@@ -2,12 +2,14 @@ package transcript
22
33import (
44 "encoding/binary"
5+ "math/rand"
56
67 "github.com/jsign/merlin/strobe128"
78)
89
910var (
10- merlinProtocolLabel = []byte ("Merlin v1.0" )
11+ labelMerlinProtocol = []byte ("Merlin v1.0" )
12+ labelRng = []byte ("rng" )
1113 labelDomainSeparator = []byte ("dom-sep" )
1214)
1315
@@ -18,7 +20,7 @@ type Transcript struct {
1820// New returns a new Transcript object.
1921func New (label []byte ) * Transcript {
2022 tr := & Transcript {
21- str : strobe128 .New (merlinProtocolLabel ),
23+ str : strobe128 .New (labelMerlinProtocol ),
2224 }
2325 tr .AppendMessage (labelDomainSeparator , label )
2426
@@ -46,3 +48,28 @@ func (t *Transcript) ChallengeBytes(label []byte, dest []byte) {
4648 t .str .MetaAD (dataLen [:], true )
4749 t .str .PRF (dest , false )
4850}
51+
52+ type TranscriptRngBuilder struct {
53+ str strobe128.Strobe128
54+ }
55+
56+ func (trb * TranscriptRngBuilder ) RekeyWithWitnessBytes (label []byte , witness []byte ) {
57+ var dataLen [4 ]byte
58+ binary .LittleEndian .PutUint32 (dataLen [:], uint32 (len (witness )))
59+ trb .str .MetaAD (label , false )
60+ trb .str .MetaAD (dataLen [:], true )
61+ trb .str .Key (witness , false )
62+ }
63+
64+ func (trb * TranscriptRngBuilder ) Finalize (rand rand.Rand ) Transcript {
65+ var randbytes [32 ]byte
66+ rand .Read (randbytes [:])
67+ trb .str .MetaAD (labelRng , false )
68+ trb .str .Key (randbytes [:], false )
69+
70+ return Transcript {
71+ // A copy of trb.str is enough since the internal sturct
72+ // contains no pointers.
73+ str : trb .str ,
74+ }
75+ }
0 commit comments