github.com/0chain/gosdk@v1.17.11/zboxcore/encryption/pre.go (about) 1 package encryption 2 3 import ( 4 "bytes" 5 "crypto/aes" 6 "crypto/cipher" 7 "crypto/sha256" 8 "crypto/sha512" 9 "encoding/base64" 10 "encoding/hex" 11 "encoding/json" 12 "strings" 13 14 "errors" 15 16 "go.dedis.ch/kyber/v3" 17 "go.dedis.ch/kyber/v3/group/edwards25519" 18 ) 19 20 // Suite represents the set of functionalities needed by the package schnorr. 21 type Suite interface { 22 kyber.Group 23 kyber.Random 24 } 25 26 type PREEncryptionScheme struct { 27 PublicKey kyber.Point 28 PrivateKey kyber.Scalar 29 SuiteObj Suite 30 Tag []byte 31 T kyber.Point 32 Ht kyber.Point 33 EncryptedKey kyber.Point 34 } 35 36 type PREEncryptedMessage struct { 37 EncryptedKey kyber.Point `json:"-"` 38 EncryptedData []byte 39 MessageChecksum []byte 40 OverallChecksum []byte 41 TagA []byte 42 } 43 44 type ReKey struct { 45 R1 kyber.Point 46 R2 kyber.Point 47 R3 kyber.Scalar 48 } 49 50 type ReKeyBytes struct { 51 R1Bytes []byte `json:"r1"` 52 R2Bytes []byte `json:"r2"` 53 R3Bytes []byte `json:"r3"` 54 } 55 56 type ReEncryptedMessage struct { 57 D1 kyber.Point 58 D2 []byte 59 D3 []byte 60 D4 kyber.Point 61 D5 kyber.Point 62 } 63 64 func (u *ReKey) MarshalJSON() ([]byte, error) { 65 r1Bytes, err := u.R1.MarshalBinary() 66 if err != nil { 67 return nil, err 68 } 69 r2Bytes, err := u.R2.MarshalBinary() 70 if err != nil { 71 return nil, err 72 } 73 r3Bytes, err := u.R3.MarshalBinary() 74 if err != nil { 75 return nil, err 76 } 77 return json.Marshal(&ReKeyBytes{ 78 R1Bytes: r1Bytes, 79 R2Bytes: r2Bytes, 80 R3Bytes: r3Bytes, 81 }) 82 } 83 84 func (u *ReKey) UnmarshalJSON(data []byte) error { 85 rbytes := &ReKeyBytes{} 86 err := json.Unmarshal(data, rbytes) 87 if err != nil { 88 return err 89 } 90 err = u.R1.UnmarshalBinary(rbytes.R1Bytes) 91 if err != nil { 92 return err 93 } 94 err = u.R2.UnmarshalBinary(rbytes.R2Bytes) 95 if err != nil { 96 return err 97 } 98 err = u.R3.UnmarshalBinary(rbytes.R3Bytes) 99 if err != nil { 100 return err 101 } 102 return nil 103 } 104 105 func (u *PREEncryptedMessage) MarshalJSON() ([]byte, error) { 106 type Alias PREEncryptedMessage 107 c1Bytes, err := u.EncryptedKey.MarshalBinary() 108 if err != nil { 109 return nil, err 110 } 111 return json.Marshal(&struct { 112 EncryptedKeyBytes []byte `json:"c1"` 113 *Alias 114 }{ 115 EncryptedKeyBytes: c1Bytes, 116 Alias: (*Alias)(u), 117 }) 118 } 119 120 func (reEncMsg *ReEncryptedMessage) Marshal() ([]byte, error) { 121 D1Bytes, err := reEncMsg.D1.MarshalBinary() 122 if err != nil { 123 return nil, err 124 } 125 126 D4Bytes, err := reEncMsg.D4.MarshalBinary() 127 if err != nil { 128 return nil, err 129 } 130 131 D5Bytes, err := reEncMsg.D5.MarshalBinary() 132 if err != nil { 133 return nil, err 134 } 135 136 headerBytes := make([]byte, 256) 137 // 44 + 88 + 44 + 44 => 220, so rest of the 36 bytes minus the commas are padding 138 header := base64.StdEncoding.EncodeToString(D1Bytes) + "," + base64.StdEncoding.EncodeToString(reEncMsg.D3) 139 header += "," + base64.StdEncoding.EncodeToString(D4Bytes) + "," + base64.StdEncoding.EncodeToString(D5Bytes) 140 copy(headerBytes, header) 141 142 return append(headerBytes, reEncMsg.D2...), nil 143 } 144 145 func (reEncMsg *ReEncryptedMessage) Unmarshal(data []byte) error { 146 headerBytes := data[:256] 147 headerBytes = bytes.Trim(headerBytes, "\x00") 148 encryptedData := data[256:] 149 150 headerString := string(headerBytes) 151 headerChecksums := strings.Split(headerString, ",") 152 if len(headerChecksums) != 4 { 153 return errors.New("Invalid data received for unmarsalling of reEncrypted data") 154 } 155 156 d1, d3, d4, d5 := headerChecksums[0], headerChecksums[1], headerChecksums[2], headerChecksums[3] 157 158 d1Bytes, err := base64.StdEncoding.DecodeString(d1) 159 if err != nil { 160 return err 161 } 162 163 d3Bytes, err := base64.StdEncoding.DecodeString(d3) 164 if err != nil { 165 return err 166 } 167 168 d4Bytes, err := base64.StdEncoding.DecodeString(d4) 169 if err != nil { 170 return err 171 } 172 173 d5Bytes, err := base64.StdEncoding.DecodeString(d5) 174 if err != nil { 175 return err 176 } 177 178 err = reEncMsg.D1.UnmarshalBinary(d1Bytes) 179 if err != nil { 180 return err 181 } 182 183 reEncMsg.D2 = encryptedData 184 reEncMsg.D3 = d3Bytes 185 186 err = reEncMsg.D4.UnmarshalBinary(d4Bytes) 187 if err != nil { 188 return err 189 } 190 191 err = reEncMsg.D5.UnmarshalBinary(d5Bytes) 192 if err != nil { 193 return err 194 } 195 196 return nil 197 } 198 199 func (pre *PREEncryptionScheme) Initialize(mnemonic string) ([]byte, error) { 200 suite := edwards25519.NewBlakeSHA256Ed25519() 201 rand := suite.XOF([]byte(mnemonic)) 202 203 // Create a public/private keypair (X,x) 204 pre.PrivateKey = suite.Scalar().Pick(rand) 205 206 privateKey, _ := pre.PrivateKey.MarshalBinary() 207 208 pre.PublicKey = suite.Point().Mul(pre.PrivateKey, nil) 209 pre.SuiteObj = suite 210 211 return privateKey, nil 212 } 213 214 // InitializeWithPrivateKey initialize with private key 215 func (pre *PREEncryptionScheme) InitializeWithPrivateKey(privateKey []byte) error { 216 suite := edwards25519.NewBlakeSHA256Ed25519() 217 218 scalar := suite.Scalar() 219 220 err := scalar.UnmarshalBinary(privateKey) 221 222 if err != nil { 223 return err 224 } 225 226 // Create a public/private keypair (X,x) 227 pre.PrivateKey = scalar 228 pre.PublicKey = suite.Point().Mul(pre.PrivateKey, nil) 229 pre.SuiteObj = suite 230 231 return nil 232 } 233 234 func (pre *PREEncryptionScheme) InitForEncryption(tag string) { 235 pre.Tag = []byte(tag) 236 237 pre.T = pre.SuiteObj.Point().Pick(pre.SuiteObj.RandomStream()) // Pick a random point T from the curve 238 pre.Ht = pre.hash1(pre.SuiteObj, pre.Tag, pre.PrivateKey) // Ht = H1(tagA,skA) 239 var g kyber.Group = pre.SuiteObj 240 pre.EncryptedKey = g.Point().Add(pre.Ht, pre.T) // C1 = T + Ht 241 } 242 243 func (pre *PREEncryptionScheme) InitForEncryptionWithPoint(tag, point string) error { 244 pre.Tag = []byte(tag) 245 246 keyBytes, err := base64.StdEncoding.DecodeString(point) 247 if err != nil { 248 return err 249 } 250 var g kyber.Group = pre.SuiteObj 251 t := g.Point() 252 err = t.UnmarshalBinary(keyBytes) 253 if err != nil { 254 return err 255 } 256 pre.T = t 257 pre.Ht = pre.hash1(pre.SuiteObj, pre.Tag, pre.PrivateKey) // Ht = H1(tagA,skA) 258 259 pre.EncryptedKey = g.Point().Add(pre.Ht, pre.T) // C1 = T + Ht 260 return nil 261 } 262 263 func (pre *PREEncryptionScheme) InitForDecryptionWithPoint(tag, point string) error { 264 return pre.InitForEncryptionWithPoint(tag, point) 265 } 266 267 func (pre *PREEncryptionScheme) InitForDecryption(tag string, encryptedKey string) error { 268 pre.Tag = []byte(tag) 269 270 var g kyber.Group = pre.SuiteObj 271 keyBytes, err := base64.StdEncoding.DecodeString(encryptedKey) 272 if err != nil { 273 return err 274 } 275 p := g.Point() 276 err = p.UnmarshalBinary(keyBytes) 277 if err != nil { 278 return err 279 } 280 pre.EncryptedKey = p 281 return nil 282 } 283 284 // --------------------------------H1: Maps to Point on Elliptic Curve--------------------------------------- 285 func (pre *PREEncryptionScheme) hash1(s Suite, tagA []byte, skA kyber.Scalar) kyber.Point { 286 var g kyber.Group = s 287 h := sha256.New() 288 if _, err := h.Write(tagA); err != nil { 289 return nil 290 } 291 if _, err := skA.MarshalTo(h); err != nil { 292 return nil 293 } 294 h1 := g.Scalar().SetBytes(h.Sum(nil)) 295 p1 := g.Point().Mul(h1, nil) 296 return p1 297 } 298 299 // ------------------------------------------H2: Maps to string----------------------------------------------- 300 func (pre *PREEncryptionScheme) hash2(g kyber.Group, T kyber.Point) []byte { 301 h := sha512.New() 302 if _, err := T.MarshalTo(h); err != nil { 303 return nil 304 } 305 h1 := h.Sum(nil) 306 return h1 307 } 308 309 // ------------------------------------------H3: Maps to string----------------------------------------------- 310 func (pre *PREEncryptionScheme) hash3(g kyber.Group, msg []byte, T kyber.Point) []byte { 311 h := sha512.New() 312 if _, err := T.MarshalTo(h); err != nil { 313 return nil 314 } 315 if _, err := h.Write(msg); err != nil { 316 return nil 317 } 318 h1 := h.Sum(nil) 319 return h1 320 } 321 322 // ------------------------------------------H4: Maps to string----------------------------------------------- 323 func (pre *PREEncryptionScheme) hash5(g kyber.Group, C1 kyber.Point, C2 []byte, C3 []byte, alp kyber.Scalar) []byte { 324 h := sha512.New() 325 if _, err := C1.MarshalTo(h); err != nil { 326 return nil 327 } 328 if _, err := h.Write(C2); err != nil { 329 return nil 330 } 331 if _, err := h.Write(C3); err != nil { 332 return nil 333 } 334 if _, err := alp.MarshalTo(h); err != nil { 335 return nil 336 } 337 h1 := h.Sum(nil) 338 return h1 339 340 } 341 342 // ------------------------------------------H6: Maps to Scalar----------------------------------------------- 343 func (pre *PREEncryptionScheme) hash6(g kyber.Group, tagA []byte, skA kyber.Scalar) kyber.Scalar { 344 h := sha512.New() 345 if _, err := skA.MarshalTo(h); err != nil { 346 return nil 347 } 348 if _, err := h.Write(tagA); err != nil { 349 return nil 350 } 351 return g.Scalar().SetBytes(h.Sum(nil)) 352 } 353 354 // ------------------------------------------H7: Maps to Scalar----------------------------------------------- 355 func (pre *PREEncryptionScheme) hash7(g kyber.Group, X kyber.Point, D2 []byte, D3 []byte, D4 kyber.Point, D5 kyber.Point) kyber.Scalar { 356 h := sha512.New() 357 if _, err := X.MarshalTo(h); err != nil { 358 return nil 359 } 360 if _, err := h.Write(D2); err != nil { 361 return nil 362 } 363 if _, err := h.Write(D3); err != nil { 364 return nil 365 } 366 if _, err := D4.MarshalTo(h); err != nil { 367 return nil 368 } 369 if _, err := D5.MarshalTo(h); err != nil { 370 return nil 371 } 372 return g.Scalar().SetBytes(h.Sum(nil)) 373 } 374 375 func (pre *PREEncryptionScheme) encrypt(msg []byte) (*PREEncryptedMessage, error) { 376 var C = new(PREEncryptedMessage) 377 C.TagA = pre.Tag 378 T := pre.T 379 var g kyber.Group = pre.SuiteObj 380 C.EncryptedKey = pre.EncryptedKey 381 382 key := pre.hash2(g, T) // key = H2(T) 383 C2, err := pre.SymEnc(g, msg, key) // C2 = Sym.Encrypt(msg,key) 384 C.EncryptedData = C2 385 if err != nil { 386 return nil, err 387 } 388 389 C.MessageChecksum = pre.hash3(g, msg, T) // C3 = H3(msg,T) 390 alp := pre.hash6(g, pre.Tag, pre.PrivateKey) // alp = H6(tagA,skA) 391 C.OverallChecksum = pre.hash5(g, C.EncryptedKey, C.EncryptedData, C.MessageChecksum, alp) // C4 = H5(C1,C2,C3,alp) 392 return C, nil // return C = (C1,C2,C3,C4,tagA) 393 } 394 395 // ---------------------------------Symmetric Encryption using AES with GCM mode--------------------------------- 396 func (pre *PREEncryptionScheme) SymEnc(group kyber.Group, message []byte, keyhash []byte) ([]byte, error) { 397 len := 32 + 12 398 key := keyhash[:32] 399 nonce := keyhash[32:len] 400 aes, err := aes.NewCipher(key) 401 if err != nil { 402 return nil, err 403 } 404 aesgcm, err := cipher.NewGCM(aes) 405 if err != nil { 406 return nil, err 407 } 408 c := aesgcm.Seal(message[:0], nonce, message, nil) 409 return c, nil 410 } 411 412 func UnmarshallPublicKey(publicKey string) (kyber.Point, error) { 413 suite := edwards25519.NewBlakeSHA256Ed25519() 414 point := suite.Point() 415 decoded, err := base64.StdEncoding.DecodeString(publicKey) 416 if err != nil { 417 return nil, err 418 } 419 err = point.UnmarshalBinary([]byte(decoded)) 420 if err != nil { 421 return nil, err 422 } 423 return point, nil 424 } 425 426 // ---------------------------------Symmetric Decryption using AES with GCM mode--------------------------------- 427 func (pre *PREEncryptionScheme) SymDec(group kyber.Group, ctx []byte, keyhash []byte) ([]byte, error) { 428 len := 32 + 12 429 key := keyhash[:32] 430 nonce := keyhash[32:len] 431 432 // Decrypt message using AES-GCM 433 aes, err := aes.NewCipher(key) 434 if err != nil { 435 return nil, err 436 } 437 aesgcm, err := cipher.NewGCM(aes) 438 if err != nil { 439 return nil, err 440 } 441 return aesgcm.Open(ctx[:0], nonce, ctx, nil) 442 } 443 444 func (pre *PREEncryptionScheme) Encrypt(data []byte) (*EncryptedMessage, error) { 445 //condA := []byte("filetype:audio") 446 encryptedMsg, err := pre.encrypt(data) 447 if err != nil { 448 return nil, err 449 } 450 // msgData, err := json.Marshal(encryptedMsg) 451 // if err != nil { 452 // return nil, err 453 // } 454 return &EncryptedMessage{EncryptedData: encryptedMsg.EncryptedData, EncryptedKey: pre.GetEncryptedKey(), MessageChecksum: hex.EncodeToString(encryptedMsg.MessageChecksum), OverallChecksum: hex.EncodeToString(encryptedMsg.OverallChecksum)}, err 455 //return encryptedMsg.EncryptedData, err 456 } 457 458 func (pre *PREEncryptionScheme) decrypt(encMsg *EncryptedMessage) ([]byte, error) { 459 var g kyber.Group = pre.SuiteObj 460 C := &PREEncryptedMessage{} 461 C.EncryptedKey = pre.EncryptedKey 462 C.EncryptedData = encMsg.EncryptedData 463 decodedChecksum, err := hex.DecodeString(encMsg.MessageChecksum) 464 if err != nil { 465 return nil, err 466 } 467 C.MessageChecksum = decodedChecksum 468 469 decodedChecksum, err = hex.DecodeString(encMsg.OverallChecksum) 470 if err != nil { 471 return nil, err 472 } 473 C.OverallChecksum = decodedChecksum 474 C.TagA = pre.Tag 475 // err := json.Unmarshal(data, C) 476 // if err != nil { 477 // return nil, err 478 // } 479 alp := pre.hash6(g, C.TagA, pre.PrivateKey) // alp = H6(tagA,skA) 480 chk1 := pre.hash5(g, C.EncryptedKey, C.EncryptedData, C.MessageChecksum, alp) 481 if !bytes.Equal(chk1, C.OverallChecksum) { // Check if C4 = H5(C1,C2,C3,alp) 482 return nil, errors.New("Invalid Ciphertext in decrypt, C4 != H5") 483 } 484 Ht := pre.hash1(pre.SuiteObj, pre.Tag, pre.PrivateKey) // Ht = H1(tagA,skA) 485 T := g.Point().Sub(C.EncryptedKey, Ht) // T = C1 - Ht 486 key := pre.hash2(g, T) // key = H2(T) 487 recmsg, err2 := pre.SymDec(g, C.EncryptedData, key) // recover message using Sym.Decrypt(C2,key) 488 if err2 == nil { 489 chk2 := pre.hash3(g, recmsg, T) 490 if !bytes.Equal(chk2, C.MessageChecksum) { // Check if C3 = H3(m,T) 491 return nil, errors.New("Invalid Ciphertext in decrypt, C3 != H3") 492 } else { 493 //fmt.Println("First level ciphertext decrypted successfully") 494 return recmsg, nil 495 } 496 } 497 return nil, err2 498 } 499 500 func (pre *PREEncryptionScheme) ReEncrypt(encMsg *EncryptedMessage, reGenKey string, clientPublicKey string) (*ReEncryptedMessage, error) { 501 key, err := UnmarshallPublicKey(clientPublicKey) 502 if err != nil { 503 return nil, err 504 } 505 return pre.reEncrypt(encMsg, reGenKey, key) 506 } 507 508 // -----------------------------------------------ReEncryption------------------------------------------------- 509 // reencrypt the data, cancelling the previous encryption by using the new regenkey 510 func (pre *PREEncryptionScheme) reEncrypt(encMsg *EncryptedMessage, reGenKey string, clientPublicKey kyber.Point) (*ReEncryptedMessage, error) { 511 var g kyber.Group = pre.SuiteObj 512 s := pre.SuiteObj 513 C := &PREEncryptedMessage{} 514 C.EncryptedKey = pre.EncryptedKey 515 C.EncryptedData = encMsg.EncryptedData 516 decodedChecksum, err := hex.DecodeString(encMsg.MessageChecksum) 517 if err != nil { 518 return nil, err 519 } 520 C.MessageChecksum = decodedChecksum 521 522 decodedChecksum, err = hex.DecodeString(encMsg.OverallChecksum) 523 if err != nil { 524 return nil, err 525 } 526 C.OverallChecksum = decodedChecksum 527 C.TagA = pre.Tag 528 529 rk := new(ReKey) 530 rk.R1 = g.Point() 531 rk.R2 = g.Point() 532 rk.R3 = g.Scalar() 533 err = rk.UnmarshalJSON([]byte(reGenKey)) 534 if err != nil { 535 return nil, err 536 } 537 538 var reEncMsg = new(ReEncryptedMessage) 539 540 chk1 := pre.hash5(g, C.EncryptedKey, C.EncryptedData, C.MessageChecksum, rk.R3) 541 if !bytes.Equal(chk1, C.OverallChecksum) { // Check if C4 = H5(C1,C2,C3,alp) 542 return nil, errors.New("Invalid Ciphertext in reEncrypt, C4 != H5") 543 } 544 t := s.Scalar().Pick(s.RandomStream()) // Pick a random integer t 545 reEncMsg.D5 = s.Point().Mul(t, nil) // D5 = tP 546 tXj := s.Point().Mul(t, clientPublicKey) // tXj = t.pkB 547 reEncMsg.D1 = g.Point().Add(C.EncryptedKey, rk.R1) 548 reEncMsg.D2 = C.EncryptedData // D2 = C2 549 reEncMsg.D3 = C.MessageChecksum // D3 = C3 550 reEncMsg.D4 = rk.R2 // D4 = R2 551 bet := pre.hash7(g, tXj, reEncMsg.D2, reEncMsg.D3, reEncMsg.D4, reEncMsg.D5) // bet = H7(tXj,D2,D3,D4,D5) 552 reEncMsg.D1 = s.Point().Mul(bet, reEncMsg.D1) // D1 = bet.