struct Signer [src]

A Signer is used to incrementally compute a signature. It can be obtained from a KeyPair, using the signer() function.

Fields

h: Sha512

scalar: CompressedScalar

nonce: CompressedScalar

r_bytes: [Curve.encoded_length]u8

Members

finalize (Function)
update (Function)

Source

  pub const Signer = struct {
    h: Sha512,
    scalar: CompressedScalar,
    nonce: CompressedScalar,
    r_bytes: [Curve.encoded_length]u8,

    fn init(scalar: CompressedScalar, nonce: CompressedScalar, public_key: PublicKey) (IdentityElementError || KeyMismatchError || NonCanonicalError || WeakPublicKeyError)!Signer {
        const r = try Curve.basePoint.mul(nonce);
        const r_bytes = r.toBytes();

        var t: [64]u8 = undefined;
        t[0..32].* = r_bytes;
        t[32..].* = public_key.bytes;
        var h = Sha512.init(.{});
        h.update(&t);

        return Signer{ .h = h, .scalar = scalar, .nonce = nonce, .r_bytes = r_bytes };
    }

    /// Add new data to the message being signed.
    pub fn update(self: *Signer, data: []const u8) void {
        self.h.update(data);
    }

    /// Compute a signature over the entire message.
    pub fn finalize(self: *Signer) Signature {
        var hram64: [Sha512.digest_length]u8 = undefined;
        self.h.final(&hram64);
        const hram = Curve.scalar.reduce64(hram64);

        const s = Curve.scalar.mulAdd(hram, self.scalar, self.nonce);

        return Signature{ .r = self.r_bytes, .s = s };
    }
}  