-
Notifications
You must be signed in to change notification settings - Fork 20
/
process.go
84 lines (73 loc) · 2 KB
/
process.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
package verify
import (
"errors"
"fmt"
bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381"
"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
)
var dst = []byte("BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_")
const (
PublicKeyLength = bls12381.SizeOfG1AffineCompressed
SecretKeyLength = fr.Bytes
SignatureLength = bls12381.SizeOfG2AffineCompressed
)
type (
PublicKey = bls12381.G1Affine
SecretKey = fr.Element
Signature = bls12381.G2Affine
)
var (
_, _, g1One, _ = bls12381.Generators()
ErrInvalidPubkeyLength = errors.New("invalid public key length")
ErrInvalidSecretKeyLength = errors.New("invalid secret key length")
ErrInvalidSignatureLength = errors.New("invalid signature length")
ErrSecretKeyIsZero = errors.New("invalid secret key is zero")
)
func PublicKeyFromBytes(pkBytes []byte) (*PublicKey, error) {
if len(pkBytes) != PublicKeyLength {
return nil, ErrInvalidPubkeyLength
}
pk := new(PublicKey)
err := pk.Unmarshal(pkBytes)
return pk, err
}
func SignatureFromBytes(sigBytes []byte) (*Signature, error) {
if len(sigBytes) != SignatureLength {
return nil, ErrInvalidSignatureLength
}
sig := new(Signature)
err := sig.Unmarshal(sigBytes)
return sig, err
}
func VerifySignatureBytes(msg [32]byte, sigBytes, pkBytes []byte) (ok bool, err error) {
defer func() { // better safe than sorry
if r := recover(); r != nil {
var isErr bool
err, isErr = r.(error)
if !isErr {
err = fmt.Errorf("verify signature bytes panic: %v", r)
}
}
}()
pk, err := PublicKeyFromBytes(pkBytes)
if err != nil {
return false, err
}
sig, err := SignatureFromBytes(sigBytes)
if err != nil {
return false, err
}
return VerifySignature(sig, pk, msg[:])
}
func VerifySignature(sig *Signature, pk *PublicKey, msg []byte) (bool, error) {
Q, err := bls12381.HashToG2(msg, dst)
if err != nil {
return false, err
}
var negP bls12381.G1Affine
negP.Neg(&g1One)
return bls12381.PairingCheck(
[]bls12381.G1Affine{*pk, negP},
[]bls12381.G2Affine{Q, *sig},
)
}