collision we need to worry about because an attacker would need to find
// the preimages of these hashes to exploit it.
h[0] = 1
for i := 0; i < N; i++ {
for j := uint(0); j < 257; j++ {
if j < 256 {
h[j>>3] ^= byte(1) << (j & 7)
}
var P edwards25519.ExtendedGroupElement
HashToEdwards(&P, &h)
var p [32]byte
P.ToBytes(&p)
if c, ok := rainbow[p]; ok {
t.Fatalf("found collision: (%d, %d) and (%d, %d)", i, j, c.i, c.j)
}
rainbow[p] = intpair{i, j}
if j < 256 {
h[j>>3] ^= byte(1) << (j & 7)
}
}
hh := sha512.Sum512(h[:]) // this package already imports sha512
copy(h[:], hh[:])
}
}