(C1 + R1) 553 return reEncMsg, nil // Return D = (D1,D2,D3,D4,D5) 554 } 555 556 // -----------------------------------------------ReDecryption------------------------------------------------- 557 func (pre *PREEncryptionScheme) ReDecrypt(D *ReEncryptedMessage) ([]byte, error) { 558 s := pre.SuiteObj 559 tXj := s.Point().Mul(pre.PrivateKey, D.D5) // tXj = skB.D5 560 var g kyber.Group = s 561 bet := pre.hash7(g, tXj, D.D2, D.D3, D.D4, D.D5) // bet = H7(tXj,D2,D3,D4,D5) 562 binv := s.Scalar().Inv(bet) 563 xinv := s.Scalar().Inv(pre.PrivateKey) 564 565 T1 := s.Point().Mul(binv, D.D1) 566 T2 := s.Point().Mul(xinv, D.D4) 567 T := g.Point().Sub(T1, T2) // T = bet^(-1).D1 - skB^(-1).D4 568 key := pre.hash2(g, T) // key = H2(T) 569 570 recmsg, err2 := pre.SymDec(g, D.D2, key) // recover message using Sym.Decrypt(D2,key) 571 if err2 == nil { 572 chk2 := pre.hash3(g, recmsg, T) 573 if !bytes.Equal(chk2, D.D3) { // Check if D3 = H3(m,T) 574 return nil, errors.New("Invalid Ciphertext in reDecrypt, D3 != H3") 575 } else { 576 return recmsg, nil 577 } 578 } 579 return nil, err2 580 } 581 582 func (pre *PREEncryptionScheme) Decrypt(encMsg *EncryptedMessage) ([]byte, error) { 583 if len(encMsg.ReEncryptionKey) > 0 { 584 reEncMsg, err := pre.reEncrypt(encMsg, encMsg.ReEncryptionKey, pre.PublicKey) 585 if err != nil { 586 return nil, err 587 } 588 decryptedMessage, err := pre.ReDecrypt(reEncMsg) 589 if err != nil { 590 return nil, err 591 } 592 return decryptedMessage, nil 593 } 594 decryptedMessage, err := pre.decrypt(encMsg) 595 if err != nil { 596 return nil, err 597 } 598 return decryptedMessage, nil 599 } 600 601 func (pre *PREEncryptionScheme) GetEncryptedKey() string { 602 keyBytes, _ := pre.EncryptedKey.MarshalBinary() 603 keyString := base64.StdEncoding.EncodeToString(keyBytes) 604 return keyString 605 } 606 607 func (pre *PREEncryptionScheme) GetEncryptedKeyPoint() string { 608 keyBytes, _ := pre.T.MarshalBinary() 609 keyString := base64.StdEncoding.EncodeToString(keyBytes) 610 return keyString 611 } 612 613 func (pre *PREEncryptionScheme) GetPublicKey() (string, error) { 614 keyBytes, err := pre.PublicKey.MarshalBinary() 615 if err != nil { 616 return "", err 617 } 618 keyString := base64.StdEncoding.EncodeToString(keyBytes) 619 return keyString, nil 620 } 621 622 func (pre *PREEncryptionScheme) GetPrivateKey() (string, error) { 623 keyBytes, err := pre.PrivateKey.MarshalBinary() 624 if err != nil { 625 return "", err 626 } 627 keyString := base64.StdEncoding.EncodeToString(keyBytes) 628 return keyString, nil 629 } 630 631 func (pre *PREEncryptionScheme) GetReGenKey(encPublicKey string, tag string) (string, error) { 632 condA := []byte(tag) 633 var RK = new(ReKey) 634 var g kyber.Group = pre.SuiteObj 635 r := pre.SuiteObj.Scalar().Pick(pre.SuiteObj.RandomStream()) // Pick a random integer r 636 Hc := pre.hash1(pre.SuiteObj, condA, pre.PrivateKey) // Hc = H1(condA,skA) 637 RK.R1 = pre.SuiteObj.Point().Mul(r, nil) 638 RK.R1 = g.Point().Sub(RK.R1, Hc) // R1 = rP - Hc 639 640 keyBytes, err := base64.StdEncoding.DecodeString(encPublicKey) 641 if err != nil { 642 return "", err 643 } 644 p := g.Point() 645 err = p.UnmarshalBinary(keyBytes) 646 if err != nil { 647 return "", err 648 } 649 650 RK.R2 = pre.SuiteObj.Point().Mul(r, p) // R2 = r.pkB 651 RK.R3 = pre.hash6(g, condA, pre.PrivateKey) // R3 = H6(condA,skA) 652 rkBytes, err := RK.MarshalJSON() 653 if err != nil { 654 return "", err 655 } 656 return string(rkBytes), nil 657 }