d9/d9a/_edwards448_8cs_source.html

using System;

using System.Globalization;

using System.IO;

using System.Numerics;

using System.Text;

using Waher.Runtime.Temporary;

using Waher.Security.SHA3;


namespace Waher.Security.EllipticCurves

{

    public class Edwards448 : EdwardsCurve

    {

        private static readonly BigInteger p0 = BigInteger.Pow(2, 448) - BigInteger.Pow(2, 224) - 1;

        private static readonly BigInteger d0 = p0 - 39081;

        private static readonly BigInteger n0 = BigInteger.Pow(2, 446) - BigInteger.Parse("008335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d", NumberStyles.HexNumber);

        private static readonly BigInteger BasePointX = BigInteger.Parse("224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710");

        private static readonly BigInteger BasePointY = BigInteger.Parse("298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660");

        private readonly SHAKE256 shake256_114;

        private readonly bool hashSecret;


        public Edwards448()

            : this(null, true)

        {

        }


        public Edwards448(byte[] Secret)

            : this(Secret, true)

        {

        }


        public Edwards448(byte[] Secret, bool HashSecret)

            : base(p0, new PointOnCurve(BasePointX, BasePointY), d0, n0, 4, Secret)

        {

            this.shake256_114 = new SHAKE256(114 << 3);

            this.hashSecret = HashSecret;

        }


        public override string CurveName => "Edwards448";


        protected override BigInteger D => d;


        public override int CoordinateBits => 447;


        public override Tuple<byte[], byte[]> CalculatePrivateKey(byte[] Secret)

        {

            byte[] Bin = this.shake256_114.ComputeVariable(Secret);

            byte[] AdditionalInfo = new byte[57];

            byte[] PrivateKey = new byte[57];


            if (this.hashSecret)

                Array.Copy(Bin, 0, PrivateKey, 0, 57);

            else

                Array.Copy(Secret, 0, PrivateKey, 0, Math.Min(57, Secret.Length));


            Array.Copy(Bin, 57, AdditionalInfo, 0, 57);


            PrivateKey[0] &= 0xfc;

            PrivateKey[55] |= 0x80;

            PrivateKey[56] = 0;


            return new Tuple<byte[], byte[]>(PrivateKey, AdditionalInfo);

        }


        public override byte[] Sign(byte[] Data)

        {

            return EdDSA.Sign(Data, this.PrivateKey, this.AdditionalInfo, this.H_dom4, this);

        }


        public override byte[] Sign(Stream Data)

        {

            return EdDSA.Sign(Data, this.PrivateKey, this.AdditionalInfo, this.H_dom4, this);

        }


        public override bool Verify(byte[] Data, byte[] PublicKey, byte[] Signature)

        {

            return EdDSA.Verify(Data, PublicKey, this.H_dom4, this, Signature);

        }


        public override bool Verify(Stream Data, byte[] PublicKey, byte[] Signature)

        {

            return EdDSA.Verify(Data, PublicKey, this.H_dom4, this, Signature);

        }


        private byte[] H_dom4(byte[] Data)

        {

            int c = Data.Length;

            byte[] Bin = new byte[10 + c];


            Array.Copy(preamble, 0, Bin, 0, 8);

            Bin[8] = 0;                         // x=phflag=0

            Bin[9] = 0;                         // y=context=empty string

            Array.Copy(Data, 0, Bin, 10, c);


            return this.shake256_114.ComputeVariable(Bin);

        }


        private byte[] H_dom4(Stream Data)

        {

            using (TemporaryStream TempFile = new TemporaryStream())

            {

                TempFile.Write(preamble, 0, 8);

                TempFile.WriteByte(0);              // x=phflag=0

                TempFile.WriteByte(0);              // y=context=empty string


                Data.Position = 0;

                Data.CopyTo(TempFile);


                TempFile.Position = 0;

                return this.shake256_114.ComputeVariable(TempFile);

            }

        }


        private static readonly byte[] preamble = Encoding.ASCII.GetBytes("SigEd448");


    }

}

Waher.Runtime.Temporary.TemporaryStream
Manages a temporary stream. Contents is kept in-memory, if below a memory threshold,...
Definition: TemporaryStream.cs:14

Waher.Runtime.Temporary.TemporaryStream.Write
override void Write(byte[] buffer, int offset, int count)
When overridden in a derived class, writes a sequence of bytes to the current stream and advances the...
Definition: TemporaryStream.cs:275

Waher.Runtime.Temporary.TemporaryStream.WriteByte
override void WriteByte(byte value)
Writes a byte to the current position in the stream and advances the position within the stream by on...
Definition: TemporaryStream.cs:307

Waher.Security.EllipticCurves.EdDSA
Implements the Edwards curve Digital Signature Algorithm (EdDSA), as defined in RFC 8032....
Definition: EdDSA.cs:13

