diff options
Diffstat (limited to 'vendor/github.com/btcsuite/btcd/btcec/signature.go')
-rw-r--r-- | vendor/github.com/btcsuite/btcd/btcec/signature.go | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/vendor/github.com/btcsuite/btcd/btcec/signature.go b/vendor/github.com/btcsuite/btcd/btcec/signature.go index 9b2765207..4392ab41a 100644 --- a/vendor/github.com/btcsuite/btcd/btcec/signature.go +++ b/vendor/github.com/btcsuite/btcd/btcec/signature.go @@ -29,10 +29,6 @@ type Signature struct { } var ( - // Curve order and halforder, used to tame ECDSA malleability (see BIP-0062) - order = new(big.Int).Set(S256().N) - halforder = new(big.Int).Rsh(order, 1) - // Used in RFC6979 implementation when testing the nonce for correctness one = big.NewInt(1) @@ -51,8 +47,8 @@ var ( func (sig *Signature) Serialize() []byte { // low 'S' malleability breaker sigS := sig.S - if sigS.Cmp(halforder) == 1 { - sigS = new(big.Int).Sub(order, sigS) + if sigS.Cmp(S256().halfOrder) == 1 { + sigS = new(big.Int).Sub(S256().N, sigS) } // Ensure the encoded bytes for the r and s values are canonical and // thus suitable for DER encoding. @@ -62,7 +58,7 @@ func (sig *Signature) Serialize() []byte { // total length of returned signature is 1 byte for each magic and // length (6 total), plus lengths of r and s length := 6 + len(rb) + len(sb) - b := make([]byte, length, length) + b := make([]byte, length) b[0] = 0x30 b[1] = byte(length - 2) @@ -420,7 +416,8 @@ func RecoverCompact(curve *KoblitzCurve, signature, func signRFC6979(privateKey *PrivateKey, hash []byte) (*Signature, error) { privkey := privateKey.ToECDSA() - N := order + N := S256().N + halfOrder := S256().halfOrder k := nonceRFC6979(privkey.D, hash) inv := new(big.Int).ModInverse(k, N) r, _ := privkey.Curve.ScalarBaseMult(k.Bytes()) @@ -438,7 +435,7 @@ func signRFC6979(privateKey *PrivateKey, hash []byte) (*Signature, error) { s.Mul(s, inv) s.Mod(s, N) - if s.Cmp(halforder) == 1 { + if s.Cmp(halfOrder) == 1 { s.Sub(N, s) } if s.Sign() == 0 { |