ed25519 1.0.0-jruby → 1.1.0-jruby
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/CHANGES.md +13 -0
- data/README.md +9 -9
- data/Rakefile +3 -3
- data/ext/ed25519_jruby/LICENSE.txt +123 -0
- data/ext/ed25519_jruby/README.md +77 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSAEngine.java +491 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSAKey.java +31 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSAPrivateKey.java +338 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSAPublicKey.java +275 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSASecurityProvider.java +59 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/KeyFactory.java +75 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/KeyPairGenerator.java +97 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/Utils.java +103 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Constants.java +23 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Curve.java +100 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Encoding.java +54 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Field.java +99 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/FieldElement.java +76 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/GroupElement.java +1034 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/ScalarOps.java +34 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/bigint/BigIntegerFieldElement.java +131 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/bigint/BigIntegerLittleEndianEncoding.java +102 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/bigint/BigIntegerScalarOps.java +37 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/bigint/package.html +6 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java +988 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/ed25519/Ed25519LittleEndianEncoding.java +256 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/math/ed25519/Ed25519ScalarOps.java +693 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSAGenParameterSpec.java +32 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSANamedCurveSpec.java +35 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSANamedCurveTable.java +71 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSAParameterSpec.java +97 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSAPrivateKeySpec.java +133 -0
- data/ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSAPublicKeySpec.java +61 -0
- data/ext/ed25519_jruby/org/cryptosphere/Ed25519Provider.java +95 -0
- data/lib/ed25519.rb +8 -8
- data/lib/ed25519/signing_key.rb +9 -0
- data/lib/ed25519/version.rb +1 -1
- data/lib/ed25519_java.jar +0 -0
- metadata +32 -3
- data/ext/ed25519_java/org/cryptosphere/ed25519.java +0 -228
- data/lib/ed25519/provider/jruby.rb +0 -39
data/lib/ed25519.rb
CHANGED
@@ -21,18 +21,18 @@ module Ed25519
|
|
21
21
|
# Raised when the built-in self-test fails
|
22
22
|
SelfTestFailure = Class.new(StandardError)
|
23
23
|
|
24
|
+
class << self
|
25
|
+
# Obtain the backend provider module used to perform signatures
|
26
|
+
attr_accessor :provider
|
27
|
+
end
|
28
|
+
|
24
29
|
# Select the Ed25519::Provider to use based on the current environment
|
25
30
|
if defined? JRUBY_VERSION
|
26
|
-
require "
|
27
|
-
|
31
|
+
require "ed25519_jruby"
|
32
|
+
