1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
use crate::get_hash_digest;
use crate::Digest32;
use crate::PrivateKey;
use crate::Signature;
use crate::ECDSA;
use crate::{reverse_digest::ReversibleDigest, Sha256r, SigningHash};
use anyhow::*;
use digest::{consts::U32, BlockInput, Digest, FixedOutput, Reset, Update};
use ecdsa::{
hazmat::{FromDigest, RecoverableSignPrimitive},
rfc6979::{self, generate_k},
};
use k256::FieldBytes;
use k256::{ecdsa::Signature as SecpSignature, Scalar, SecretKey};
use rand_core::OsRng;
use rand_core::RngCore;
use wasm_bindgen::prelude::*;
use wasm_bindgen::throw_str;
use wasm_bindgen::JsValue;
impl ECDSA {
fn sign_preimage_deterministic_k<D>(priv_key: &SecretKey, digest: D, reverse_endian_k: bool) -> Result<(SecpSignature, bool), ecdsa::Error>
where
D: Digest32,
{
let priv_scalar = priv_key.to_secret_scalar();
let k_digest = match reverse_endian_k {
true => digest.reverse(),
false => digest.clone(),
};
let k = **generate_k(&priv_scalar, k_digest, &[]);
let msg_scalar = Scalar::from_digest(digest);
priv_scalar.try_sign_recoverable_prehashed(&k, &msg_scalar)
}
fn sign_preimage_random_k<D>(priv_key: &SecretKey, digest: D, reverse_endian_k: bool) -> Result<(SecpSignature, bool), ecdsa::Error>
where
D: Digest32,
{
let mut added_entropy = FieldBytes::default();
let rng = &mut OsRng;
rng.fill_bytes(&mut added_entropy);
let priv_scalar = priv_key.to_secret_scalar();
let k_digest = match reverse_endian_k {
true => digest.reverse(),
false => digest.clone(),
};
let k = **generate_k(&priv_scalar, k_digest, &added_entropy);
let msg_scalar = Scalar::from_digest(digest);
priv_scalar.try_sign_recoverable_prehashed(&k, &msg_scalar)
}
pub(crate) fn sign_with_deterministic_k_impl(private_key: &PrivateKey, preimage: &[u8], hash_algo: SigningHash, reverse_k: bool) -> Result<Signature> {
let digest = get_hash_digest(hash_algo, preimage);
let (sig, is_recoverable) = ECDSA::sign_preimage_deterministic_k(&private_key.secret_key, digest, reverse_k)?;
let signature = Signature::from_der_impl(sig.to_der().as_bytes().to_vec(), is_recoverable)?;
Ok(signature)
}
pub(crate) fn sign_with_random_k_impl(private_key: &PrivateKey, preimage: &[u8], hash_algo: SigningHash, reverse_k: bool) -> Result<Signature> {
let digest = get_hash_digest(hash_algo, preimage);
let (sig, is_recoverable) = ECDSA::sign_preimage_random_k(&private_key.secret_key, digest, reverse_k)?;
let signature = Signature::from_der_impl(sig.to_der().as_bytes().to_vec(), is_recoverable)?;
Ok(signature)
}
}
#[cfg(target_arch = "wasm32")]
#[wasm_bindgen]
impl ECDSA {
#[wasm_bindgen(js_name = signWithRandomK)]
pub fn sign_with_random_k(private_key: &PrivateKey, preimage: &[u8], hash_algo: SigningHash, reverse_k: bool) -> Result<Signature, JsValue> {
match ECDSA::sign_with_random_k_impl(private_key, preimage, hash_algo, reverse_k) {
Ok(v) => Ok(v),
Err(e) => throw_str(&e.to_string()),
}
}
#[wasm_bindgen(js_name = sign)]
pub fn sign_with_deterministic_k(private_key: &PrivateKey, preimage: &[u8], hash_algo: SigningHash, reverse_k: bool) -> Result<Signature, JsValue> {
match ECDSA::sign_with_deterministic_k_impl(private_key, preimage, hash_algo, reverse_k) {
Ok(v) => Ok(v),
Err(e) => throw_str(&e.to_string()),
}
}
}
#[cfg(not(target_arch = "wasm32"))]
impl ECDSA {
pub fn sign_with_random_k(private_key: &PrivateKey, preimage: &[u8], hash_algo: SigningHash, reverse_k: bool) -> Result<Signature> {
ECDSA::sign_with_random_k_impl(private_key, preimage, hash_algo, reverse_k)
}
pub fn sign_with_deterministic_k(private_key: &PrivateKey, preimage: &[u8], hash_algo: SigningHash, reverse_k: bool) -> Result<Signature> {
ECDSA::sign_with_deterministic_k_impl(private_key, preimage, hash_algo, reverse_k)
}
}