Documentation ¶
Index ¶
Constants ¶
const ( // ErrSigTooShort is returned when a signature that should be a DER // signature is too short. ErrSigTooShort = ErrorKind("ErrSigTooShort") // ErrSigTooLong is returned when a signature that should be a DER signature // is too long. ErrSigTooLong = ErrorKind("ErrSigTooLong") // ErrSigInvalidSeqID is returned when a signature that should be a DER // signature does not have the expected ASN.1 sequence ID. ErrSigInvalidSeqID = ErrorKind("ErrSigInvalidSeqID") // ErrSigInvalidDataLen is returned when a signature that should be a DER // signature does not specify the correct number of remaining bytes for the // R and S portions. ErrSigInvalidDataLen = ErrorKind("ErrSigInvalidDataLen") // ErrSigMissingSTypeID is returned when a signature that should be a DER // signature does not provide the ASN.1 type ID for S. ErrSigMissingSTypeID = ErrorKind("ErrSigMissingSTypeID") // ErrSigMissingSLen is returned when a signature that should be a DER // signature does not provide the length of S. ErrSigMissingSLen = ErrorKind("ErrSigMissingSLen") // ErrSigInvalidSLen is returned when a signature that should be a DER // signature does not specify the correct number of bytes for the S portion. ErrSigInvalidSLen = ErrorKind("ErrSigInvalidSLen") // ErrSigInvalidRIntID is returned when a signature that should be a DER // signature does not have the expected ASN.1 integer ID for R. ErrSigInvalidRIntID = ErrorKind("ErrSigInvalidRIntID") // ErrSigZeroRLen is returned when a signature that should be a DER // signature has an R length of zero. ErrSigZeroRLen = ErrorKind("ErrSigZeroRLen") // ErrSigNegativeR is returned when a signature that should be a DER // signature has a negative value for R. ErrSigNegativeR = ErrorKind("ErrSigNegativeR") // ErrSigTooMuchRPadding is returned when a signature that should be a DER // signature has too much padding for R. ErrSigTooMuchRPadding = ErrorKind("ErrSigTooMuchRPadding") // ErrSigRIsZero is returned when a signature has R set to the value zero. ErrSigRIsZero = ErrorKind("ErrSigRIsZero") // ErrSigRTooBig is returned when a signature has R with a value that is // greater than or equal to the group order. ErrSigRTooBig = ErrorKind("ErrSigRTooBig") // ErrSigInvalidSIntID is returned when a signature that should be a DER // signature does not have the expected ASN.1 integer ID for S. ErrSigInvalidSIntID = ErrorKind("ErrSigInvalidSIntID") // ErrSigZeroSLen is returned when a signature that should be a DER // signature has an S length of zero. ErrSigZeroSLen = ErrorKind("ErrSigZeroSLen") // ErrSigNegativeS is returned when a signature that should be a DER // signature has a negative value for S. ErrSigNegativeS = ErrorKind("ErrSigNegativeS") // ErrSigTooMuchSPadding is returned when a signature that should be a DER // signature has too much padding for S. ErrSigTooMuchSPadding = ErrorKind("ErrSigTooMuchSPadding") // ErrSigSIsZero is returned when a signature has S set to the value zero. ErrSigSIsZero = ErrorKind("ErrSigSIsZero") // ErrSigSTooBig is returned when a signature has S with a value that is // greater than or equal to the group order. ErrSigSTooBig = ErrorKind("ErrSigSTooBig") )
These constants are used to identify a specific Error.
Variables ¶
This section is empty.
Functions ¶
func RecoverCompact ¶
RecoverCompact attempts to recover the secp256k1 public key from the provided compact signature and message hash. It first verifies the signature, and, if the signature matches then the recovered public key will be returned as well as a boolean indicating whether or not the original key was compressed.
func SignCompact ¶
func SignCompact(key *secp256k1.PrivateKey, hash []byte, isCompressedKey bool) []byte
SignCompact produces a compact ECDSA signature over the secp256k1 curve for the provided hash (which should be the result of hashing a larger message) using the given private key. The isCompressedKey parameter specifies if the produced signature should reference a compressed public key or not.
Compact signature format: <1-byte compact sig recovery code><32-byte R><32-byte S>
The compact sig recovery code is the value 27 + public key recovery code + 4 if the compact signature was created with a compressed public key.
Types ¶
type Error ¶
Error identifies an error related to an ECDSA signature. It has full support for errors.Is and errors.As, so the caller can ascertain the specific reason for the error by checking the underlying error.
type ErrorKind ¶
type ErrorKind string
ErrorKind identifies a kind of error. It has full support for errors.Is and errors.As, so the caller can directly check against an error kind when determining the reason for an error.
type Signature ¶
type Signature struct {
// contains filtered or unexported fields
}
Signature is a type representing an ECDSA signature.
func NewSignature ¶
func NewSignature(r, s *secp256k1.ModNScalar) *Signature
NewSignature instantiates a new signature given some r and s values.
func ParseDERSignature ¶
ParseDERSignature parses a signature in the Distinguished Encoding Rules (DER) format per section 10 of [ISO/IEC 8825-1] and enforces the following additional restrictions specific to secp256k1:
- The R and S values must be in the valid range for secp256k1 scalars:
- Negative values are rejected
- Zero is rejected
- Values greater than or equal to the secp256k1 group order are rejected
func Sign ¶
func Sign(key *secp256k1.PrivateKey, hash []byte) *Signature
Sign generates an ECDSA signature over the secp256k1 curve for the provided hash (which should be the result of hashing a larger message) using the given private key. The produced signature is deterministic (same message and same key yield the same signature) and canonical in accordance with RFC6979 and BIP0062.
func (*Signature) IsEqual ¶
IsEqual compares this Signature instance to the one passed, returning true if both Signatures are equivalent. A signature is equivalent to another, if they both have the same scalar value for R and S.
func (*Signature) Serialize ¶
Serialize returns the ECDSA signature in the Distinguished Encoding Rules (DER) format per section 10 of [ISO/IEC 8825-1] and such that the S component of the signature is less than or equal to the half order of the group.
Note that the serialized bytes returned do not include the appended hash type used in Decred signature scripts.