|
|
@ -1,3 +1,4 @@ |
|
|
|
|
|
|
|
#include <memory> |
|
|
|
#include <cryptopp/integer.h> |
|
|
|
#include <cryptopp/integer.h> |
|
|
|
#include <cryptopp/eccrypto.h> |
|
|
|
#include <cryptopp/eccrypto.h> |
|
|
|
#include "Log.h" |
|
|
|
#include "Log.h" |
|
|
@ -18,11 +19,22 @@ namespace crypto |
|
|
|
// 2^252 + 27742317777372353535851937790883648493
|
|
|
|
// 2^252 + 27742317777372353535851937790883648493
|
|
|
|
d = CryptoPP::Integer (-121665) * CryptoPP::Integer (121666).InverseMod (q); // -121665/121666
|
|
|
|
d = CryptoPP::Integer (-121665) * CryptoPP::Integer (121666).InverseMod (q); // -121665/121666
|
|
|
|
I = a_exp_b_mod_c (CryptoPP::Integer::Two (), (q - CryptoPP::Integer::One ()).DividedBy (4), q); |
|
|
|
I = a_exp_b_mod_c (CryptoPP::Integer::Two (), (q - CryptoPP::Integer::One ()).DividedBy (4), q); |
|
|
|
|
|
|
|
B = DecodePoint (CryptoPP::Integer (4)*CryptoPP::Integer (5).InverseMod (q)); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CryptoPP::ECP::Point DecodePublicKey (const uint8_t * key) const |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
return DecodePoint (CryptoPP::Integer (key, 32)); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CryptoPP::ECP::Point GeneratePublicKey (const uint8_t * privateKey) const |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
return Mul (B, CryptoPP::Integer (privateKey, 32)); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private: |
|
|
|
private: |
|
|
|
|
|
|
|
|
|
|
|
CryptoPP::ECP::Point Sum (const CryptoPP::ECP::Point& p1, const CryptoPP::ECP::Point& p2) |
|
|
|
CryptoPP::ECP::Point Sum (const CryptoPP::ECP::Point& p1, const CryptoPP::ECP::Point& p2) const |
|
|
|
{ |
|
|
|
{ |
|
|
|
CryptoPP::Integer m = d*p1.x*p2.x*p1.y*p2.y, |
|
|
|
CryptoPP::Integer m = d*p1.x*p2.x*p1.y*p2.y, |
|
|
|
x = a_times_b_mod_c (p1.x*p2.y + p2.x*p1.y, (CryptoPP::Integer::One() + m).InverseMod (q), q), |
|
|
|
x = a_times_b_mod_c (p1.x*p2.y + p2.x*p1.y, (CryptoPP::Integer::One() + m).InverseMod (q), q), |
|
|
@ -30,7 +42,7 @@ namespace crypto |
|
|
|
return CryptoPP::ECP::Point {x, y}; |
|
|
|
return CryptoPP::ECP::Point {x, y}; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
CryptoPP::ECP::Point Mul (const CryptoPP::ECP::Point& p, const CryptoPP::Integer& e) |
|
|
|
CryptoPP::ECP::Point Mul (const CryptoPP::ECP::Point& p, const CryptoPP::Integer& e) const |
|
|
|
{ |
|
|
|
{ |
|
|
|
CryptoPP::ECP::Point res {0, 1}; |
|
|
|
CryptoPP::ECP::Point res {0, 1}; |
|
|
|
if (!e.IsZero ()) |
|
|
|
if (!e.IsZero ()) |
|
|
@ -45,13 +57,13 @@ namespace crypto |
|
|
|
return res; |
|
|
|
return res; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
bool IsOnCurve (const CryptoPP::ECP::Point& p) |
|
|
|
bool IsOnCurve (const CryptoPP::ECP::Point& p) const |
|
|
|
{ |
|
|
|
{ |
|
|
|
auto x2 = p.x.Squared(), y2 = p.y.Squared (); |
|
|
|
auto x2 = p.x.Squared(), y2 = p.y.Squared (); |
|
|
|
return (y2 - x2 - CryptoPP::Integer::One() - d*x2*y2).Modulo (q).IsZero (); |
|
|
|
return (y2 - x2 - CryptoPP::Integer::One() - d*x2*y2).Modulo (q).IsZero (); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
CryptoPP::Integer RecoverX (const CryptoPP::Integer& y) |
|
|
|
CryptoPP::Integer RecoverX (const CryptoPP::Integer& y) const |
|
|
|
{ |
|
|
|
{ |
|
|
|
auto y2 = y.Squared (); |
|
|
|
auto y2 = y.Squared (); |
|
|
|
auto xx = (y2 - CryptoPP::Integer::One())*(d*y2 + CryptoPP::Integer::One()).InverseMod (q); |
|
|
|
auto xx = (y2 - CryptoPP::Integer::One())*(d*y2 + CryptoPP::Integer::One()).InverseMod (q); |
|
|
@ -62,7 +74,7 @@ namespace crypto |
|
|
|
return x; |
|
|
|
return x; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
CryptoPP::ECP::Point DecodePoint (const CryptoPP::Integer& y) |
|
|
|
CryptoPP::ECP::Point DecodePoint (const CryptoPP::Integer& y) const |
|
|
|
{ |
|
|
|
{ |
|
|
|
auto x = RecoverX (y); |
|
|
|
auto x = RecoverX (y); |
|
|
|
CryptoPP::ECP::Point p {x, y}; |
|
|
|
CryptoPP::ECP::Point p {x, y}; |
|
|
@ -77,12 +89,32 @@ namespace crypto |
|
|
|
private: |
|
|
|
private: |
|
|
|
|
|
|
|
|
|
|
|
CryptoPP::Integer q, l, d, I; |
|
|
|
CryptoPP::Integer q, l, d, I; |
|
|
|
|
|
|
|
CryptoPP::ECP::Point B; // base point
|
|
|
|
}; |
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static std::unique_ptr<Ed25519> g_Ed25519; |
|
|
|
|
|
|
|
std::unique_ptr<Ed25519>& GetEd25519 () |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
if (!g_Ed25519) |
|
|
|
|
|
|
|
g_Ed25519.reset (new Ed25519 ()); |
|
|
|
|
|
|
|
return g_Ed25519; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EDDSA25519Verifier::EDDSA25519Verifier (const uint8_t * signingKey): |
|
|
|
|
|
|
|
m_PublicKey (GetEd25519 ()->DecodePublicKey (signingKey)) |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
bool EDDSA25519Verifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const |
|
|
|
bool EDDSA25519Verifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const |
|
|
|
{ |
|
|
|
{ |
|
|
|
return true; // TODO:
|
|
|
|
return true; // TODO:
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void EDDSA25519Signer::Sign (CryptoPP::RandomNumberGenerator& rnd, const uint8_t * buf, int len, uint8_t * signature) const |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
// TODO
|
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|