// NewKey returns a formatted Ed25519 key (avoiding subgroup attack by requiring
// it to be a multiple of 8)
func (s *suiteEd25519) NewKey(stream cipher.Stream) abstract.Scalar {
if stream == nil {
stream = random.Stream
}
buffer := random.NonZeroBytes(32, stream)
scalar := sha512.Sum512(buffer)
scalar[0] &= 0xf8
scalar[31] &= 0x3f
scalar[31] |= 0x40
secret := s.Scalar().SetBytes(scalar[:32])
return secret
}
// NewEdDSAKey will return a freshly generated key pair to use for generating
// EdDSA signatures.
// If stream == nil, it will take the random.Stream.
func NewEdDSA(stream cipher.Stream) *EdDSA {
if stream == nil {
stream = random.Stream
}
buffer := random.NonZeroBytes(32, stream)
scalar := sha512.Sum512(buffer)
scalar[0] &= 0xf8
scalar[31] &= 0x3f
scalar[31] |= 0x40
secret := suite.Scalar().SetBytes(scalar[:32])
public := suite.Point().Mul(nil, secret)
return &EdDSA{
seed: buffer,
prefix: scalar[32:],
Secret: secret,
Public: public,
}
}