signConst method

List<int> signConst(
  1. List<int> data,
  2. HashFunc hashMethod
)

Implementation

List<int> signConst(List<int> data, HashFunc hashMethod) {
  if (generator.curve != Curves.curveEd25519) {
    throw CryptoException(
        "Constant-time signing is only supported for Ed25519.");
  }
  final secBytes = BigintUtils.toBytes(secret,
      length: generator.curve.baselen, order: Endian.little);
  final hash =
      hashMethod().update(List<int>.from([...extendedKey, ...data])).digest();
  final rScalar = Ed25519Utils.scalarReduceConst(hash);
  final R = Ed25519Utils.scalarMultBase(rScalar);
  final kBytes = hashMethod()
      .update(List<int>.from([...R, ...publicKey.toBytes(), ...data]))
      .digest();
  List<int> s = Ed25519Utils.scalarReduceConst(kBytes);
  List<int> s2 = List.filled(32, 0);
  CryptoOps.scMulAdd(s2, s, secBytes, rScalar);
  CryptoOps.scReduce32Copy(s2, s2);
  if (Ed25519Utils.scIsZero(s) || Ed25519Utils.scIsZero(rScalar)) {
    throw CryptoException(
        "Invalid signature: scalar value is zero, which is not allowed in Ed25519 signing.");
  }
  final signature = [...R, ...s2];
  if (publicKey.verify(data, signature, hashMethod)) {
    return signature;
  }
  throw const CryptoException(
      'The created signature does not pass verification.');
}