/** * GenerateKey generates a public/private key pair using randomness from rand. * * @param publicKey empty byte array size 32 * @param privateKey random byte array size 64 */ public static void generateKey(byte[] publicKey, byte[] privateKey) throws NoSuchAlgorithmException { MessageDigest h = MessageDigest.getInstance("SHA-512"); byte[] digest = h.digest(Arrays.copyOfRange(privateKey, 0, 32)); digest[0] &= 248; digest[31] &= 127; digest[31] |= 64; ge_p3 A = new ge_p3(); ge_scalarmult_base(A, digest.clone()); ge_p3_tobytes(publicKey, A); System.arraycopy(publicKey, 0, privateKey, 32, 32); }
ge_p3_tobytes(encodedR, R);
public static int curve25519_sign(Sha512 sha512provider, byte[] signature_out, byte[] curve25519_privkey, byte[] msg, int msg_len, byte[] random) { ge_p3 ed_pubkey_point = new ge_p3(); /* Ed25519 pubkey point */ byte[] ed_pubkey = new byte[32]; /* Ed25519 encoded pubkey */ byte[] sigbuf = new byte[msg_len + 128]; /* working buffer */ byte sign_bit = 0; /* Convert the Curve25519 privkey to an Ed25519 public key */ ge_scalarmult_base.ge_scalarmult_base(ed_pubkey_point, curve25519_privkey); ge_p3_tobytes.ge_p3_tobytes(ed_pubkey, ed_pubkey_point); sign_bit = (byte)(ed_pubkey[31] & 0x80); /* Perform an Ed25519 signature with explicit private key */ sign_modified.crypto_sign_modified(sha512provider, sigbuf, msg, msg_len, curve25519_privkey, ed_pubkey, random); System.arraycopy(sigbuf, 0, signature_out, 0, 64); /* Encode the sign bit into signature (in unused high bit of S) */ signature_out[63] &= 0x7F; /* bit should be zero already, but just in case */ signature_out[63] |= sign_bit; return 0; }
ge_p3_tobytes.ge_p3_tobytes(sm,R);