|
|
@ -47,24 +47,24 @@ func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) { |
|
|
|
//
|
|
|
|
//
|
|
|
|
// This function is susceptible to chosen plaintext attacks that can leak
|
|
|
|
// This function is susceptible to chosen plaintext attacks that can leak
|
|
|
|
// information about the private key that is used for signing. Callers must
|
|
|
|
// information about the private key that is used for signing. Callers must
|
|
|
|
// be aware that the given hash cannot be chosen by an adversery. Common
|
|
|
|
// be aware that the given digest cannot be chosen by an adversery. Common
|
|
|
|
// solution is to hash any input before calculating the signature.
|
|
|
|
// solution is to hash any input before calculating the signature.
|
|
|
|
//
|
|
|
|
//
|
|
|
|
// The produced signature is in the [R || S || V] format where V is 0 or 1.
|
|
|
|
// The produced signature is in the [R || S || V] format where V is 0 or 1.
|
|
|
|
func Sign(hash []byte, prv *ecdsa.PrivateKey) (sig []byte, err error) { |
|
|
|
func Sign(digestHash []byte, prv *ecdsa.PrivateKey) (sig []byte, err error) { |
|
|
|
if len(hash) != 32 { |
|
|
|
if len(digestHash) != DigestLength { |
|
|
|
return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash)) |
|
|
|
return nil, fmt.Errorf("hash is required to be exactly %d bytes (%d)", DigestLength, len(digestHash)) |
|
|
|
} |
|
|
|
} |
|
|
|
seckey := math.PaddedBigBytes(prv.D, prv.Params().BitSize/8) |
|
|
|
seckey := math.PaddedBigBytes(prv.D, prv.Params().BitSize/8) |
|
|
|
defer zeroBytes(seckey) |
|
|
|
defer zeroBytes(seckey) |
|
|
|
return secp256k1.Sign(hash, seckey) |
|
|
|
return secp256k1.Sign(digestHash, seckey) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// VerifySignature checks that the given public key created signature over hash.
|
|
|
|
// VerifySignature checks that the given public key created signature over digest.
|
|
|
|
// The public key should be in compressed (33 bytes) or uncompressed (65 bytes) format.
|
|
|
|
// The public key should be in compressed (33 bytes) or uncompressed (65 bytes) format.
|
|
|
|
// The signature should have the 64 byte [R || S] format.
|
|
|
|
// The signature should have the 64 byte [R || S] format.
|
|
|
|
func VerifySignature(pubkey, hash, signature []byte) bool { |
|
|
|
func VerifySignature(pubkey, digestHash, signature []byte) bool { |
|
|
|
return secp256k1.VerifySignature(pubkey, hash, signature) |
|
|
|
return secp256k1.VerifySignature(pubkey, digestHash, signature) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// DecompressPubkey parses a public key in the 33-byte compressed format.
|
|
|
|
// DecompressPubkey parses a public key in the 33-byte compressed format.
|
|
|
|