self.provider = org.cryptosphere.Ed25519Provider.createEd25519Module(JRuby.runtime)
|
28
33
|
else
|
29
34
|
require "ed25519_ref10"
|
30
|
-
|
31
|
-
end
|
32
|
-
|
33
|
-
# Selected provider based on the logic above
|
34
|
-
def provider
|
35
|
-
@provider
|
35
|
+
self.provider = Ed25519::Provider::Ref10
|
36
36
|
end
|
37
37
|
|
38
38
|
# Perform a self-test to ensure the selected provider is working
|
data/lib/ed25519/signing_key.rb
CHANGED
@@ -23,14 +23,23 @@ module Ed25519
|
|
23
23
|
@verify_key = VerifyKey.new(@keypair[32, 32])
|
24
24
|
end
|
25
25
|
|
26
|
+
# Sign the given message, returning an Ed25519 signature
|
27
|
+
#
|
28
|
+
# @param message [String] message to be signed
|
29
|
+
#
|
30
|
+
# @return [String] 64-byte Ed25519 signature
|
26
31
|
def sign(message)
|
27
32
|
Ed25519.provider.sign(@keypair, message)
|
28
33
|
end
|
29
34
|
|
35
|
+
# String inspection that does not leak secret values
|
30
36
|
def inspect
|
31
37
|
to_s
|
32
38
|
end
|
33
39
|
|
40
|
+
# Return a bytestring representation of this signing key
|
41
|
+
#
|
42
|
+
# @return [String] signing key converted to a bytestring
|
34
43
|
def to_bytes
|
35
44
|
seed
|
36
45
|
end
|
data/lib/ed25519/version.rb
CHANGED
data/lib/ed25519_java.jar
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ed25519
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: jruby
|
6
6
|
authors:
|
7
7
|
- Tony Arcieri
|
@@ -44,7 +44,37 @@ files:
|
|
44
44
|
- Rakefile
|
45
45
|
- ed25519.gemspec
|
46
46
|
- ed25519.png
|
47
|
-
- ext/
|
47
|
+
- ext/ed25519_jruby/LICENSE.txt
|
48
|
+
- ext/ed25519_jruby/README.md
|
49
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSAEngine.java
|
50
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSAKey.java
|
51
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSAPrivateKey.java
|
52
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSAPublicKey.java
|
53
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/EdDSASecurityProvider.java
|
54
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/KeyFactory.java
|
55
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/KeyPairGenerator.java
|
56
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/Utils.java
|
57
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Constants.java
|
58
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Curve.java
|
59
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Encoding.java
|
60
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/Field.java
|
61
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/FieldElement.java
|
62
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/GroupElement.java
|
63
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/ScalarOps.java
|
64
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/bigint/BigIntegerFieldElement.java
|
65
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/bigint/BigIntegerLittleEndianEncoding.java
|
66
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/bigint/BigIntegerScalarOps.java
|
67
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/bigint/package.html
|
68
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java
|
69
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/ed25519/Ed25519LittleEndianEncoding.java
|
70
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/math/ed25519/Ed25519ScalarOps.java
