db/d47/_curve25519_8cs_source.html

using System;

using System.Globalization;

using System.IO;

using System.Numerics;


namespace Waher.Security.EllipticCurves

{

    public class Curve25519 : MontgomeryCurve

    {

        private static readonly BigInteger p0 = BigInteger.Pow(2, 255) - 19;

        private static readonly BigInteger A0 = 486662;

        private static readonly BigInteger A24 = (A0 - 2) / 4;

        private static readonly BigInteger n0 = BigInteger.Pow(2, 252) + BigInteger.Parse("14def9dea2f79cd65812631a5cf5d3ed", NumberStyles.HexNumber);

        private static readonly BigInteger BasePointU = 9;

        private static readonly BigInteger BasePointV = BigInteger.Parse("14781619447589544791020593568409986887264606134616475288964881837755586237401");

        private static readonly BigInteger SqrtMinus486664 = ModulusP.SqrtModP(-486664, p0);


        public Curve25519()

            : base(p0, new PointOnCurve(BasePointU, BasePointV), n0, 8)

        {

        }


        public Curve25519(byte[] Secret)

            : base(p0, new PointOnCurve(BasePointU, BasePointV), n0, 8, Secret)

        {

        }


        public override string CurveName => "Curve25519";


        protected override BigInteger A => A0;


        public override PointOnCurve ToXY(PointOnCurve UV)

        {

            BigInteger X = this.modP.Multiply(SqrtMinus486664, this.modP.Divide(UV.X, UV.Y));

            BigInteger Y = this.modP.Divide(UV.X - BigInteger.One, UV.X + BigInteger.One);


            if (X.Sign < 0)

                X += this.p;


            if (Y.Sign < 0)

                Y += this.p;


            return new PointOnCurve(X, Y);

        }


        public override PointOnCurve ToUV(PointOnCurve XY)

        {

            BigInteger U = this.modP.Divide(XY.Y + BigInteger.One, BigInteger.One - XY.Y);

            BigInteger V = this.modP.Multiply(SqrtMinus486664, this.modP.Divide(U, XY.X));


            if (U.Sign < 0)

                U += this.p;


            if (V.Sign < 0)

                V += this.p;


            return new PointOnCurve(U, V);

        }


        public override BigInteger ScalarMultiplication(byte[] N, BigInteger U)

        {

            return XFunction(N, U, A24, this.p, 255);

        }


        public override Tuple<byte[], byte[]> CalculatePrivateKey(byte[] Secret)

        {

            byte[] Bin = Secret;


            if (Bin.Length != 32)

                Bin = Hashes.ComputeSHA256Hash(Secret);


            Bin[0] &= 0xf8;

            Bin[31] &= 0x3f;

            Bin[31] |= 0x40;


            return new Tuple<byte[], byte[]>(Bin, null);

        }


        public override EdwardsCurveBase CreatePair()

        {

            PointOnCurve PublicKeyUV = this.PublicKeyPoint;

            PointOnCurve PublicKeyXY = this.ToXY(PublicKeyUV);


            Edwards25519 Candidate = new Edwards25519(this.PrivateKey, false);

            PointOnCurve PublicKeyXY2 = Candidate.PublicKeyPoint;


            if (!PublicKeyXY.Y.Equals(PublicKeyXY2.Y))

                throw new InvalidOperationException("Unable to create pair curve.");


            return Candidate;

        }


        public override byte[] Sign(byte[] Data)

        {

            throw new NotSupportedException("Signatures not supported.");

            // return XEdDSA.Sign(Data, this.PrivateKey, Hashes.ComputeSHA512Hash, this);

        }


        public override byte[] Sign(Stream Data)

        {

            throw new NotSupportedException("Signatures not supported.");

            // return XEdDSA.Sign(Data, this.PrivateKey, Hashes.ComputeSHA512Hash, this);

        }


        /*/// <summary>

        public byte[] Sign(byte[] Data, GetRandomBytesHandler GetRandomBytes)

        {

            return XEdDSA.Sign(Data, this.PrivateKey, Hashes.ComputeSHA512Hash, this,

                GetRandomBytes);

        }*/


        public override bool Verify(byte[] Data, byte[] PublicKey, byte[] Signature)

        {

            throw new NotSupportedException("Signatures not supported.");

            //return XEdDSA.Verify(Data, PublicKey, Hashes.ComputeSHA512Hash, this,

            //    Signature, 255, 253);

        }


        public override bool Verify(Stream Data, byte[] PublicKey, byte[] Signature)

        {

            throw new NotSupportedException("Signatures not supported.");

            //return XEdDSA.Verify(Data, PublicKey, Hashes.ComputeSHA512Hash, this,

            //    Signature, 255, 253);

        }


    }

}

Waher.Security.EllipticCurves.Curve25519
Curve25519, as defined in RFC 7748: https://tools.ietf.org/html/rfc7748
Definition: Curve25519.cs:13

Waher.Security.EllipticCurves.Curve25519.A
override BigInteger A
a Coefficient in the definition of the curve E: v²=u³+A*u²+u
Definition: Curve25519.cs:49

Waher.Security.EllipticCurves.Curve25519.Sign
override byte[] Sign(byte[] Data)
Creates a signature of Data  using the XEdDSA algorithm.
Definition: Curve25519.cs:144

Waher.Security.EllipticCurves.Curve25519.CalculatePrivateKey
override Tuple< byte[], byte[]> CalculatePrivateKey(byte[] Secret)
Calculates a private key from a secret.
Definition: Curve25519.cs:107

