1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
use super::{recoverable, Error, Signature};
use crate::{AffinePoint, ElementBytes, ProjectivePoint, PublicKey, Scalar, Secp256k1};
use ecdsa_core::{hazmat::VerifyPrimitive, signature};
use elliptic_curve::{subtle::CtOption, FromBytes};
#[cfg_attr(docsrs, doc(cfg(feature = "ecdsa")))]
pub struct Verifier {
verifier: ecdsa_core::Verifier<Secp256k1>,
}
impl Verifier {
pub fn new(public_key: &PublicKey) -> Result<Self, Error> {
Ok(Self {
verifier: ecdsa_core::Verifier::new(public_key)?,
})
}
}
impl signature::Verifier<Signature> for Verifier {
fn verify(&self, msg: &[u8], signature: &Signature) -> Result<(), Error> {
self.verifier.verify(msg, signature)
}
}
impl signature::Verifier<recoverable::Signature> for Verifier {
fn verify(&self, msg: &[u8], signature: &recoverable::Signature) -> Result<(), Error> {
self.verifier.verify(msg, &Signature::from(*signature))
}
}
impl VerifyPrimitive<Secp256k1> for AffinePoint {
fn verify_prehashed(
&self,
hashed_msg: &ElementBytes,
signature: &Signature,
) -> Result<(), Error> {
let maybe_r =
Scalar::from_bytes(signature.r()).and_then(|r| CtOption::new(r, !r.is_zero()));
let maybe_s =
Scalar::from_bytes(signature.s()).and_then(|s| CtOption::new(s, !s.is_zero()));
let (r, s) = if maybe_r.is_some().into() && maybe_s.is_some().into() {
(maybe_r.unwrap(), maybe_s.unwrap())
} else {
return Err(Error::new());
};
if s.is_high().into() {
return Err(Error::new());
}
let z = Scalar::from_bytes_reduced(&hashed_msg);
let s_inv = s.invert().unwrap();
let u1 = z * &s_inv;
let u2 = r * &s_inv;
let x = ((&ProjectivePoint::generator() * &u1) + &(ProjectivePoint::from(*self) * &u2))
.to_affine()
.unwrap()
.x;
if Scalar::from_bytes_reduced(&x.to_bytes()) == r {
Ok(())
} else {
Err(Error::new())
}
}
}
#[cfg(test)]
mod tests {
use super::*;
use crate::{test_vectors::ecdsa::ECDSA_TEST_VECTORS, AffinePoint, UncompressedPoint};
use ecdsa_core::generic_array::GenericArray;
ecdsa_core::new_verification_test!(ECDSA_TEST_VECTORS);
}