本文整理汇总了Golang中github.com/yahoo/coname/ed25519/edwards25519.ExtendedGroupElement.ToBytes方法的典型用法代码示例。如果您正苦于以下问题:Golang ExtendedGroupElement.ToBytes方法的具体用法?Golang ExtendedGroupElement.ToBytes怎么用?Golang ExtendedGroupElement.ToBytes使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类github.com/yahoo/coname/ed25519/edwards25519.ExtendedGroupElement的用法示例。
在下文中一共展示了ExtendedGroupElement.ToBytes方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: GenerateKey
// GenerateKey generates a public/private key pair using randomness from rand.
func GenerateKey(rand io.Reader) (publicKey *[PublicKeySize]byte, privateKey *[PrivateKeySize]byte, err error) {
privateKey = new([64]byte)
publicKey = new([32]byte)
_, err = io.ReadFull(rand, privateKey[:32])
if err != nil {
return nil, nil, err
}
h := sha512.New()
h.Write(privateKey[:32])
digest := h.Sum(nil)
digest[0] &= 248
digest[31] &= 127
digest[31] |= 64
var A edwards25519.ExtendedGroupElement
var hBytes [32]byte
copy(hBytes[:], digest)
edwards25519.GeScalarMultBase(&A, &hBytes)
A.ToBytes(publicKey)
copy(privateKey[32:], publicKey[:])
return
}示例2: Compute
func Compute(m []byte, sk *[SecretKeySize]byte) []byte {
x, _ := expandSecret(sk)
var ii edwards25519.ExtendedGroupElement
var iiB [32]byte
edwards25519.GeScalarMult(&ii, x, hashToCurve(m))
ii.ToBytes(&iiB)
hash := sha3.NewShake256()
hash.Write(iiB[:]) // const length: Size
hash.Write(m)
var vrf [Size]byte
hash.Read(vrf[:])
return vrf[:]
}示例3: TestUnmarshalMarshal
func TestUnmarshalMarshal(t *testing.T) {
pk, _, _ := GenerateKey(rand.Reader)
var A edwards25519.ExtendedGroupElement
ret := A.FromBytes(pk)
var pk2 [32]byte
A.ToBytes(&pk2)
if *pk != pk2 {
_ = ret
t.Errorf("FromBytes(%v)->ToBytes not idempotent:\n%x\nbytes:\n\t%x\n\t%x\ndelta: %x\n", ret, A, *pk, pk2, int(pk[31])-int(pk2[31]))
}
}示例4: TestUnmarshalMarshalNegative
func TestUnmarshalMarshalNegative(t *testing.T) {
pk, _, _ := GenerateKey(rand.Reader)
var A edwards25519.ExtendedGroupElement
ret := A.FromBytes(pk)
var pk2 [32]byte
A.ToBytes(&pk2)
pk2[31] ^= 0x80
if *pk == pk2 {
t.Errorf("FromBytes(%v)->flipping sign did not change public key:\n%x\nbytes:\n\t%x\n\t%x\ndelta: %x\n", ret, A, *pk, pk2, int(pk[31])-int(pk2[31]))
}
}示例5: Verify
// Verify returns true iff vrf=Compute(m, sk) for the sk that corresponds to pk.
func Verify(pkBytes, m, vrfBytes, proof []byte) bool {
if len(proof) != ProofSize || len(vrfBytes) != Size || len(pkBytes) != PublicKeySize {
return false
}
var pk, c, cRef, t, vrf, iiB, ABytes, BBytes [32]byte
copy(vrf[:], vrfBytes)
copy(pk[:], pkBytes)
copy(c[:32], proof[:32])
copy(t[:32], proof[32:64])
copy(iiB[:], proof[64:96])
hash := sha3.NewShake256()
hash.Write(iiB[:]) // const length
hash.Write(m)
var hCheck [Size]byte
hash.Read(hCheck[:])
if !bytes.Equal(hCheck[:], vrf[:]) {
return false
}
hash.Reset()
var P, B, ii, iic edwards25519.ExtendedGroupElement
var A, hmtP, iicP edwards25519.ProjectiveGroupElement
if !P.FromBytesBaseGroup(&pk) {
return false
}
if !ii.FromBytesBaseGroup(&iiB) {
return false
}
edwards25519.GeDoubleScalarMultVartime(&A, &c, &P, &t)
A.ToBytes(&ABytes)
hm := hashToCurve(m)
edwards25519.GeDoubleScalarMultVartime(&hmtP, &t, hm, &[32]byte{})
edwards25519.GeDoubleScalarMultVartime(&iicP, &c, &ii, &[32]byte{})
iicP.ToExtended(&iic)
hmtP.ToExtended(&B)
edwards25519.GeAdd(&B, &B, &iic)
B.ToBytes(&BBytes)
var cH [64]byte
hash.Write(ABytes[:]) // const length
hash.Write(BBytes[:]) // const length
hash.Write(m)
hash.Read(cH[:])
edwards25519.ScReduce(&cRef, &cH)
return cRef == c
}示例6: GenerateKey
// GenerateKey creates a public/private key pair. rnd is used for randomness.
// If it is nil, `crypto/rand` is used.
func GenerateKey(rnd io.Reader) (pk []byte, sk *[SecretKeySize]byte, err error) {
if rnd == nil {
rnd = rand.Reader
}
sk = new([SecretKeySize]byte)
_, err = io.ReadFull(rnd, sk[:32])
if err != nil {
return nil, nil, err
}
x, _ := expandSecret(sk)
var pkP edwards25519.ExtendedGroupElement
edwards25519.GeScalarMultBase(&pkP, x)
var pkBytes [PublicKeySize]byte
pkP.ToBytes(&pkBytes)
copy(sk[32:], pkBytes[:])
return pkBytes[:], sk, err
}示例7: Sign
// Sign signs the message with privateKey and returns a signature.
func Sign(privateKey *[PrivateKeySize]byte, message []byte) *[SignatureSize]byte {
h := sha512.New()
h.Write(privateKey[:32])
var digest1, messageDigest, hramDigest [64]byte
var expandedSecretKey [32]byte
h.Sum(digest1[:0])
copy(expandedSecretKey[:], digest1[:])
expandedSecretKey[0] &= 248
expandedSecretKey[31] &= 63
expandedSecretKey[31] |= 64
h.Reset()
h.Write(digest1[32:])
h.Write(message)
h.Sum(messageDigest[:0])
var messageDigestReduced [32]byte
edwards25519.ScReduce(&messageDigestReduced, &messageDigest)
var R edwards25519.ExtendedGroupElement
edwards25519.GeScalarMultBase(&R, &messageDigestReduced)
var encodedR [32]byte
R.ToBytes(&encodedR)
h.Reset()
h.Write(encodedR[:])
h.Write(privateKey[32:])
h.Write(message)
h.Sum(hramDigest[:0])
var hramDigestReduced [32]byte
edwards25519.ScReduce(&hramDigestReduced, &hramDigest)
var s [32]byte
edwards25519.ScMulAdd(&s, &hramDigestReduced, &expandedSecretKey, &messageDigestReduced)
signature := new([64]byte)
copy(signature[:], encodedR[:])
copy(signature[32:], s[:])
return signature
}示例8: TestHashNoCollisions
func TestHashNoCollisions(t *testing.T) {
type intpair struct {
i int
j uint
}
rainbow := make(map[[32]byte]intpair)
N := 25
if testing.Short() {
N = 3
}
var h [32]byte
// NOTE: hash values 0b100000000000... and 0b00000000000... both map to
// the identity. this is a core part of the elligator function and not a
// collision we need to worry about because an attacker would need to find
// the preimages of these hashes to exploit it.
h[0] = 1
for i := 0; i < N; i++ {
for j := uint(0); j < 257; j++ {
if j < 256 {
h[j>>3] ^= byte(1) << (j & 7)
}
var P edwards25519.ExtendedGroupElement
HashToEdwards(&P, &h)
var p [32]byte
P.ToBytes(&p)
if c, ok := rainbow[p]; ok {
t.Fatalf("found collision: (%d, %d) and (%d, %d)", i, j, c.i, c.j)
}
rainbow[p] = intpair{i, j}
if j < 256 {
h[j>>3] ^= byte(1) << (j & 7)
}
}
hh := sha512.Sum512(h[:]) // this package already imports sha512
copy(h[:], hh[:])
}
}示例9: Prove
// Prove returns the vrf value and a proof such that Verify(pk, m, vrf, proof)
// == true. The vrf value is the same as returned by Compute(m, sk).
func Prove(m []byte, sk *[SecretKeySize]byte) (vrf, proof []byte) {
x, skhr := expandSecret(sk)
var cH, rH [64]byte
var r, c, minusC, t, grB, hrB, iiB [32]byte
var ii, gr, hr edwards25519.ExtendedGroupElement
hm := hashToCurve(m)
edwards25519.GeScalarMult(&ii, x, hm)
ii.ToBytes(&iiB)
hash := sha3.NewShake256()
hash.Write(skhr[:])
hash.Write(sk[32:]) // public key, as in ed25519
hash.Write(m)
hash.Read(rH[:])
hash.Reset()
edwards25519.ScReduce(&r, &rH)
edwards25519.GeScalarMultBase(&gr, &r)
edwards25519.GeScalarMult(&hr, &r, hm)
gr.ToBytes(&grB)
hr.ToBytes(&hrB)
hash.Write(grB[:])
hash.Write(hrB[:])
hash.Write(m)
hash.Read(cH[:])
hash.Reset()
edwards25519.ScReduce(&c, &cH)
edwards25519.ScNeg(&minusC, &c)
edwards25519.ScMulAdd(&t, x, &minusC, &r)
proof = make([]byte, ProofSize)
copy(proof[:32], c[:])
copy(proof[32:64], t[:])
copy(proof[64:96], iiB[:])
hash.Write(iiB[:]) // const length: Size
hash.Write(m)
vrf = make([]byte, Size)
hash.Read(vrf[:])
return
}