Implement signing.
This commit is contained in:
parent
710ac6fba9
commit
2b37c71b57
|
@ -18,9 +18,10 @@ impl Default for HStar {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl HStar {
|
impl HStar {
|
||||||
/// Add `data` to the hash.
|
/// Add `data` to the hash, and return `Self` for chaining.
|
||||||
pub fn update(&mut self, data: &[u8]) {
|
pub fn update(mut self, data: &[u8]) -> Self {
|
||||||
self.state.update(data);
|
self.state.update(data);
|
||||||
|
self
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Consume `self` to compute the hash output.
|
/// Consume `self` to compute the hash output.
|
||||||
|
|
|
@ -49,22 +49,36 @@ impl<T: SigType> SecretKey<T> {
|
||||||
pub fn randomize(&self, randomizer: Randomizer) -> PublicKey<T> {
|
pub fn randomize(&self, randomizer: Randomizer) -> PublicKey<T> {
|
||||||
unimplemented!();
|
unimplemented!();
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
impl SecretKey<Binding> {
|
/// Create a signature of type `T` on `msg` using this `SecretKey`.
|
||||||
/// Create a Zcash `BindingSig` on `msg` using this `SecretKey`.
|
|
||||||
// Similar to signature::Signer but without boxed errors.
|
// Similar to signature::Signer but without boxed errors.
|
||||||
pub fn sign(&self, msg: &[u8]) -> Signature<Binding> {
|
pub fn sign<R: RngCore + CryptoRng>(&self, mut rng: R, msg: &[u8]) -> Signature<T> {
|
||||||
// could use sign_inner
|
use crate::HStar;
|
||||||
unimplemented!();
|
|
||||||
}
|
// Choose a byte sequence uniformly at random of length
|
||||||
}
|
// (\ell_H + 128)/8 bytes. For RedJubjub this is (512 + 128)/8 = 80.
|
||||||
|
let random_bytes = {
|
||||||
impl SecretKey<SpendAuth> {
|
let mut bytes = [0; 80];
|
||||||
/// Create a Zcash `SpendAuthSig` on `msg` using this `SecretKey`.
|
rng.fill_bytes(&mut bytes);
|
||||||
// Similar to signature::Signer but without boxed errors.
|
bytes
|
||||||
pub fn sign(&self, msg: &[u8]) -> Signature<SpendAuth> {
|
};
|
||||||
// could use sign_inner
|
|
||||||
unimplemented!();
|
let nonce = HStar::default()
|
||||||
|
.update(&random_bytes[..])
|
||||||
|
.update(&self.pk.bytes.bytes[..]) // XXX ugly
|
||||||
|
.update(msg)
|
||||||
|
.finalize();
|
||||||
|
|
||||||
|
let r_bytes = jubjub::AffinePoint::from(&T::basepoint() * &nonce).to_bytes();
|
||||||
|
|
||||||
|
let c = HStar::default()
|
||||||
|
.update(&r_bytes[..])
|
||||||
|
.update(&self.pk.bytes.bytes[..]) // XXX ugly
|
||||||
|
.update(msg)
|
||||||
|
.finalize();
|
||||||
|
|
||||||
|
let s_bytes = (&nonce + &(&c * &self.sk)).to_bytes();
|
||||||
|
|
||||||
|
Signature::from_parts(r_bytes, s_bytes)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,18 @@ impl<T: SigType> From<Signature<T>> for [u8; 64] {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl<T: SigType> Signature<T> {
|
||||||
|
pub(crate) fn from_parts(r_bytes: [u8; 32], s_bytes: [u8; 32]) -> Self {
|
||||||
|
let mut bytes = [0; 64];
|
||||||
|
bytes[0..32].copy_from_slice(&r_bytes[..]);
|
||||||
|
bytes[32..64].copy_from_slice(&s_bytes[..]);
|
||||||
|
Self {
|
||||||
|
bytes,
|
||||||
|
_marker: PhantomData,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// These impls all only exist because of array length restrictions.
|
// These impls all only exist because of array length restrictions.
|
||||||
|
|
||||||
// XXX print the type variable
|
// XXX print the type variable
|
||||||
|
|
Loading…
Reference in New Issue