|
71
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSAGenParameterSpec.java
|
72
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSANamedCurveSpec.java
|
73
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSANamedCurveTable.java
|
74
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSAParameterSpec.java
|
75
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSAPrivateKeySpec.java
|
76
|
+
- ext/ed25519_jruby/net/i2p/crypto/eddsa/spec/EdDSAPublicKeySpec.java
|
77
|
+
- ext/ed25519_jruby/org/cryptosphere/Ed25519Provider.java
|
48
78
|
- ext/ed25519_ref10/api.h
|
49
79
|
- ext/ed25519_ref10/base.h
|
50
80
|
- ext/ed25519_ref10/base2.h
|
@@ -107,7 +137,6 @@ files:
|
|
107
137
|
- ext/ed25519_ref10/sqrtm1.h
|
108
138
|
- ext/ed25519_ref10/verify.c
|
109
139
|
- lib/ed25519.rb
|
110
|
-
- lib/ed25519/provider/jruby.rb
|
111
140
|
- lib/ed25519/signing_key.rb
|
112
141
|
- lib/ed25519/verify_key.rb
|
113
142
|
- lib/ed25519/version.rb
|
@@ -1,228 +0,0 @@
|
|
1
|
-
package org.cryptosphere;
|
2
|
-
|
3
|
-
import java.math.BigInteger;
|
4
|
-
import java.nio.ByteBuffer;
|
5
|
-
import java.security.MessageDigest;
|
6
|
-
import java.security.NoSuchAlgorithmException;
|
7
|
-
import java.util.Arrays;
|
8
|
-
|
9
|
-
/* Written by k3d3
|
10
|
-
* Released to the public domain
|
11
|
-
*/
|
12
|
-
|
13
|
-
public class ed25519 {
|
14
|
-
static final int b = 256;
|
15
|
-
static final BigInteger q = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564819949");
|
16
|
-
static final BigInteger qm2 = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564819947");
|
17
|
-
static final BigInteger qp3 = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564819952");
|
18
|
-
static final BigInteger l = new BigInteger("7237005577332262213973186563042994240857116359379907606001950938285454250989");
|
19
|
-
static final BigInteger d = new BigInteger("-4513249062541557337682894930092624173785641285191125241628941591882900924598840740");
|
20
|
-
static final BigInteger I = new BigInteger("19681161376707505956807079304988542015446066515923890162744021073123829784752");
|
21
|
-
static final BigInteger By = new BigInteger("46316835694926478169428394003475163141307993866256225615783033603165251855960");
|
22
|
-
static final BigInteger Bx = new BigInteger("15112221349535400772501151409588531511454012693041857206046113283949847762202");
|
23
|
-
static final BigInteger[] B = {Bx.mod(q),By.mod(q)};
|
24
|
-
static final BigInteger un = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564819967");
|
25
|
-
|
26
|
-
static byte[] H(byte[] m) {
|
27
|
-
MessageDigest md;
|
28
|
-
try {
|
29
|
-
md = MessageDigest.getInstance("SHA-512");
|
30
|
-
md.reset();
|
31
|
-
return md.digest(m);
|
32
|
-
} catch (NoSuchAlgorithmException e) {
|
33
|
-
e.printStackTrace();
|
34
|
-
System.exit(1);
|
35
|
-
}
|
36
|
-
return null;
|
37
|
-
}
|
38
|
-
|
39
|
-
static BigInteger expmod(BigInteger b, BigInteger e, BigInteger m) {
|
40
|
-
//System.out.println("expmod open with b=" + b + " e=" + e + " m=" + m);
|
41
|
-
if (e.equals(BigInteger.ZERO)) {
|
42
|
-
//System.out.println("expmod close with 1z");
|
43
|
-
return BigInteger.ONE;
|
44
|
-
}
|
45
|
-
BigInteger t = expmod(b, e.divide(BigInteger.valueOf(2)), m).pow(2).mod(m);
|
46
|
-