Waher.Security.EllipticCurves.Curve25519.CreatePair
override EdwardsCurveBase CreatePair()
Creates the Edwards Curve pair.
Definition: Curve25519.cs:125

Waher.Security.EllipticCurves.Curve25519.ToXY
override PointOnCurve ToXY(PointOnCurve UV)
Converts a pair of (U,V) coordinates to a pair of (X,Y) coordinates in the birational Edwards curve.
Definition: Curve25519.cs:57

Waher.Security.EllipticCurves.Curve25519.Curve25519
Curve25519(byte[] Secret)
Curve25519, as defined in RFC 7748: https://tools.ietf.org/html/rfc7748
Definition: Curve25519.cs:36

Waher.Security.EllipticCurves.Curve25519.CurveName
override string CurveName
Name of curve.
Definition: Curve25519.cs:44

Waher.Security.EllipticCurves.Curve25519.Sign
override byte[] Sign(Stream Data)
Creates a signature of Data  using the XEdDSA algorithm.
Definition: Curve25519.cs:155

Waher.Security.EllipticCurves.Curve25519.Verify
override bool Verify(Stream Data, byte[] PublicKey, byte[] Signature)
Verifies a signature of Data  made by the EdDSA algorithm.
Definition: Curve25519.cs:194

Waher.Security.EllipticCurves.Curve25519.ScalarMultiplication
override BigInteger ScalarMultiplication(byte[] N, BigInteger U)
Performs the scalar multiplication of N *U .
Definition: Curve25519.cs:97

Waher.Security.EllipticCurves.Curve25519.Curve25519
Curve25519()
Curve25519, as defined in RFC 7748: https://tools.ietf.org/html/rfc7748
Definition: Curve25519.cs:26

Waher.Security.EllipticCurves.Curve25519.ToUV
override PointOnCurve ToUV(PointOnCurve XY)
Converts a pair of (X,Y) coordinates for the birational Edwards curve to a pair of (U,...
Definition: Curve25519.cs:77

Waher.Security.EllipticCurves.Curve25519.Verify
override bool Verify(byte[] Data, byte[] PublicKey, byte[] Signature)
Verifies a signature of Data  made by the EdDSA algorithm.
Definition: Curve25519.cs:180

Waher.Security.EllipticCurves.Edwards25519
Edwards25519 Elliptic Curve, as defined in RFC7748 and RFC8032: https://tools.ietf....
Definition: Edwards25519.cs:14

Waher.Security.EllipticCurves.EdwardsCurveBase
Base class of different types of Edwards curves over a prime field.
Definition: EdwardsCurveBase.cs:11

Waher.Security.EllipticCurves.EllipticCurve.PublicKey
virtual byte[] PublicKey
Encoded public key
Definition: EllipticCurve.cs:143

Waher.Security.EllipticCurves.EllipticCurve.PrivateKey
byte[] PrivateKey
Private key
Definition: EllipticCurve.cs:129

Waher.Security.EllipticCurves.EllipticCurve.PublicKeyPoint
virtual PointOnCurve PublicKeyPoint
Public key, as a point on the elliptic curve.
Definition: EllipticCurve.cs:171

Waher.Security.EllipticCurves.ModulusP
Integer arithmetic, modulus a prime.
Definition: ModulusP.cs:10

Waher.Security.EllipticCurves.ModulusP.Multiply
BigInteger Multiply(BigInteger a, BigInteger b)
Multiplies two numbers, modulus p
Definition: ModulusP.cs:80

Waher.Security.EllipticCurves.ModulusP.SqrtModP
static BigInteger SqrtModP(BigInteger N, BigInteger p)
Computes sqrt(N) mod p.
Definition: ModulusP.cs:166

Waher.Security.EllipticCurves.ModulusP.Divide
BigInteger Divide(BigInteger a, BigInteger b)
Divides two numbers, modulus p
Definition: ModulusP.cs:91

Waher.Security.EllipticCurves.MontgomeryCurve
Base class of Montgomery curves (y²=x³+Ax²+x), with biratinal Edwards equivalent over a prime field.
Definition: MontgomeryCurve.cs:12

Waher.Security.EllipticCurves.MontgomeryCurve.XFunction
static BigInteger XFunction(byte[] N, BigInteger U, BigInteger A24, BigInteger p, int Bits)
Performs the scalar multiplication of N *U .
Definition: MontgomeryCurve.cs:128

Waher.Security.EllipticCurves.MontgomeryCurve.PublicKeyPoint
override PointOnCurve PublicKeyPoint
Public key.
Definition: MontgomeryCurve.cs:262

Waher.Security.EllipticCurves.PrimeFieldCurve.modP
readonly ModulusP modP
Arithmetic modulus p
Definition: PrimeFieldCurve.cs:18

Waher.Security.EllipticCurves.PrimeFieldCurve.p
readonly BigInteger p
Prime p
Definition: PrimeFieldCurve.cs:28

Waher.Security.Hashes
Contains methods for simple hash calculations.
Definition: Hashes.cs:59

Waher.Security.Hashes.ComputeSHA256Hash
static byte[] ComputeSHA256Hash(byte[] Data)
Computes the SHA-256 hash of a block of binary data.
Definition: Hashes.cs:348

Waher.Security.EllipticCurves
Definition: Curve25519.cs:7

Waher.Security.EllipticCurves.PointOnCurve
Represents a point on a curve.
Definition: PointOnCurve.cs:11

Waher.Security.EllipticCurves.PointOnCurve.Y
BigInteger Y
X-coordinate
Definition: PointOnCurve.cs:94

Waher.Security.EllipticCurves.PointOnCurve.X
BigInteger X
X-coordinate
Definition: PointOnCurve.cs:85