Waher.Security.EllipticCurves.EdDSA.Sign
static byte[] Sign(byte[] Data, byte[] PrivateKey, byte[] Prefix, HashFunctionArray HashFunction, EdwardsCurveBase Curve)
Signs data using the EdDSA algorithm.
Definition: EdDSA.cs:23

Waher.Security.EllipticCurves.EdDSA.Verify
static bool Verify(byte[] Data, byte[] PublicKey, HashFunctionArray HashFunction, EdwardsCurveBase Curve, byte[] Signature)
Verifies a signature of Data  made by the EdDSA algorithm.
Definition: EdDSA.cs:200

Waher.Security.EllipticCurves.Edwards448
Edwards448 Elliptic Curve, as defined in RFC7748 and RFC8032: https://tools.ietf.org/html/rfc7748 htt...
Definition: Edwards448.cs:17

Waher.Security.EllipticCurves.Edwards448.CalculatePrivateKey
override Tuple< byte[], byte[]> CalculatePrivateKey(byte[] Secret)
Calculates a private key from a secret.
Definition: Edwards448.cs:81

Waher.Security.EllipticCurves.Edwards448.Verify
override bool Verify(Stream Data, byte[] PublicKey, byte[] Signature)
Verifies a signature of Data  made by the EdDSA algorithm.
Definition: Edwards448.cs:141

Waher.Security.EllipticCurves.Edwards448.Edwards448
Edwards448(byte[] Secret)
Edwards448 Elliptic Curve, as defined in RFC7748 and RFC8032: https://tools.ietf.org/html/rfc7748 htt...
Definition: Edwards448.cs:42

Waher.Security.EllipticCurves.Edwards448.D
override BigInteger D
d coefficient of Edwards curve.
Definition: Edwards448.cs:69

Waher.Security.EllipticCurves.Edwards448.Verify
override bool Verify(byte[] Data, byte[] PublicKey, byte[] Signature)
Verifies a signature of Data  made by the EdDSA algorithm.
Definition: Edwards448.cs:129

Waher.Security.EllipticCurves.Edwards448.Sign
override byte[] Sign(byte[] Data)
Creates a signature of Data  using the EdDSA algorithm.
Definition: Edwards448.cs:106

Waher.Security.EllipticCurves.Edwards448.Sign
override byte[] Sign(Stream Data)
Creates a signature of Data  using the EdDSA algorithm.
Definition: Edwards448.cs:117

Waher.Security.EllipticCurves.Edwards448.Edwards448
Edwards448()
Edwards448 Elliptic Curve, as defined in RFC7748 and RFC8032: https://tools.ietf.org/html/rfc7748 htt...
Definition: Edwards448.cs:31

Waher.Security.EllipticCurves.Edwards448.Edwards448
Edwards448(byte[] Secret, bool HashSecret)
Edwards448 Elliptic Curve, as defined in RFC7748 and RFC8032: https://tools.ietf.org/html/rfc7748 htt...
Definition: Edwards448.cs:54

Waher.Security.EllipticCurves.Edwards448.CoordinateBits
override int CoordinateBits
Number of bits used to encode the y-coordinate.
Definition: Edwards448.cs:74

Waher.Security.EllipticCurves.Edwards448.CurveName
override string CurveName
Name of curve.
Definition: Edwards448.cs:64

Waher.Security.EllipticCurves.EdwardsCurveBase.d
BigInteger d
Edwards curve coefficient
Definition: EdwardsCurveBase.cs:15

Waher.Security.EllipticCurves.EdwardsCurve
Base class of Edwards curves (x²+y²=1+dx²y²) over a prime field.
Definition: EdwardsCurve.cs:11

Waher.Security.EllipticCurves.EllipticCurve.AdditionalInfo
byte[] AdditionalInfo
Curve-specific additional information
Definition: EllipticCurve.cs:157

Waher.Security.EllipticCurves.EllipticCurve.PublicKey
virtual byte[] PublicKey
Encoded public key
Definition: EllipticCurve.cs:143

Waher.Security.EllipticCurves.EllipticCurve.PrivateKey
byte[] PrivateKey
Private key
Definition: EllipticCurve.cs:129

Waher.Security.SHA3.SHAKE256
Implements the SHA3 SHAKE256 extendable-output functions, as defined in section 6....
Definition: SHAKE256.cs:13

Waher.Runtime.Temporary
Definition: TemporaryFile.cs:6

Waher.Security.EllipticCurves
Definition: Curve25519.cs:7

Waher.Security.SHA3
Definition: Keccak1600.cs:6

Waher.Security.EllipticCurves.PointOnCurve
Represents a point on a curve.
Definition: PointOnCurve.cs:11