//System.out.println("expmod 1/2 t="+t+" e="+e+" testbit="+(e.testBit(0)?1:0));
|
47
|
-
if (e.testBit(0)) {
|
48
|
-
t = t.multiply(b).mod(m);
|
49
|
-
}
|
50
|
-
//System.out.println("expmod close with " + t);
|
51
|
-
return t;
|
52
|
-
}
|
53
|
-
|
54
|
-
static BigInteger inv(BigInteger x) {
|
55
|
-
//System.out.println("inv open with " + x);
|
56
|
-
//System.out.println("inv close with " + expmod(x, qm2, q));
|
57
|
-
return expmod(x, qm2, q);
|
58
|
-
}
|
59
|
-
|
60
|
-
static BigInteger xrecover(BigInteger y) {
|
61
|
-
BigInteger y2 = y.multiply(y);
|
62
|
-
BigInteger xx = (y2.subtract(BigInteger.ONE)).multiply(inv(d.multiply(y2).add(BigInteger.ONE)));
|
63
|
-
BigInteger x = expmod(xx, qp3.divide(BigInteger.valueOf(8)), q);
|
64
|
-
if (!x.multiply(x).subtract(xx).mod(q).equals(BigInteger.ZERO)) x = (x.multiply(I).mod(q));
|
65
|
-
if (!x.mod(BigInteger.valueOf(2)).equals(BigInteger.ZERO)) x = q.subtract(x);
|
66
|
-
return x;
|
67
|
-
}
|
68
|
-
|
69
|
-
static BigInteger[] edwards(BigInteger[] P, BigInteger[] Q) {
|
70
|
-
BigInteger x1 = P[0];
|
71
|
-
BigInteger y1 = P[1];
|
72
|
-
BigInteger x2 = Q[0];
|
73
|
-
BigInteger y2 = Q[1];
|
74
|
-
BigInteger dtemp = d.multiply(x1).multiply(x2).multiply(y1).multiply(y2);
|
75
|
-
//System.out.println("edwards open with "+x1+","+x2+" "+y1+","+y2+" d="+d+" dtemp="+dtemp);
|
76
|
-
BigInteger x3 = ((x1.multiply(y2)).add((x2.multiply(y1)))).multiply(inv(BigInteger.ONE.add(dtemp)));
|
77
|
-
//System.out.println("edwards 1/2 with "+x1+","+x2+" "+y1+","+y2+" d="+d+" dtemp="+dtemp);
|
78
|
-
BigInteger y3 = ((y1.multiply(y2)).add((x1.multiply(x2)))).multiply(inv(BigInteger.ONE.subtract(dtemp)));
|
79
|
-
//System.out.println("edwards 2/2 with "+x1+","+x2+" "+y1+","+y2+" d="+d+" dtemp="+dtemp);
|
80
|
-
//System.out.println("edwards close with "+x3.mod(q)+","+y3.mod(q));
|
81
|
-
return new BigInteger[]{x3.mod(q), y3.mod(q)};
|
82
|
-
}
|
83
|
-
|
84
|
-
static BigInteger[] scalarmult(BigInteger[] P, BigInteger e) {
|
85
|
-
//System.out.println("scalarmult open with e = " + e);
|
86
|
-
if (e.equals(BigInteger.ZERO)) {
|
87
|
-
//System.out.println("scalarmult close with Q = 0,1");
|
88
|
-
return new BigInteger[]{BigInteger.ZERO, BigInteger.ONE};
|
89
|
-
}
|
90
|
-
BigInteger[] Q = scalarmult(P, e.divide(BigInteger.valueOf(2)));
|
91
|
-
//System.out.println("scalarmult asQ = " + Q[0] + "," + Q[1]);
|
92
|
-
Q = edwards(Q, Q);
|
93
|
-
//System.out.println("scalarmult aeQ = " + Q[0] + "," + Q[1] + " e="+e+" testbit="+(e.testBit(0)?1:0));
|
94
|
-
if (e.testBit(0)) Q = edwards(Q, P);
|
95
|
-
//System.out.println("scalarmult close with Q = " + Q[0] + "," + Q[1]);
|
96
|
-
return Q;
|
97
|
-
}
|
98
|
-
|
99
|
-
static byte[] encodeint(BigInteger y) {
|
100
|
-
byte[] in = y.toByteArray();
|
101
|
-
byte[] out = new byte[in.length];
|
102
|
-
for (int i=0;i<in.length;i++) {
|
103
|
-
out[i] = in[in.length-1-i];
|
104
|
-
}
|
105
|
-
return out;
|
106
|
-
}
|
107
|
-
|
108
|
-
static byte[] encodepoint(BigInteger[] P) {
|
109
|
-
BigInteger x = P[0];
|
110
|
-
BigInteger y = P[1];
|
111
|
-
byte[] out = encodeint(y);
|
112
|
-
//System.out.println("encodepoint x="+x+" testbit="+(x.testBit(0) ? 1 : 0));
|
113
|
-
out[out.length-1] |= (x.testBit(0) ? 0x80 : 0);
|
114
|
-
return out;
|
115
|
-
}
|
116
|
-
|
117
|
-
static int bit(byte[] h, int i) {
|
