Merge pull request #7 from nspcc-dev/NEOFS_CRYPTO-4_Use_sha512_instead_of_sha256

Use SHA512 instead of SHA256
This commit is contained in:
Evgeniy Kulikov 2019-11-12 16:42:33 +03:00 committed by GitHub
commit 5bcaeeca4e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 6 deletions

View file

@ -4,7 +4,7 @@ import (
"crypto/ecdsa" "crypto/ecdsa"
"crypto/elliptic" "crypto/elliptic"
"crypto/rand" "crypto/rand"
"crypto/sha256" "crypto/sha512"
"crypto/x509" "crypto/x509"
"math/big" "math/big"
@ -183,9 +183,9 @@ func MarshalPrivateKey(key *ecdsa.PrivateKey) []byte {
return key.D.Bytes() return key.D.Bytes()
} }
// hashBytes returns the sha256 sum. // hashBytes returns the sha512 sum.
func hashBytes(data []byte) []byte { func hashBytes(data []byte) []byte {
buf := sha256.Sum256(data) buf := sha512.Sum512(data)
return buf[:] return buf[:]
} }
@ -203,7 +203,7 @@ func Verify(pub *ecdsa.PublicKey, msg, sig []byte) error {
return nil return nil
} }
// Sign signs a message using the private key. If the sha256 hash of msg // Sign signs a message using the private key. If the sha512 hash of msg
// is longer than the bit-length of the private key's curve order, the hash // is longer than the bit-length of the private key's curve order, the hash
// will be truncated to that length. It returns the signature as slice bytes. // will be truncated to that length. It returns the signature as slice bytes.
// The security of the private key depends on the entropy of rand. // The security of the private key depends on the entropy of rand.

View file

@ -21,6 +21,12 @@ const (
ErrWrongSignature = internal.Error("wrong signature") ErrWrongSignature = internal.Error("wrong signature")
) )
// hashBytesRFC6979 returns the sha256 sum.
func hashBytesRFC6979(data []byte) []byte {
sign := sha256.Sum256(data)
return sign[:]
}
// SignRFC6979 signs an arbitrary length hash (which should be the result of // SignRFC6979 signs an arbitrary length hash (which should be the result of
// hashing a larger message) using the private key. It returns the // hashing a larger message) using the private key. It returns the
// signature as a pair of integers. // signature as a pair of integers.
@ -28,7 +34,7 @@ const (
// Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated // Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated
// to the byte-length of the subgroup. This function does not perform that. // to the byte-length of the subgroup. This function does not perform that.
func SignRFC6979(key *ecdsa.PrivateKey, msg []byte) ([]byte, error) { func SignRFC6979(key *ecdsa.PrivateKey, msg []byte) ([]byte, error) {
r, s, err := rfc6979.SignECDSA(key, hashBytes(msg), sha256.New) r, s, err := rfc6979.SignECDSA(key, hashBytesRFC6979(msg), sha256.New)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -49,7 +55,7 @@ func decodeSignature(sig []byte) (*big.Int, *big.Int, error) {
func VerifyRFC6979(key *ecdsa.PublicKey, msg, sig []byte) error { func VerifyRFC6979(key *ecdsa.PublicKey, msg, sig []byte) error {
if r, s, err := decodeSignature(sig); err != nil { if r, s, err := decodeSignature(sig); err != nil {
return err return err
} else if !ecdsa.Verify(key, hashBytes(msg), r, s) { } else if !ecdsa.Verify(key, hashBytesRFC6979(msg), r, s) {
return ErrWrongSignature return ErrWrongSignature
} }