ecosdsa

package
v1.0.5013 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 10, 2025 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrParametersNotSetUp = errors.New("go-cryptobin/ecosdsa: parameters not set up before generating key")
	ErrInvalidASN1        = errors.New("go-cryptobin/ecosdsa: invalid ASN.1")
	ErrInvalidSignerOpts  = errors.New("go-cryptobin/ecosdsa: opts must be *SignerOpts")
)

Functions

func PrivateKeyTo

func PrivateKeyTo(key *PrivateKey) []byte

输出私钥明文 output PrivateKey data

func PublicKeyTo

func PublicKeyTo(key *PublicKey) []byte

输出公钥明文 output PublicKey data

func Sign

func Sign(rand io.Reader, priv *PrivateKey, h Hasher, data []byte) (sig []byte, err error)

Sign data returns the ASN.1 encoded signature.

func SignBytes

func SignBytes(rand io.Reader, priv *PrivateKey, hashFunc Hasher, data []byte) (sig []byte, err error)

Sign data returns the Bytes encoded signature.

func SignToRS

func SignToRS(rand io.Reader, priv *PrivateKey, hashFunc Hasher, msg []byte) (r, s *big.Int, err error)

* Generic *internal* EC-{,O}SDSA signature functions. There purpose is to * allow passing specific hash functions and the random ephemeral * key k, so that compliance tests against test vector be made * without ugly hack in the code itself. * * The 'optimized' parameter tells the function if the r value of * the signature is computed using only the x ccordinate of the * the user's public key (normal version uses both coordinates). * * Normal: r = h(Wx || Wy || m) * Optimized : r = h(Wx || m) * *| IUF - ECSDSA/ECOSDSA signature *| *| I 1. Get a random value k in ]0, q[ *| I 2. Compute W = kG = (Wx, Wy) *| IUF 3. Compute r = H(Wx [|| Wy] || m) *| - In the normal version (ECSDSA), r = H(Wx || Wy || m). *| - In the optimized version (ECOSDSA), r = H(Wx || m). *| F 4. Compute e = OS2I(r) mod q *| F 5. if e == 0, restart at step 1. *| F 6. Compute s = (k + ex) mod q. *| F 7. if s == 0, restart at step 1. *| F 8. Return (r, s) * * In the project, the normal mode is named ECSDSA, the optimized * one is ECOSDSA. * * Implementation note: * * In ISO-14888-3, the option is provided to the developer to check * whether r = 0 and restart the process in that case. Even if * unlikely to trigger, that check makes a lot of sense because the * verifier expects a non-zero value for r. In the specification, r * is a string (r = H(Wx [|| Wy] || m)). But r is used in practice * - both on the signer and the verifier - after conversion to an * integer and reduction mod q. The value resulting from that step * is named e (e = OS2I(r) mod q). The check for the case when r = 0 * should be replaced by a check for e = 0. This is more conservative * and what is described above and done below in the implementation.

func Verify

func Verify(pub *PublicKey, h Hasher, data, sig []byte) bool

Verify verifies the ASN.1 encoded signature, sig, M, of hash using the public key, pub. Its return value records whether the signature is valid.

func VerifyBytes

func VerifyBytes(pub *PublicKey, hashFunc Hasher, data, sig []byte) bool

Verify verifies the Bytes encoded signature

func VerifyWithRS

func VerifyWithRS(pub *PublicKey, hashFunc Hasher, data []byte, r, s *big.Int) bool

*| IUF - ECSDSA/ECOSDSA verification *| *| I 1. if s is not in ]0,q[, reject the signature. *| I 2. Compute e = -r mod q *| I 3. If e == 0, reject the signature. *| I 4. Compute W' = sG + eY *| IUF 5. Compute r' = H(W'x [|| W'y] || m) *| - In the normal version (ECSDSA), r' = H(W'x || W'y || m). *| - In the optimized version (ECOSDSA), r' = H(W'x || m). *| F 6. Accept the signature if and only if r and r' are the same

Types

type Hasher

type Hasher = func() hash.Hash

type PrivateKey

type PrivateKey struct {
	PublicKey

	D *big.Int
}

ec-gdsa PrivateKey

func GenerateKey

func GenerateKey(random io.Reader, c elliptic.Curve) (*PrivateKey, error)

Generate the PrivateKey

func NewPrivateKey

func NewPrivateKey(curve elliptic.Curve, k []byte) (*PrivateKey, error)

New a PrivateKey from privatekey data

func (*PrivateKey) Equal

func (priv *PrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether pub and x have the same value.

func (*PrivateKey) Public

func (priv *PrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to priv.

func (*PrivateKey) Sign

func (priv *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

crypto.Signer

type PublicKey

type PublicKey struct {
	elliptic.Curve

	X, Y *big.Int
}

ec-gdsa PublicKey

func NewPublicKey

func NewPublicKey(curve elliptic.Curve, k []byte) (*PublicKey, error)

根据公钥明文初始化公钥 New a PublicKey from publicKey data

func (*PublicKey) Equal

func (pub *PublicKey) Equal(x crypto.PublicKey) bool

Equal reports whether pub and x have the same value.

func (*PublicKey) Verify

func (pub *PublicKey) Verify(msg, sign []byte, opts crypto.SignerOpts) (bool, error)

Verify asn.1 marshal data

type SignerOpts

type SignerOpts struct {
	Hash Hasher
}

SignerOpts contains options for creating and verifying EC-GDSA signatures.

func (*SignerOpts) GetHash

func (opts *SignerOpts) GetHash() Hasher

GetHash returns func() hash.Hash

func (*SignerOpts) HashFunc

func (opts *SignerOpts) HashFunc() crypto.Hash

HashFunc returns opts.Hash

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL