Search in sources :

Example 1 with Ed25519EncodedFieldElement

use of io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement in project nem2-sdk-java by nemtech.

the class Ed25519DsaSigner method makeSignatureCanonical.

@Override
public Signature makeSignatureCanonical(final Signature signature) {
    final Ed25519EncodedFieldElement s = new Ed25519EncodedFieldElement(Arrays.copyOf(signature.getBinaryS(), 64));
    final Ed25519EncodedFieldElement sModQ = s.modQ();
    return new Signature(signature.getBinaryR(), sModQ.getRaw());
}
Also used : Ed25519EncodedFieldElement(io.nem.core.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement)

Example 2 with Ed25519EncodedFieldElement

use of io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement in project nem2-sdk-java by nemtech.

the class Ed25519KeyGenerator method derivePublicKey.

@Override
public PublicKey derivePublicKey(final PrivateKey privateKey) {
    final Ed25519EncodedFieldElement a = Ed25519Utils.prepareForScalarMultiply(privateKey);
    // a * base point is the public key.
    final Ed25519GroupElement pubKey = Ed25519Group.BASE_POINT.scalarMultiply(a);
    // a suitable table of group elements.
    return new PublicKey(pubKey.encode().getRaw());
}
Also used : Ed25519EncodedFieldElement(io.nem.core.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement) Ed25519GroupElement(io.nem.core.crypto.ed25519.arithmetic.Ed25519GroupElement)

Example 3 with Ed25519EncodedFieldElement

use of io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement in project nem2-sdk-java by nemtech.

the class Ed25519DsaSigner method verify.

@Override
public boolean verify(final byte[] data, final Signature signature) {
    if (!this.isCanonicalSignature(signature)) {
        return false;
    }
    if (1 == ArrayUtils.isEqualConstantTime(this.getKeyPair().getPublicKey().getRaw(), new byte[32])) {
        return false;
    }
    // h = H(encodedR, encodedA, data).
    final byte[] rawEncodedR = signature.getBinaryR();
    final byte[] rawEncodedA = this.getKeyPair().getPublicKey().getRaw();
    final Ed25519EncodedFieldElement h = new Ed25519EncodedFieldElement(Hashes.sha3_512(rawEncodedR, rawEncodedA, data));
    // hReduced = h mod group order
    final Ed25519EncodedFieldElement hModQ = h.modQ();
    // Must compute A.
    final Ed25519GroupElement A = new Ed25519EncodedGroupElement(rawEncodedA).decode();
    A.precomputeForDoubleScalarMultiplication();
    // R = encodedS * B - H(encodedR, encodedA, data) * A
    final Ed25519GroupElement calculatedR = Ed25519Group.BASE_POINT.doubleScalarMultiplyVariableTime(A, hModQ, new Ed25519EncodedFieldElement(signature.getBinaryS()));
    // Compare calculated R to given R.
    final byte[] encodedCalculatedR = calculatedR.encode().getRaw();
    final int result = ArrayUtils.isEqualConstantTime(encodedCalculatedR, rawEncodedR);
    return 1 == result;
}
Also used : Ed25519EncodedFieldElement(io.nem.core.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement) Ed25519GroupElement(io.nem.core.crypto.ed25519.arithmetic.Ed25519GroupElement) Ed25519EncodedGroupElement(io.nem.core.crypto.ed25519.arithmetic.Ed25519EncodedGroupElement)

Example 4 with Ed25519EncodedFieldElement

use of io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement in project nem2-sdk-java by nemtech.

the class Ed25519DsaSigner method sign.

@Override
@SuppressWarnings("squid:S00117")
public Signature sign(final byte[] data) {
    if (!this.getKeyPair().hasPrivateKey()) {
        throw new CryptoException("cannot sign without private key");
    }
    Hasher hasher32 = Hashes::sha512;
    Hasher hasher64 = Hashes::sha512;
    // Hash the private key to improve randomness.
    final byte[] hash = hasher32.hash(this.getKeyPair().getPrivateKey().getBytes());
    // r = H(hash_b,...,hash_2b-1, data) where b=256.
    final Ed25519EncodedFieldElement r = new Ed25519EncodedFieldElement(hasher64.hash(// only
    Arrays.copyOfRange(hash, 32, 64), // key hash
    data));
    // Reduce size of r since we are calculating mod group order anyway
    final Ed25519EncodedFieldElement rModQ = r.modQ();
    // R = rModQ * base point.
    final Ed25519GroupElement R = Ed25519Group.BASE_POINT.scalarMultiply(rModQ);
    final Ed25519EncodedGroupElement encodedR = R.encode();
    // S = (r + H(encodedR, encodedA, data) * a) mod group order where
    // encodedR and encodedA are the little endian encodings of the group element R
    // and the
    // public
    // key A and
    // a is the lower 32 bytes of hash after clamping.
    final Ed25519EncodedFieldElement h = new Ed25519EncodedFieldElement(hasher64.hash(encodedR.getRaw(), this.getKeyPair().getPublicKey().getBytes(), data));
    final Ed25519EncodedFieldElement hModQ = h.modQ();
    final Ed25519EncodedFieldElement encodedS = hModQ.multiplyAndAddModQ(Ed25519Utils.prepareForScalarMultiply(this.getKeyPair().getPrivateKey()), rModQ);
    // Signature is (encodedR, encodedS)
    final Signature signature = new Signature(encodedR.getRaw(), encodedS.getRaw());
    if (!this.isCanonicalSignature(signature)) {
        throw new CryptoException("Generated signature is not canonical");
    }
    return signature;
}
Also used : Hasher(io.nem.symbol.core.crypto.Hasher) Signature(io.nem.symbol.core.crypto.Signature) Ed25519EncodedFieldElement(io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement) Ed25519GroupElement(io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519GroupElement) CryptoException(io.nem.symbol.core.crypto.CryptoException) Ed25519EncodedGroupElement(io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedGroupElement)

Example 5 with Ed25519EncodedFieldElement

use of io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement in project nem2-sdk-java by nemtech.

the class Ed25519DsaSigner method verify.

@Override
public boolean verify(final byte[] data, final Signature signature) {
    if (!this.isCanonicalSignature(signature)) {
        return false;
    }
    if (1 == ArrayUtils.isEqualConstantTime(this.getKeyPair().getPublicKey().getBytes(), new byte[32])) {
        return false;
    }
    Hasher hasher64 = Hashes::sha512;
    // h = H(encodedR, encodedA, data).
    final byte[] rawEncodedR = signature.getBinaryR();
    final byte[] rawEncodedA = this.getKeyPair().getPublicKey().getBytes();
    final Ed25519EncodedFieldElement h = new Ed25519EncodedFieldElement(hasher64.hash(rawEncodedR, rawEncodedA, data));
    // hReduced = h mod group order
    final Ed25519EncodedFieldElement hModQ = h.modQ();
    // Must compute A.
    final Ed25519GroupElement a = new Ed25519EncodedGroupElement(rawEncodedA).decode();
    a.precomputeForDoubleScalarMultiplication();
    // R = encodedS * B - H(encodedR, encodedA, data) * A
    final Ed25519GroupElement calculatedR = Ed25519Group.BASE_POINT.doubleScalarMultiplyVariableTime(a, hModQ, new Ed25519EncodedFieldElement(signature.getBinaryS()));
    // Compare calculated R to given R.
    final byte[] encodedCalculatedR = calculatedR.encode().getRaw();
    final int result = ArrayUtils.isEqualConstantTime(encodedCalculatedR, rawEncodedR);
    return 1 == result;
}
Also used : Hasher(io.nem.symbol.core.crypto.Hasher) Ed25519EncodedFieldElement(io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement) Ed25519GroupElement(io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519GroupElement) Ed25519EncodedGroupElement(io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedGroupElement)

Aggregations

Ed25519EncodedFieldElement (io.nem.core.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement)4 Ed25519EncodedFieldElement (io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement)4 Ed25519GroupElement (io.nem.core.crypto.ed25519.arithmetic.Ed25519GroupElement)3 Ed25519GroupElement (io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519GroupElement)3 Ed25519EncodedFieldElement (com.github.rosklyar.crypto.ed25519.arithmetic.Ed25519EncodedFieldElement)2 Ed25519GroupElement (com.github.rosklyar.crypto.ed25519.arithmetic.Ed25519GroupElement)2 Ed25519EncodedGroupElement (io.nem.core.crypto.ed25519.arithmetic.Ed25519EncodedGroupElement)2 Hasher (io.nem.symbol.core.crypto.Hasher)2 Signature (io.nem.symbol.core.crypto.Signature)2 Ed25519EncodedGroupElement (io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedGroupElement)2 CryptoException (com.github.rosklyar.crypto.CryptoException)1 PublicKey (com.github.rosklyar.crypto.PublicKey)1 Signature (com.github.rosklyar.crypto.Signature)1 Ed25519EncodedGroupElement (com.github.rosklyar.crypto.ed25519.arithmetic.Ed25519EncodedGroupElement)1 CryptoException (io.nem.symbol.core.crypto.CryptoException)1 PublicKey (io.nem.symbol.core.crypto.PublicKey)1