37 lines
1.0 KiB
Python
37 lines
1.0 KiB
Python
|
# -*- coding: utf-8 -*-
|
||
|
|
||
|
import secrets
|
||
|
import hashlib
|
||
|
import basicswap.contrib.ed25519_fast as edf
|
||
|
|
||
|
|
||
|
def get_secret():
|
||
|
return 9 + secrets.randbelow(edf.l - 9)
|
||
|
|
||
|
|
||
|
def encodepoint(P):
|
||
|
zi = edf.inv(P[2])
|
||
|
x = (P[0] * zi) % edf.q
|
||
|
y = (P[1] * zi) % edf.q
|
||
|
y += ((x & 1) << 255)
|
||
|
return y.to_bytes(32, byteorder='little')
|
||
|
|
||
|
|
||
|
def hashToEd25519(bytes_in):
|
||
|
hashed = hashlib.sha256(bytes_in).digest()
|
||
|
for i in range(1000):
|
||
|
h255 = bytearray(hashed)
|
||
|
x_sign = 0 if h255[31] & 0x80 == 0 else 1
|
||
|
h255[31] &= 0x7f # Clear top bit
|
||
|
y = int.from_bytes(h255, byteorder='little')
|
||
|
x = edf.xrecover(y, x_sign)
|
||
|
if x == 0 and y == 1: # Skip infinity point
|
||
|
continue
|
||
|
|
||
|
P = [x, y, 1, (x * y) % edf.q]
|
||
|
# Keep trying until the point is in the correct subgroup
|
||
|
if edf.isoncurve(P) and edf.is_identity(edf.scalarmult(P, edf.l)):
|
||
|
return P
|
||
|
hashed = hashlib.sha256(hashed).digest()
|
||
|
raise ValueError('hashToEd25519 failed')
|