diff options
Diffstat (limited to 'src/gnunet/crypto/gns_edkey.go')
-rw-r--r-- | src/gnunet/crypto/gns_edkey.go | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/src/gnunet/crypto/gns_edkey.go b/src/gnunet/crypto/gns_edkey.go index b7e88b3..930c140 100644 --- a/src/gnunet/crypto/gns_edkey.go +++ b/src/gnunet/crypto/gns_edkey.go | |||
@@ -1,5 +1,5 @@ | |||
1 | // This file is part of gnunet-go, a GNUnet-implementation in Golang. | 1 | // This file is part of gnunet-go, a GNUnet-implementation in Golang. |
2 | // Copyright (C) 2019-2022 Bernd Fix >Y< | 2 | // Copyright (C) 2019-2023 Bernd Fix >Y< |
3 | // | 3 | // |
4 | // gnunet-go is free software: you can redistribute it and/or modify it | 4 | // gnunet-go is free software: you can redistribute it and/or modify it |
5 | // under the terms of the GNU Affero General Public License as published | 5 | // under the terms of the GNU Affero General Public License as published |
@@ -53,17 +53,17 @@ func init() { | |||
53 | } | 53 | } |
54 | 54 | ||
55 | //---------------------------------------------------------------------- | 55 | //---------------------------------------------------------------------- |
56 | // Private key | 56 | // Public key |
57 | //---------------------------------------------------------------------- | 57 | //---------------------------------------------------------------------- |
58 | 58 | ||
59 | // EDKEYPublicImpl implements the public key scheme. | 59 | // EDKEYPublicImpl implements the EDKEY public key scheme. |
60 | type EDKEYPublicImpl struct { | 60 | type EDKEYPublicImpl struct { |
61 | ztype enums.GNSType | 61 | ztype enums.GNSType |
62 | pub *ed25519.PublicKey | 62 | pub *ed25519.PublicKey |
63 | } | 63 | } |
64 | 64 | ||
65 | // Init instance from binary data. The data represents a big integer | 65 | // Init instance from binary data. The data represents a binary |
66 | // (in big-endian notation) for the private scalar d. | 66 | // representation of a curve point (as defined in RFC 8032). |
67 | func (pk *EDKEYPublicImpl) Init(data []byte) error { | 67 | func (pk *EDKEYPublicImpl) Init(data []byte) error { |
68 | pk.ztype = ZONE_EDKEY | 68 | pk.ztype = ZONE_EDKEY |
69 | pk.pub = ed25519.NewPublicKeyFromBytes(data) | 69 | pk.pub = ed25519.NewPublicKeyFromBytes(data) |
@@ -79,8 +79,8 @@ func (pk *EDKEYPublicImpl) Bytes() []byte { | |||
79 | // Derive a public key from this key based on a big integer | 79 | // Derive a public key from this key based on a big integer |
80 | // (key blinding). Returns the derived key and the blinding value. | 80 | // (key blinding). Returns the derived key and the blinding value. |
81 | func (pk *EDKEYPublicImpl) Derive(h *math.Int) (dPk ZoneKeyImpl, hOut *math.Int, err error) { | 81 | func (pk *EDKEYPublicImpl) Derive(h *math.Int) (dPk ZoneKeyImpl, hOut *math.Int, err error) { |
82 | // limit to allowed value range (see LSD0001 spec) | 82 | // limit to allowed value range (see LSD0001 spec, 5.1.2.) |
83 | hOut = h.SetBit(255, 0) | 83 | hOut = h.Mod(ed25519.GetCurve().N) |
84 | derived := pk.pub.Mult(hOut) | 84 | derived := pk.pub.Mult(hOut) |
85 | dPk = &EDKEYPublicImpl{ | 85 | dPk = &EDKEYPublicImpl{ |
86 | pk.ztype, | 86 | pk.ztype, |
@@ -178,8 +178,8 @@ type EDKEYPrivateImpl struct { | |||
178 | prv *ed25519.PrivateKey // private key | 178 | prv *ed25519.PrivateKey // private key |
179 | } | 179 | } |
180 | 180 | ||
181 | // Init instance from binary data. The data represents a big integer | 181 | // Init instance from binary data. The data represents the seed |
182 | // (in big-endian notation) for the private scalar d. | 182 | // used to generate the private scalar and nonce (see RFC 8032). |
183 | func (pk *EDKEYPrivateImpl) Init(data []byte) error { | 183 | func (pk *EDKEYPrivateImpl) Init(data []byte) error { |
184 | pk.seed = util.Clone(data) | 184 | pk.seed = util.Clone(data) |
185 | pk.prv = ed25519.NewPrivateKeyFromSeed(data) | 185 | pk.prv = ed25519.NewPrivateKeyFromSeed(data) |
@@ -208,9 +208,14 @@ func (pk *EDKEYPrivateImpl) Public() ZoneKeyImpl { | |||
208 | // (key blinding). Returns the derived key and the blinding value. | 208 | // (key blinding). Returns the derived key and the blinding value. |
209 | func (pk *EDKEYPrivateImpl) Derive(h *math.Int) (dPk ZonePrivateImpl, hOut *math.Int, err error) { | 209 | func (pk *EDKEYPrivateImpl) Derive(h *math.Int) (dPk ZonePrivateImpl, hOut *math.Int, err error) { |
210 | // limit to allowed value range (see LSD0001 spec 5.1.2) | 210 | // limit to allowed value range (see LSD0001 spec 5.1.2) |
211 | hOut = h.SetBit(255, 0) | 211 | hOut = h.Mod(ed25519.GetCurve().N) |
212 | |||
212 | // derive private key | 213 | // derive private key |
213 | derived := pk.prv.Mult(hOut) | 214 | a1 := pk.prv.D.Rsh(3) |
215 | a2 := h.Mul(a1).Mod(ed25519.GetCurve().N) | ||
216 | dd := a2.Lsh(3) | ||
217 | derived := ed25519.NewPrivateKeyFromD(dd) | ||
218 | |||
214 | // derive nonce | 219 | // derive nonce |
215 | md := sha256.Sum256(append(pk.prv.Nonce, h.Bytes()...)) | 220 | md := sha256.Sum256(append(pk.prv.Nonce, h.Bytes()...)) |
216 | derived.Nonce = md[:] | 221 | derived.Nonce = md[:] |