use of io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedGroupElement in project nem2-sdk-java by nemtech.
the class Ed25519DsaSigner method sign.
@Override
public Signature sign(final byte[] data) {
if (!this.getKeyPair().hasPrivateKey()) {
throw new CryptoException("cannot sign without private key");
}
// Hash the private key to improve randomness.
final byte[] hash = Hashes.sha3_512(this.getKeyPair().getPrivateKey().getBytes());
// r = H(hash_b,...,hash_2b-1, data) where b=256.
final Ed25519EncodedFieldElement r = new Ed25519EncodedFieldElement(Hashes.sha3_512(// only include the last 32 bytes of the private key hash
Arrays.copyOfRange(hash, 32, 64), data));
// Reduce size of r since we are calculating mod group order anyway
final Ed25519EncodedFieldElement rModQ = r.modQ();
// R = rModQ * base point.
final Ed25519GroupElement R = Ed25519Group.BASE_POINT.scalarMultiply(rModQ);
final Ed25519EncodedGroupElement encodedR = R.encode();
// S = (r + H(encodedR, encodedA, data) * a) mod group order where
// encodedR and encodedA are the little endian encodings of the group element R and the public key A and
// a is the lower 32 bytes of hash after clamping.
final Ed25519EncodedFieldElement h = new Ed25519EncodedFieldElement(Hashes.sha3_512(encodedR.getRaw(), this.getKeyPair().getPublicKey().getRaw(), data));
final Ed25519EncodedFieldElement hModQ = h.modQ();
final Ed25519EncodedFieldElement encodedS = hModQ.multiplyAndAddModQ(Ed25519Utils.prepareForScalarMultiply(this.getKeyPair().getPrivateKey()), rModQ);
// Signature is (encodedR, encodedS)
final Signature signature = new Signature(encodedR.getRaw(), encodedS.getRaw());
if (!this.isCanonicalSignature(signature)) {
throw new CryptoException("Generated signature is not canonical");
}
return signature;
}
use of io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedGroupElement in project nem-library by rosklyar.
the class Ed25519DsaSigner method sign.
@Override
public Signature sign(final byte[] data) {
if (!this.getKeyPair().hasPrivateKey()) {
throw new CryptoException("cannot sign without private key");
}
// Hash the private key to improve randomness.
final byte[] hash = Hashes.sha3_512(ArrayUtils.toByteArray(this.getKeyPair().getPrivateKey().getRaw(), 32));
// r = H(hash_b,...,hash_2b-1, data) where b=256.
final Ed25519EncodedFieldElement r = new Ed25519EncodedFieldElement(Hashes.sha3_512(// only include the last 32 bytes of the private key hash
Arrays.copyOfRange(hash, 32, 64), data));
// Reduce size of r since we are calculating mod group order anyway
final Ed25519EncodedFieldElement rModQ = r.modQ();
// R = rModQ * base point.
final Ed25519GroupElement R = Ed25519Group.BASE_POINT.scalarMultiply(rModQ);
final Ed25519EncodedGroupElement encodedR = R.encode();
// S = (r + H(encodedR, encodedA, data) * a) mod group order where
// encodedR and encodedA are the little endian encodings of the group element R and the public key A and
// a is the lower 32 bytes of hash after clamping.
final Ed25519EncodedFieldElement h = new Ed25519EncodedFieldElement(Hashes.sha3_512(encodedR.getRaw(), this.getKeyPair().getPublicKey().getRaw(), data));
final Ed25519EncodedFieldElement hModQ = h.modQ();
final Ed25519EncodedFieldElement encodedS = hModQ.multiplyAndAddModQ(Ed25519Utils.prepareForScalarMultiply(this.getKeyPair().getPrivateKey()), rModQ);
// Signature is (encodedR, encodedS)
final Signature signature = new Signature(encodedR.getRaw(), encodedS.getRaw());
if (!this.isCanonicalSignature(signature)) {
throw new CryptoException("Generated signature is not canonical");
}
return signature;
}
use of io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedGroupElement in project nem2-sdk-java by nemtech.
the class Ed25519BlockCipher method getSharedSecret.
public static byte[] getSharedSecret(final PrivateKey privateKey, final PublicKey publicKey) {
final Ed25519GroupElement senderA = new Ed25519EncodedGroupElement(publicKey.getBytes()).decode();
senderA.precomputeForScalarMultiplication();
return senderA.scalarMultiply(Ed25519Utils.prepareForScalarMultiply(privateKey)).encode().getRaw();
}
use of io.nem.symbol.core.crypto.ed25519.arithmetic.Ed25519EncodedGroupElement in project nem2-sdk-java by nemtech.
the class Ed25519KeyGeneratorTest method derivedPublicKeyIsValidPointOnCurve.
@Test
public void derivedPublicKeyIsValidPointOnCurve() {
// Arrange:
final KeyGenerator generator = this.getKeyGenerator();
for (int i = 0; i < 100; i++) {
final KeyPair kp = generator.generateKeyPair();
// Act:
final PublicKey publicKey = generator.derivePublicKey(kp.getPrivateKey());
// Assert (throws if not on the curve):
Ed25519GroupElement decode = new Ed25519EncodedGroupElement(publicKey.getBytes()).decode();
Assertions.assertNotNull(decode);
}
}
Aggregations