diff options
Diffstat (limited to 'src/gnunet/crypto/gns_edkey.go')
| -rw-r--r-- | src/gnunet/crypto/gns_edkey.go | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/src/gnunet/crypto/gns_edkey.go b/src/gnunet/crypto/gns_edkey.go index b7e88b3..930c140 100644 --- a/src/gnunet/crypto/gns_edkey.go +++ b/src/gnunet/crypto/gns_edkey.go | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | // This file is part of gnunet-go, a GNUnet-implementation in Golang. | 1 | // This file is part of gnunet-go, a GNUnet-implementation in Golang. |
| 2 | // Copyright (C) 2019-2022 Bernd Fix >Y< | 2 | // Copyright (C) 2019-2023 Bernd Fix >Y< |
| 3 | // | 3 | // |
| 4 | // gnunet-go is free software: you can redistribute it and/or modify it | 4 | // gnunet-go is free software: you can redistribute it and/or modify it |
| 5 | // under the terms of the GNU Affero General Public License as published | 5 | // under the terms of the GNU Affero General Public License as published |
| @@ -53,17 +53,17 @@ func init() { | |||
| 53 | } | 53 | } |
| 54 | 54 | ||
| 55 | //---------------------------------------------------------------------- | 55 | //---------------------------------------------------------------------- |
| 56 | // Private key | 56 | // Public key |
| 57 | //---------------------------------------------------------------------- | 57 | //---------------------------------------------------------------------- |
| 58 | 58 | ||
| 59 | // EDKEYPublicImpl implements the public key scheme. | 59 | // EDKEYPublicImpl implements the EDKEY public key scheme. |
| 60 | type EDKEYPublicImpl struct { | 60 | type EDKEYPublicImpl struct { |
| 61 | ztype enums.GNSType | 61 | ztype enums.GNSType |
| 62 | pub *ed25519.PublicKey | 62 | pub *ed25519.PublicKey |
| 63 | } | 63 | } |
| 64 | 64 | ||
| 65 | // Init instance from binary data. The data represents a big integer | 65 | // Init instance from binary data. The data represents a binary |
| 66 | // (in big-endian notation) for the private scalar d. | 66 | // representation of a curve point (as defined in RFC 8032). |
| 67 | func (pk *EDKEYPublicImpl) Init(data []byte) error { | 67 | func (pk *EDKEYPublicImpl) Init(data []byte) error { |
| 68 | pk.ztype = ZONE_EDKEY | 68 | pk.ztype = ZONE_EDKEY |
| 69 | pk.pub = ed25519.NewPublicKeyFromBytes(data) | 69 | pk.pub = ed25519.NewPublicKeyFromBytes(data) |
| @@ -79,8 +79,8 @@ func (pk *EDKEYPublicImpl) Bytes() []byte { | |||
| 79 | // Derive a public key from this key based on a big integer | 79 | // Derive a public key from this key based on a big integer |
| 80 | // (key blinding). Returns the derived key and the blinding value. | 80 | // (key blinding). Returns the derived key and the blinding value. |
| 81 | func (pk *EDKEYPublicImpl) Derive(h *math.Int) (dPk ZoneKeyImpl, hOut *math.Int, err error) { | 81 | func (pk *EDKEYPublicImpl) Derive(h *math.Int) (dPk ZoneKeyImpl, hOut *math.Int, err error) { |
| 82 | // limit to allowed value range (see LSD0001 spec) | 82 | // limit to allowed value range (see LSD0001 spec, 5.1.2.) |
| 83 | hOut = h.SetBit(255, 0) | 83 | hOut = h.Mod(ed25519.GetCurve().N) |
| 84 | derived := pk.pub.Mult(hOut) | 84 | derived := pk.pub.Mult(hOut) |
| 85 | dPk = &EDKEYPublicImpl{ | 85 | dPk = &EDKEYPublicImpl{ |
| 86 | pk.ztype, | 86 | pk.ztype, |
| @@ -178,8 +178,8 @@ type EDKEYPrivateImpl struct { | |||
| 178 | prv *ed25519.PrivateKey // private key | 178 | prv *ed25519.PrivateKey // private key |
| 179 | } | 179 | } |
| 180 | 180 | ||
| 181 | // Init instance from binary data. The data represents a big integer | 181 | // Init instance from binary data. The data represents the seed |
| 182 | // (in big-endian notation) for the private scalar d. | 182 | // used to generate the private scalar and nonce (see RFC 8032). |
| 183 | func (pk *EDKEYPrivateImpl) Init(data []byte) error { | 183 | func (pk *EDKEYPrivateImpl) Init(data []byte) error { |
| 184 | pk.seed = util.Clone(data) | 184 | pk.seed = util.Clone(data) |
| 185 | pk.prv = ed25519.NewPrivateKeyFromSeed(data) | 185 | pk.prv = ed25519.NewPrivateKeyFromSeed(data) |
| @@ -208,9 +208,14 @@ func (pk *EDKEYPrivateImpl) Public() ZoneKeyImpl { | |||
| 208 | // (key blinding). Returns the derived key and the blinding value. | 208 | // (key blinding). Returns the derived key and the blinding value. |
| 209 | func (pk *EDKEYPrivateImpl) Derive(h *math.Int) (dPk ZonePrivateImpl, hOut *math.Int, err error) { | 209 | func (pk *EDKEYPrivateImpl) Derive(h *math.Int) (dPk ZonePrivateImpl, hOut *math.Int, err error) { |
| 210 | // limit to allowed value range (see LSD0001 spec 5.1.2) | 210 | // limit to allowed value range (see LSD0001 spec 5.1.2) |
| 211 | hOut = h.SetBit(255, 0) | 211 | hOut = h.Mod(ed25519.GetCurve().N) |
| 212 | |||
| 212 | // derive private key | 213 | // derive private key |
| 213 | derived := pk.prv.Mult(hOut) | 214 | a1 := pk.prv.D.Rsh(3) |
| 215 | a2 := h.Mul(a1).Mod(ed25519.GetCurve().N) | ||
| 216 | dd := a2.Lsh(3) | ||
| 217 | derived := ed25519.NewPrivateKeyFromD(dd) | ||
| 218 | |||
| 214 | // derive nonce | 219 | // derive nonce |
| 215 | md := sha256.Sum256(append(pk.prv.Nonce, h.Bytes()...)) | 220 | md := sha256.Sum256(append(pk.prv.Nonce, h.Bytes()...)) |
| 216 | derived.Nonce = md[:] | 221 | derived.Nonce = md[:] |