A Signer is used to incrementally compute a signature.
It can be obtained from a KeyPair, using the signer() function.
pub fn update(self: *Signer, data: []const u8) voidAdd new data to the message being signed.
self: *Signerdata: []const u8pub fn update(self: *Signer, data: []const u8) void {
self.h.update(data);
}pub const Signer = struct {
h: Sha512,
scalar: CompressedScalar,
nonce: CompressedScalar,
r_bytes: [Curve.encoded_length]u8,
fn init(scalar: CompressedScalar, nonce: CompressedScalar, public_key: PublicKey) (IdentityElementError || KeyMismatchError || NonCanonicalError || WeakPublicKeyError)!Signer {
const r = try Curve.basePoint.mul(nonce);
const r_bytes = r.toBytes();
var t: [64]u8 = undefined;
t[0..32].* = r_bytes;
t[32..].* = public_key.bytes;
var h = Sha512.init(.{});
h.update(&t);
return Signer{ .h = h, .scalar = scalar, .nonce = nonce, .r_bytes = r_bytes };
}
/// Add new data to the message being signed.
pub fn update(self: *Signer, data: []const u8) void {
self.h.update(data);
}
/// Compute a signature over the entire message.
pub fn finalize(self: *Signer) Signature {
var hram64: [Sha512.digest_length]u8 = undefined;
self.h.final(&hram64);
const hram = Curve.scalar.reduce64(hram64);
const s = Curve.scalar.mulAdd(hram, self.scalar, self.nonce);
return Signature{ .r = self.r_bytes, .s = s };
}
}