func generateLegacy(c elliptic.Curve, rand io.Reader) (*PrivateKey, error) { … } // hashToInt converts a hash value to an integer. Per FIPS 186-4, Section 6.4, // we use the left-most bits of the hash to match the bit-length of the order of // the curve. This also performs Step 5 of SEC 1, Version 2.0, Section 4.1.3. func hashToInt(hash []byte, c elliptic.Curve) *big.Int { … } var errZeroParam … // Sign signs a hash (which should be the result of hashing a larger message) // using the private key, priv. If the hash is longer than the bit-length of the // private key's curve order, the hash will be truncated to that length. It // returns the signature as a pair of integers. Most applications should use // [SignASN1] instead of dealing directly with r, s. func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) { … } func signLegacy(priv *PrivateKey, csprng io.Reader, hash []byte) (sig []byte, err error) { … } // Verify verifies the signature in r, s of hash using the public key, pub. Its // return value records whether the signature is valid. Most applications should // use VerifyASN1 instead of dealing directly with r, s. // // The inputs are not considered confidential, and may leak through timing side // channels, or if an attacker has control of part of the inputs. func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { … } func verifyLegacy(pub *PublicKey, hash []byte, sig []byte) bool { … } var one … // randFieldElement returns a random element of the order of the given // curve using the procedure given in FIPS 186-4, Appendix B.5.2. func randFieldElement(c elliptic.Curve, rand io.Reader) (k *big.Int, err error) { … }
Codebase Browser
go