/
keyderiv.go
115 lines (86 loc) · 3.16 KB
/
keyderiv.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package ecdsa
import (
"crypto/ecdsa"
"math/big"
"github.com/11090815/mayy/csp/interfaces"
"github.com/11090815/mayy/errors"
)
/* ------------------------------------------------------------------------------------------ */
type ECDSAPublicKeyDeriver struct{}
func NewECDSAPublicKeyDeriver() *ECDSAPublicKeyDeriver {
return &ECDSAPublicKeyDeriver{}
}
// KeyDeriv 此方法的第二个参数必须是 *ECDSAReRandKeyOpts 实例。
func (kd *ECDSAPublicKeyDeriver) KeyDeriv(key interfaces.Key, opts interfaces.KeyDerivOpts) (interfaces.Key, error) {
if opts == nil {
return nil, errors.NewError("invalid opts, it must be non-nil")
}
pk := key.(*ECDSAPublicKey)
ecdsaReRandOpts, ok := opts.(*ECDSAReRandKeyOpts)
if !ok {
return nil, errors.NewErrorf("only support *ECDSAReRandKeyOpts, but got \"%T\"", opts)
}
tempPK := &ecdsa.PublicKey{
Curve: pk.publicKey.Curve,
X: pk.publicKey.X,
Y: pk.publicKey.Y,
}
// 1. 确定随机值 r
r := new(big.Int).SetBytes(ecdsaReRandOpts.Expansion)
// 2. 椭圆曲线的阶减去1:n = order - 1
one := big.NewInt(1)
n := new(big.Int).Sub(pk.publicKey.Params().N, one)
// 3. r = r mod n
// r = r + 1
r.Mod(r, n)
r.Add(r, one)
tempX, tempY := pk.publicKey.ScalarBaseMult(r.Bytes())
tempPK.X, tempPK.Y = tempPK.Add(pk.publicKey.X, pk.publicKey.Y, tempX, tempY)
isOn := tempPK.Curve.IsOnCurve(tempPK.X, tempPK.Y)
if !isOn {
return nil, errors.NewError("failed get a new rand public key, because it is not on the curve")
}
return &ECDSAPublicKey{publicKey: tempPK}, nil
}
/* ------------------------------------------------------------------------------------------ */
type ECDSAPrivateKeyDeriver struct{}
func NewECDSAPrivateKeyDeriver() *ECDSAPrivateKeyDeriver {
return &ECDSAPrivateKeyDeriver{}
}
// KeyDeriv 此方法的第二个参数必须是 *ECDSAReRandKeyOpts 实例。
func (kd *ECDSAPrivateKeyDeriver) KeyDeriv(key interfaces.Key, opts interfaces.KeyDerivOpts) (interfaces.Key, error) {
if opts == nil {
return nil, errors.NewError("invalid opts, it must be non-nil")
}
sk := key.(*ECDSAPrivateKey)
ecdsaReRandOpts, ok := opts.(*ECDSAReRandKeyOpts)
if !ok {
return nil, errors.NewErrorf("only support *ECDSAReRandKeyOpts, but got \"%T\"", opts)
}
tempSK := &ecdsa.PrivateKey{
PublicKey: ecdsa.PublicKey{
Curve: sk.privateKey.Curve,
X: new(big.Int),
Y: new(big.Int),
},
D: new(big.Int),
}
// 1. 确定随机值 r
r := new(big.Int).SetBytes(ecdsaReRandOpts.Expansion)
// 2. 椭圆曲线的阶减去1:n = order - 1
one := big.NewInt(1)
n := new(big.Int).Sub(sk.privateKey.Params().N, one)
// 3. r = r mod n
// r = r + 1
r.Mod(r, n)
r.Add(r, one)
tempSK.D.Add(sk.privateKey.D, r)
tempSK.D.Mod(tempSK.D, sk.privateKey.Params().N)
tempX, tempY := sk.privateKey.PublicKey.ScalarBaseMult(r.Bytes())
tempSK.PublicKey.X, tempSK.PublicKey.Y = tempSK.PublicKey.Add(sk.privateKey.PublicKey.X, sk.privateKey.PublicKey.Y, tempX, tempY)
isOn := tempSK.Curve.IsOnCurve(tempSK.PublicKey.X, tempSK.PublicKey.Y)
if !isOn {
return nil, errors.NewError("failed get a new rand private/public key, because it is not on the curve")
}
return &ECDSAPrivateKey{privateKey: tempSK}, nil
}