/
curve.go
60 lines (50 loc) · 1.62 KB
/
curve.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package edwards25519
import (
"crypto/cipher"
"crypto/sha512"
"github.com/MarconiProtocol/kyber"
"github.com/MarconiProtocol/kyber/util/random"
)
// Curve represents the Ed25519 group.
// There are no parameters and no initialization is required
// because it supports only this one specific curve.
type Curve struct {
}
// Return the name of the curve, "Ed25519".
func (c *Curve) String() string {
return "Ed25519"
}
// ScalarLen returns 32, the size in bytes of an encoded Scalar
// for the Ed25519 curve.
func (c *Curve) ScalarLen() int {
return 32
}
// Scalar creates a new Scalar for the prime-order subgroup of the Ed25519 curve.
// The scalars in this package implement kyber.Scalar's SetBytes
// method, interpreting the bytes as a little-endian integer, in order to remain
// compatible with other Ed25519 implementations, and with the standard implementation
// of the EdDSA signature.
func (c *Curve) Scalar() kyber.Scalar {
return &scalar{}
}
// PointLen returns 32, the size in bytes of an encoded Point on the Ed25519 curve.
func (c *Curve) PointLen() int {
return 32
}
// Point creates a new Point on the Ed25519 curve.
func (c *Curve) Point() kyber.Point {
P := new(point)
return P
}
// NewKey returns a formatted Ed25519 key (avoiding subgroup attack by requiring
// it to be a multiple of 8). NewKey implements the kyber/util/key.Generator interface.
func (c *Curve) NewKey(stream cipher.Stream) kyber.Scalar {
var buffer [32]byte
random.Bytes(buffer[:], stream)
scalar := sha512.Sum512(buffer[:])
scalar[0] &= 0xf8
scalar[31] &= 0x3f
scalar[31] |= 0x40
secret := c.Scalar().SetBytes(scalar[:32])
return secret
}