struct Verifier [src]
A Verifier is used to incrementally verify a signature.
It can be obtained from a Signature, using the verifier() function.
Fields
h: Sha512
s: CompressedScalar
a: Curve
expected_r: Curve
Members
- InitError (Error Set)
- update (Function)
- verify (Function)
- VerifyError (Error Set)
Source
pub const Verifier = struct {
h: Sha512,
s: CompressedScalar,
a: Curve,
expected_r: Curve,
pub const InitError = NonCanonicalError || EncodingError || IdentityElementError;
fn init(sig: Signature, public_key: PublicKey) InitError!Verifier {
const r = sig.r;
const s = sig.s;
try Curve.scalar.rejectNonCanonical(s);
const a = try Curve.fromBytes(public_key.bytes);
try a.rejectIdentity();
try Curve.rejectNonCanonical(r);
const expected_r = try Curve.fromBytes(r);
try expected_r.rejectIdentity();
var h = Sha512.init(.{});
h.update(&r);
h.update(&public_key.bytes);
return Verifier{ .h = h, .s = s, .a = a, .expected_r = expected_r };
}
/// Add new content to the message to be verified.
pub fn update(self: *Verifier, msg: []const u8) void {
self.h.update(msg);
}
pub const VerifyError = WeakPublicKeyError || IdentityElementError ||
SignatureVerificationError;
/// Verify that the signature is valid for the entire message.
pub fn verify(self: *Verifier) VerifyError!void {
var hram64: [Sha512.digest_length]u8 = undefined;
self.h.final(&hram64);
const hram = Curve.scalar.reduce64(hram64);
const sb_ah = try Curve.basePoint.mulDoubleBasePublic(self.s, self.a.neg(), hram);
if (self.expected_r.sub(sb_ah).rejectLowOrder()) {
return error.SignatureVerificationFailed;
} else |_| {}
}
}