diff options
author | Felix Lange <fjl@users.noreply.github.com> | 2017-01-13 04:29:11 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-01-13 04:29:11 +0800 |
commit | e0ceeab0d111ada7d847c83992d2ff3128bfb959 (patch) | |
tree | be9fcaa85d61ba461a3ee2293206f5f73c7e5451 /crypto/secp256k1/curve.go | |
parent | 93077c98e43610122ad0933b20a44f04a8f4b6b2 (diff) | |
download | go-tangerine-e0ceeab0d111ada7d847c83992d2ff3128bfb959.tar go-tangerine-e0ceeab0d111ada7d847c83992d2ff3128bfb959.tar.gz go-tangerine-e0ceeab0d111ada7d847c83992d2ff3128bfb959.tar.bz2 go-tangerine-e0ceeab0d111ada7d847c83992d2ff3128bfb959.tar.lz go-tangerine-e0ceeab0d111ada7d847c83992d2ff3128bfb959.tar.xz go-tangerine-e0ceeab0d111ada7d847c83992d2ff3128bfb959.tar.zst go-tangerine-e0ceeab0d111ada7d847c83992d2ff3128bfb959.zip |
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544)
- Use defined constants instead of hard-coding their integer value.
- Allocate secp256k1 structs on the C stack instead of converting []byte
- Remove dead code
Diffstat (limited to 'crypto/secp256k1/curve.go')
-rw-r--r-- | crypto/secp256k1/curve.go | 27 |
1 files changed, 1 insertions, 26 deletions
diff --git a/crypto/secp256k1/curve.go b/crypto/secp256k1/curve.go index 6e44a6771..61cad5463 100644 --- a/crypto/secp256k1/curve.go +++ b/crypto/secp256k1/curve.go @@ -33,7 +33,6 @@ package secp256k1 import ( "crypto/elliptic" - "io" "math/big" "sync" "unsafe" @@ -224,6 +223,7 @@ func (BitCurve *BitCurve) ScalarMult(Bx, By *big.Int, scalar []byte) (*big.Int, if len(scalar) > 32 { panic("can't handle scalars > 256 bits") } + // NOTE: potential timing issue padded := make([]byte, 32) copy(padded[32-len(scalar):], scalar) scalar = padded @@ -257,31 +257,6 @@ func (BitCurve *BitCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int) { return BitCurve.ScalarMult(BitCurve.Gx, BitCurve.Gy, k) } -var mask = []byte{0xff, 0x1, 0x3, 0x7, 0xf, 0x1f, 0x3f, 0x7f} - -//TODO: double check if it is okay -// GenerateKey returns a public/private key pair. The private key is generated -// using the given reader, which must return random data. -func (BitCurve *BitCurve) GenerateKey(rand io.Reader) (priv []byte, x, y *big.Int, err error) { - byteLen := (BitCurve.BitSize + 7) >> 3 - priv = make([]byte, byteLen) - - for x == nil { - _, err = io.ReadFull(rand, priv) - if err != nil { - return - } - // We have to mask off any excess bits in the case that the size of the - // underlying field is not a whole number of bytes. - priv[0] &= mask[BitCurve.BitSize%8] - // This is because, in tests, rand will return all zeros and we don't - // want to get the point at infinity and loop forever. - priv[1] ^= 0x42 - x, y = BitCurve.ScalarBaseMult(priv) - } - return -} - // Marshal converts a point into the form specified in section 4.3.6 of ANSI // X9.62. func (BitCurve *BitCurve) Marshal(x, y *big.Int) []byte { |