118
|
-
//System.out.println("bit open with i="+i);
|
119
|
-
//System.out.println("bit close with "+(h[i/8] >> (i%8) & 1));
|
120
|
-
return h[i/8] >> (i%8) & 1;
|
121
|
-
}
|
122
|
-
|
123
|
-
static byte[] publickey(byte[] sk) {
|
124
|
-
byte[] h = H(sk);
|
125
|
-
//System.out.println("publickey open with h=" + test.getHex(h));
|
126
|
-
BigInteger a = BigInteger.valueOf(2).pow(b-2);
|
127
|
-
for (int i=3;i<(b-2);i++) {
|
128
|
-
BigInteger apart = BigInteger.valueOf(2).pow(i).multiply(BigInteger.valueOf(bit(h,i)));
|
129
|
-
//System.out.println("publickey apart="+apart);
|
130
|
-
a = a.add(apart);
|
131
|
-
}
|
132
|
-
BigInteger[] A = scalarmult(B,a);
|
133
|
-
//System.out.println("publickey close with A="+A[0]+","+A[1]+" out="+test.getHex(encodepoint(A)));
|
134
|
-
return encodepoint(A);
|
135
|
-
}
|
136
|
-
|
137
|
-
static BigInteger Hint(byte[] m) {
|
138
|
-
byte[] h = H(m);
|
139
|
-
BigInteger hsum = BigInteger.ZERO;
|
140
|
-
for (int i=0;i<2*b;i++) {
|
141
|
-
hsum = hsum.add(BigInteger.valueOf(2).pow(i).multiply(BigInteger.valueOf(bit(h,i))));
|
142
|
-
}
|
143
|
-
return hsum;
|
144
|
-
}
|
145
|
-
|
146
|
-
static byte[] signature(byte[] m, byte[] sk, byte[] pk) {
|
147
|
-
byte[] h = H(sk);
|
148
|
-
//System.out.println("signature open with m="+test.getHex(m)+" h="+test.getHex(h)+" pk="+test.getHex(pk));
|
149
|
-
BigInteger a = BigInteger.valueOf(2).pow(b-2);
|
150
|
-
for (int i=3;i<(b-2);i++) {
|
151
|
-
a = a.add(BigInteger.valueOf(2).pow(i).multiply(BigInteger.valueOf(bit(h,i))));
|
152
|
-
}
|
153
|
-
//System.out.println("signature a="+a);
|
154
|
-
ByteBuffer rsub = ByteBuffer.allocate((b/8)+m.length);
|
155
|
-
rsub.put(h, b/8, b/4-b/8).put(m);
|
156
|
-
//System.out.println("signature rsub="+test.getHex(rsub.array()));
|
157
|
-
BigInteger r = Hint(rsub.array());
|
158
|
-
//System.out.println("signature r="+r);
|
159
|
-
BigInteger[] R = scalarmult(B,r);
|
160
|
-
ByteBuffer Stemp = ByteBuffer.allocate(32+pk.length+m.length);
|
161
|
-
Stemp.put(encodepoint(R)).put(pk).put(m);
|
162
|
-
BigInteger S = r.add(Hint(Stemp.array()).multiply(a)).mod(l);
|
163
|
-
ByteBuffer out = ByteBuffer.allocate(64);
|
164
|
-
out.put(encodepoint(R)).put(encodeint(S));
|
165
|
-
return out.array();
|
166
|
-
}
|
167
|
-
|
168
|
-
static boolean isoncurve(BigInteger[] P) {
|
169
|
-
BigInteger x = P[0];
|
170
|
-
BigInteger y = P[1];
|
171
|
-
//System.out.println("isoncurve open with P="+x+","+y);
|
172
|
-
BigInteger xx = x.multiply(x);
|
173
|
-
BigInteger yy = y.multiply(y);
|
174
|
-
BigInteger dxxyy = d.multiply(yy).multiply(xx);
|
175
|
-
//System.out.println("isoncurve close with "+xx.negate().add(yy).subtract(BigInteger.ONE).subtract(dxxyy).mod(q));
|
176
|
-
return xx.negate().add(yy).subtract(BigInteger.ONE).subtract(dxxyy).mod(q).equals(BigInteger.ZERO);
|
177
|
-
}
|
178
|
-
|
179
|
-
static BigInteger decodeint(byte[] s) {
|
180
|
-
byte[] out = new byte[s.length];
|
181
|
-
for (int i=0;i<s.length;i++) {
|
182
|
-
out[i] = s[s.length-1-i];
|
183
|
-
}
|
184
|
-
return new BigInteger(out).and(un);
|
185
|
-
}
|
186
|
-
|
187
|
-
static BigInteger[] decodepoint(byte[] s) throws Exception {
|
188
|
-
byte[] ybyte = new byte[s.length];
|
189
|
-
for (int i=0;i<s.length;i++) {
|
190
|
-
ybyte[i] = s[s.length-1-i];
|
191
|
-
}
|
192
|
-
//System.out.println("decodepoint open with s="+test.getHex(s)+" ybyte="+test.getHex(ybyte));
|
193
|
-
BigInteger y = new BigInteger(ybyte).and(un);
|
194
|
-
//System.out.println("decodepoint y="+y);
|
195
|
-
BigInteger x = xrecover(y);
|
196
|
-
//System.out.println("decodepoint x="+x+" testbit="+(x.testBit(0)?1:0)+" bit="+bit(s, b-1));
|
197
|
-
if ((x.testBit(0)?1:0) != bit(s, b-1)) {
|
198
|
-
x = q.subtract(x);
|
199
|
-
}
|
200
|
-
BigInteger[] P = {x,y};
|
201
|
-
if (!isoncurve(P)) throw new Exception("decoding point that is not on curve");
|
202
|
-
return P;
|
203
|
-
}
|
204
|
-
|
205
|
-
static boolean checkvalid(byte[] s, byte[] m, byte[] pk) throws Exception {
|
206
|
-
if (s.length != b/4) throw new Exception("signature length is wrong");
|
207
|
-
if (pk.length != b/8) throw new Exception("public-key length is wrong");
|
208
|
-
//System.out.println("checkvalid open with s="+test.getHex(s)+" m="+test.getHex(m)+" pk="+test.getHex(pk));
|
209
|
-
byte[] Rbyte = Arrays.copyOfRange(s, 0, b/8);
|
210
|
-
//System.out.println("checkvalid Rbyte="+test.getHex(Rbyte));
|
211
|
-
BigInteger[] R = decodepoint(Rbyte);
|
212
|
-
BigInteger[] A = decodepoint(pk);
|
213
|
-
//System.out.println("checkvalid R="+R[0]+","+R[1]+" A="+A[0]+","+A[1]);
|
214
|
-
byte[] Sbyte = Arrays.copyOfRange(s, b/8, b/4);
|
215
|
-
//System.out.println("checkvalid Sbyte="+test.getHex(Sbyte));
|
216
|
-
BigInteger S = decodeint(Sbyte);
|
217
|
-
//System.out.println("checkvalid S="+S);
|
218
|
-
ByteBuffer Stemp = ByteBuffer.allocate(32+pk.length+m.length);
|
219
|
-
Stemp.put(encodepoint(R)).put(pk).put(m);
|
220
|
-
BigInteger h = Hint(Stemp.array());
|
221
|
-
BigInteger[] ra = scalarmult(B,S);
|
222
|
-
BigInteger[] rb = edwards(R,scalarmult(A,h));
|
223
|
-
//System.out.println("checkvalid ra="+ra[0]+","+ra[1]+" rb="+rb[0]+","+rb[1]);
|
224
|
-
if (!ra[0].equals(rb[0]) || !ra[1].equals(rb[1])) // Constant time comparison
|
225
|
-
return false;
|
226
|
-
return true;
|
227
|
-
}
|
228
|
-
}
|
@@ -1,39 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "java"
|
4
|
-
require "ed25519_java"
|
5
|
-
|
6
|
-
module Ed25519
|
7
|
-
module Provider
|
8
|
-
# Binding between the JRuby extension and the Ed25519::Provider API
|
9
|
-
#
|
10
|
-
# TODO: implement the Ed25519::Provider API natively in the Java extension
|
11
|
-
module JRuby
|
12
|
-
module_function
|
13
|
-
|
14
|
-
def create_keypair(seed)
|
15
|
-
raise ArgumentError, "seed must be #{KEY_SIZE}-bytes long" unless seed.length == Ed25519::KEY_SIZE
|
16
|
-
|
17
|
-
verify_key = org.cryptosphere.ed25519.publickey(seed.to_java_bytes)
|
18
|
-
verify_key = String.from_java_bytes(verify_key)
|
19
|
-
seed + verify_key
|
20
|
-
end
|
21
|
-
|
22
|
-
def sign(signing_key, message)
|
23
|
-
verify_key = signing_key[32, 32].to_java_bytes
|
24
|
-
signing_key = signing_key[0, 32].to_java_bytes
|
25
|
-
|
26
|
-
signature = org.cryptosphere.ed25519.signature(message.to_java_bytes, signing_key, verify_key)
|
27
|
-
String.from_java_bytes(signature)
|
28
|
-
end
|
29
|
-
|
30
|
-
def verify(verify_key, signature, message)
|
31
|
-
org.cryptosphere.ed25519.checkvalid(
|
32
|
-
signature.to_java_bytes,
|
33
|
-
message.to_java_bytes,
|
34
|
-
verify_key.to_java_bytes
|
35
|
-
)
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|