secp256k1

package
v2.1.61+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 18, 2018 License: GPL-3.0 Imports: 6 Imported by: 0

Documentation

Overview

Package secp256k1 wraps the bitcoin secp256k1 C library.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidMsgLen       = errors.New("invalid message length, need 32 bytes")
	ErrInvalidSignatureLen = errors.New("invalid signature length")
	ErrInvalidRecoveryID   = errors.New("invalid signature recovery id")
	ErrInvalidKey          = errors.New("invalid private key")
	ErrInvalidPubkey       = errors.New("invalid public key")
	ErrSignFailed          = errors.New("signing failed")
	ErrRecoverFailed       = errors.New("recovery failed")
)

Functions

func CompressPubkey

func CompressPubkey(x, y *big.Int) []byte

CompressPubkey encodes a public key to 33-byte compressed format.

func DecompressPubkey

func DecompressPubkey(pubkey []byte) (x, y *big.Int)

DecompressPubkey parses a public key in the 33-byte compressed format. It returns non-nil coordinates if the public key is valid.

func RecoverPubkey

func RecoverPubkey(msg []byte, sig []byte) ([]byte, error)

RecoverPubkey returns the the public key of the signer. msg must be the 32-byte hash of the message to be signed. sig must be a 65-byte compact ECDSA signature containing the recovery id as the last element.

func Sign

func Sign(msg []byte, seckey []byte) ([]byte, error)

Sign creates a recoverable ECDSA signature. The produced signature is in the 65-byte [R || S || V] format where V is 0 or 1.

The caller is responsible for ensuring that msg cannot be chosen directly by an attacker. It is usually preferable to use a cryptographic hash function on any input before handing it to this function.

func VerifySignature

func VerifySignature(pubkey, msg, signature []byte) bool

VerifySignature checks that the given pubkey created signature over message. The signature should be in [R || S] format.

Types

type BitCurve

type BitCurve struct {
	P       *big.Int // the order of the underlying field
	N       *big.Int // the order of the base point
	B       *big.Int // the constant of the BitCurve equation
	Gx, Gy  *big.Int // (x,y) of the base point
	BitSize int      // the size of the underlying field
}

A BitCurve represents a Koblitz Curve with a=0. See http://www.hyperelliptic.org/EFD/g1p/auto-shortw.html

func S256

func S256() *BitCurve

S256 returns a BitCurve which implements secp256k1.

func (*BitCurve) Add

func (BitCurve *BitCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int)

Add returns the sum of (x1,y1) and (x2,y2)

func (*BitCurve) Double

func (BitCurve *BitCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int)

Double returns 2*(x,y)

func (*BitCurve) IsOnCurve

func (BitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool

IsOnBitCurve returns true if the given (x,y) lies on the BitCurve.

func (*BitCurve) Marshal

func (BitCurve *BitCurve) Marshal(x, y *big.Int) []byte

Marshal converts a point into the form specified in section 4.3.6 of ANSI X9.62.

func (*BitCurve) Params

func (BitCurve *BitCurve) Params() *elliptic.CurveParams

func (*BitCurve) ScalarBaseMult

func (BitCurve *BitCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int)

ScalarBaseMult returns k*G, where G is the base point of the group and k is an integer in big-endian form.

func (*BitCurve) ScalarMult

func (BitCurve *BitCurve) ScalarMult(Bx, By *big.Int, scalar []byte) (*big.Int, *big.Int)

func (*BitCurve) Unmarshal

func (BitCurve *BitCurve) Unmarshal(data []byte) (x, y *big.Int)

Unmarshal converts a point, serialised by Marshal, into an x, y pair. On error, x = nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL