From f2573d841f6b52986879379f936df246218a1c72 Mon Sep 17 00:00:00 2001 From: Afshin Arani Date: Tue, 21 Sep 2021 22:00:02 +0430 Subject: [PATCH] Ed25519: Add tor key-blinding function Upstream PR: https://github.com/CodesInChaos/Chaos.NaCl/pull/18 --- Chaos.NaCl/Ed25519.cs | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/Chaos.NaCl/Ed25519.cs b/Chaos.NaCl/Ed25519.cs index 451be28..cb6caf5 100644 --- a/Chaos.NaCl/Ed25519.cs +++ b/Chaos.NaCl/Ed25519.cs @@ -143,5 +143,29 @@ public static void KeyExchange(ArraySegment sharedKey, ArraySegment FieldOperations.fe_tobytes(sharedKey.Array, sharedKey.Offset, ref sharedMontgomeryX); MontgomeryCurve25519.KeyExchangeOutputHashNaCl(sharedKey.Array, sharedKey.Offset); } + + public static bool CalculateBlindedPublicKey(byte[] publicKey, byte[] blindingFator, out byte[] output) + { + if (publicKey is null) + throw new ArgumentNullException("publicKey.Array"); + if (publicKey.Length != PublicKeySizeInBytes) + throw new ArgumentException("publicKey.Count != 32"); + + output = new byte[PublicKeySizeInBytes]; + + byte[] zeros = new byte[PublicKeySizeInBytes]; + byte[] pkCopy = new byte[PublicKeySizeInBytes]; + Array.Copy(publicKey, pkCopy, PublicKeySizeInBytes); + pkCopy[31] ^= (1 << 7); + + if (GroupOperations.ge_frombytes_negate_vartime(out var A, pkCopy, 0) != 0) + return false; + + /* There isn't a regular ge_scalarmult -- we have to do tweak*A + zero*B. */ + GroupOperations.ge_double_scalarmult_vartime(out var Aprime, blindingFator, ref A, zeros); + GroupOperations.ge_tobytes(output,0, ref Aprime); + + return true; + } } } \ No newline at end of file