示例#1
0
// NewKey returns a formatted Ed25519 key (avoiding subgroup attack by requiring
// it to be a multiple of 8)
func (s *suiteEd25519) NewKey(stream cipher.Stream) abstract.Scalar {
	if stream == nil {
		stream = random.Stream
	}
	buffer := random.NonZeroBytes(32, stream)
	scalar := sha512.Sum512(buffer)
	scalar[0] &= 0xf8
	scalar[31] &= 0x3f
	scalar[31] |= 0x40

	secret := s.Scalar().SetBytes(scalar[:32])
	return secret
}
示例#2
0
// NewEdDSAKey will return a freshly generated key pair to use for generating
// EdDSA signatures.
// If stream == nil, it will take the random.Stream.
func NewEdDSA(stream cipher.Stream) *EdDSA {
	if stream == nil {
		stream = random.Stream
	}
	buffer := random.NonZeroBytes(32, stream)

	scalar := sha512.Sum512(buffer)
	scalar[0] &= 0xf8
	scalar[31] &= 0x3f
	scalar[31] |= 0x40

	secret := suite.Scalar().SetBytes(scalar[:32])
	public := suite.Point().Mul(nil, secret)

	return &EdDSA{
		seed:   buffer,
		prefix: scalar[32:],
		Secret: secret,
		Public: public,
	}
}