secp256k1

Pure Haskell cryptographic primitives on the secp256k1 elliptic curve.
git clone git://git.ppad.tech/secp256k1.git
Log | Files | Refs | LICENSE
commit f28aa58161acfe5cdb2e60f047ee77b362a91f8b
parent a092a279d2ad5e84c268e470a84aa5d6e2ebbd23
Author: Jared Tobin <jared@jtobin.io>
Date:   Thu, 10 Oct 2024 09:25:30 +0400

lib: verify commentary

Diffstat:

Mlib/Crypto/Curve/Secp256k1.hs | 30+++++++++++++++++++++---------


Mtest/Main.hs | 2+-


2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/lib/Crypto/Curve/Secp256k1.hs b/lib/Crypto/Curve/Secp256k1.hs
@@ -505,9 +505,9 @@ data SigType =
 -- | Produce an ECDSA signature for the provided message, using the
 --   provided private key.
 --
---  'sign' produces a "low-s" signature, as is commonly required
---  in applications. If you need a generic ECDSA signature, use
---  'sign_unrestricted'.
+--   'sign' produces a "low-s" signature, as is commonly required
+--   in applications. If you need a generic ECDSA signature, use
+--   'sign_unrestricted'.
 sign
   :: Integer
   -> BS.ByteString
@@ -517,9 +517,9 @@ sign = _sign LowS
 -- | Produce an ECDSA signature for the provided message, using the
 --   provided private key.
 --
---  'sign_unrestricted' produces an unrestricted ECDSA signature, which is
---  less common in applications. If you need a conventional "low-s" signature,
---  use 'sign'.
+--   'sign_unrestricted' produces an unrestricted ECDSA signature, which
+--   is less common in applications. If you need a conventional "low-s"
+--   signature, use 'sign'.
 sign_unrestricted
   :: Integer
   -> BS.ByteString
@@ -571,9 +571,15 @@ low (ECDSA r s) = ECDSA r ms where
     | otherwise = s
 {-# INLINE low #-}
 
--- SEC1-v2 4.1.4
-verify_unrestricted :: BS.ByteString -> Projective -> ECDSA -> Bool
+-- | Verify an unrestricted ECDSA signature for the provided message and
+--   public key.
+verify_unrestricted
+  :: BS.ByteString -- ^ message
+  -> Projective    -- ^ public key
+  -> ECDSA         -- ^ signature
+  -> Bool
 verify_unrestricted (SHA256.hash -> h) p (ECDSA r s)
+  -- SEC1-v2 4.1.4
   | not (ge r) || not (ge s) = False
   | otherwise =
       let e     = modQ (bits2int h)
@@ -588,7 +594,13 @@ verify_unrestricted (SHA256.hash -> h) p (ECDSA r s)
           else let Affine (modQ -> v) _ = affine capR
                in  v == r
 
-verify :: BS.ByteString -> Projective -> ECDSA -> Bool
+-- | Verify a "low-s" ECDSA signature for the provided message and
+--   public key.
+verify
+  :: BS.ByteString -- ^ message
+  -> Projective    -- ^ public key
+  -> ECDSA         -- ^ signature
+  -> Bool
 verify m p sig@(ECDSA _ s)
   | s > B.unsafeShiftR _CURVE_Q 1 = False
   | otherwise = verify_unrestricted m p sig
diff --git a/test/Main.hs b/test/Main.hs
@@ -36,7 +36,7 @@ main = do
     Just (w0, w1) -> defaultMain $ testGroup "ppad-secp256k1" [
         units
       , wycheproof_ecdsa_verify_tests "(ecdsa, sha256)" Unrestricted w0
-      , wycheproof_ecdsa_verify_tests "(ecdsa, sha256, bitcoin)" LowS w1
+      , wycheproof_ecdsa_verify_tests "(ecdsa, sha256, low-s)" LowS w1
       ]
 
 wycheproof_ecdsa_verify_tests :: String -> SigType -> W.Wycheproof -> TestTree