README
¶
Minimal secp256k1 facilities for rrr
This package exists so we can be flexible about licensing issues and to avoid circular dependencies with the upstream ConsenSys/quorum and ethereum/go-ethereum projects
It exposes only the absoloute minimum set of primitives needed by go-rrr/consensus/rrr
Documentation
¶
Index ¶
- func FromBTECSig(vrs []byte)
- func N() []byte
- func ReadBits(bigint *big.Int, buf []byte)
- func SmallS(s *big.Int) bool
- func ToBTECSig(rsv []byte) []byte
- type CipherSuite
- type SECP256k1SuiteBTCEC
- func (c *SECP256k1SuiteBTCEC) Curve() elliptic.Curve
- func (c *SECP256k1SuiteBTCEC) Ecrecover(digest, sig []byte) ([]byte, error)
- func (c *SECP256k1SuiteBTCEC) Keccak256(image ...[]byte) []byte
- func (c *SECP256k1SuiteBTCEC) Sign(digest []byte, key *ecdsa.PrivateKey) ([]byte, error)
- func (c *SECP256k1SuiteBTCEC) VerifySignature(pub, digest, sig []byte) bool
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FromBTECSig ¶
func FromBTECSig(vrs []byte)
FromBTECSig is vrs -> rsv (See ToBTCSig for background). This function modifies the argument slice in place.
func SmallS ¶
SmallS checks that s is the 'canonical' of the two values satisfying the curve. See // https://yondon.blog/2019/01/01/how-not-to-use-ecdsa/ In short, for an ecdsa signature [R, S] there are, due to curve symetry, two possible values of S that would otherwise pass EC verification. The world has chosen the smaller of the two possible values as 'canonical'. The half value is defined as canonical.
func ToBTECSig ¶
Moves the ec pub key recovery id from the front to the back of the slice.
Archaeology: ... SEC 1-v2 [1] describes how signature recovery works and the ASN.1 encoding of the extra information for recovery can be included. This format is essentially [R, S, V] (though a mnemonic for 'additional' is used rather than V). This heritiage means the Sign primitive puts V at the end. But in much of the litterature v is refered to as the 'header' and is typically listed first. Ethereum (unlike bitcoin) uses the recovery trick to eliminate the need to include public keys with signatures. The EYP Appendix F [2], and many others, treat v as a header value and encode it first as it is needed to interpret the subsequent data. Ecrecover is due to ethereum and Sign is due to the ECDSA standards, hence Sign produces one format while recovery expects the other. The magical 27 is due to ethereum needing to avoid collisions with rlp encoding.
The final confusion comes from the fact that libsecp256k1 is written to mostly deal only with r, s so it naturaly deals with signatures where [r:s] are [0:31][32:63]. But btec expects and requires v,r,s. libsecp256k1 works without fuss, but for btec we need this helper.
1. http://www.secg.org/sec1-v2.pdf 2. https://ethereum.github.io/yellowpaper/paper.pdf
This funciton will panic if len(sig) < 65.
Types ¶
type CipherSuite ¶
type CipherSuite interface {
Curve() elliptic.Curve
// Keccak256 returns a digest suitable for Sign. (draft sha3 before the padding was added)
Keccak256(b ...[]byte) []byte
// Sign is given a digest to sign.
Sign(digest []byte, key *ecdsa.PrivateKey) ([]byte, error)
// VerifySignature verifies
VerifySignature(bub, digest, sig []byte) bool
// Ecrecover a public key from a recoverable signature.
Ecrecover(digest, sig []byte) ([]byte, error)
}
func NewCipherSuite ¶
func NewCipherSuite() CipherSuite
NewCipherSuite returns the CipherSuite selected by the package build tags (csecp present or not)
type SECP256k1SuiteBTCEC ¶
type SECP256k1SuiteBTCEC struct{}
func (*SECP256k1SuiteBTCEC) Curve ¶
func (c *SECP256k1SuiteBTCEC) Curve() elliptic.Curve
func (*SECP256k1SuiteBTCEC) Ecrecover ¶
func (c *SECP256k1SuiteBTCEC) Ecrecover(digest, sig []byte) ([]byte, error)
Ecrecover a public key from a recoverable signature.
func (*SECP256k1SuiteBTCEC) Keccak256 ¶
func (c *SECP256k1SuiteBTCEC) Keccak256(image ...[]byte) []byte
Keccak256 returns a digest suitable for Sign. (draft sha3 before the padding was added)
func (*SECP256k1SuiteBTCEC) Sign ¶
func (c *SECP256k1SuiteBTCEC) Sign(digest []byte, key *ecdsa.PrivateKey) ([]byte, error)
Sign is given a digest to sign.
func (*SECP256k1SuiteBTCEC) VerifySignature ¶
func (c *SECP256k1SuiteBTCEC) VerifySignature(pub, digest, sig []byte) bool
VerifySignature verifies a 64 byte signature [R, S] format
Source Files