pub struct Signature<C: EcdsaCurve> {
pub(crate) r: ScalarValue<C>,
pub(crate) s: ScalarValue<C>,
}Expand description
ECDSA signature (fixed-size, a.k.a. IEEE P1363). Generic over elliptic curve types.
Serialized as fixed-sized big endian scalar values with no added framing:
r: field element size for the given curve, big-endians: field element size for the given curve, big-endian
Both r and s MUST be non-zero.
For example, in a curve with a 256-bit modulus like NIST P-256 or
secp256k1, r and s will both be 32-bytes and serialized as big endian,
resulting in a signature with a total of 64-bytes.
ASN.1 DER-encoded signatures also supported via the
Signature::from_der and Signature::to_der methods.
§serde support
When the serde feature of this crate is enabled, it provides support for
serializing and deserializing ECDSA signatures using the Serialize and
Deserialize traits.
The serialization uses a hexadecimal encoding when used with “human readable” text formats, and a binary encoding otherwise.
Fields§
§r: ScalarValue<C>§s: ScalarValue<C>Implementations§
Source§impl<C> Signature<C>
impl<C> Signature<C>
Sourcepub fn from_bytes(bytes: &SignatureBytes<C>) -> Result<Self>
pub fn from_bytes(bytes: &SignatureBytes<C>) -> Result<Self>
Parse a signature from fixed-width bytes, i.e. 2 * the size of
FieldBytes for a particular curve.
§Returns
Ok(signature)if therandscomponents are both in the valid range1..nwhen serialized as concatenated big endian integers.Err(err)if therand/orscomponent of the signature is out-of-range when interpreted as a big endian integer.
Sourcepub fn from_slice(slice: &[u8]) -> Result<Self>
pub fn from_slice(slice: &[u8]) -> Result<Self>
Parse a signature from a byte slice.
Sourcepub fn from_scalars(
r: impl Into<FieldBytes<C>>,
s: impl Into<FieldBytes<C>>,
) -> Result<Self>
pub fn from_scalars( r: impl Into<FieldBytes<C>>, s: impl Into<FieldBytes<C>>, ) -> Result<Self>
Create a Signature from the serialized r and s scalar values
which comprise the signature.
§Returns
Ok(signature)if therandscomponents are both in the valid range1..nwhen serialized as concatenated big endian integers.Err(err)if therand/orscomponent of the signature is out-of-range when interpreted as a big endian integer.
Sourcepub fn split_bytes(&self) -> (FieldBytes<C>, FieldBytes<C>)
pub fn split_bytes(&self) -> (FieldBytes<C>, FieldBytes<C>)
Split the signature into its r and s components, represented as bytes.
Sourcepub fn to_bytes(&self) -> SignatureBytes<C>
pub fn to_bytes(&self) -> SignatureBytes<C>
Serialize this signature as bytes.
Source§impl<C> Signature<C>
impl<C> Signature<C>
Sourcepub fn r(&self) -> NonZeroScalar<C>
pub fn r(&self) -> NonZeroScalar<C>
Get the r component of this signature
Sourcepub fn s(&self) -> NonZeroScalar<C>
pub fn s(&self) -> NonZeroScalar<C>
Get the s component of this signature
Sourcepub fn split_scalars(&self) -> (NonZeroScalar<C>, NonZeroScalar<C>)
pub fn split_scalars(&self) -> (NonZeroScalar<C>, NonZeroScalar<C>)
Split the signature into its r and s scalars.
Sourcepub fn normalize_s(&self) -> Self
pub fn normalize_s(&self) -> Self
Normalize signature into “low S” form as described in BIP 0062: Dealing with Malleability.
Trait Implementations§
Source§impl<C> AssociatedAlgorithmIdentifier for Signature<C>where
C: EcdsaCurve,
Self: AssociatedOid,
Available on crate feature pkcs8 only.ECDSA AlgorithmIdentifier which identifies the digest used by default
with the Signer and Verifier traits.
impl<C> AssociatedAlgorithmIdentifier for Signature<C>where
C: EcdsaCurve,
Self: AssociatedOid,
pkcs8 only.ECDSA AlgorithmIdentifier which identifies the digest used by default
with the Signer and Verifier traits.
Source§const ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static>
const ALGORITHM_IDENTIFIER: AlgorithmIdentifierRef<'static>
AlgorithmIdentifier for this structure.Source§impl<C> AssociatedOid for Signature<C>
Available on crate features digest and hazmat only.ECDSA ObjectIdentifier which identifies the digest used by default
with the Signer and Verifier traits.
impl<C> AssociatedOid for Signature<C>
digest and hazmat only.ECDSA ObjectIdentifier which identifies the digest used by default
with the Signer and Verifier traits.
To support non-default digest algorithms, use the SignatureWithOid
type instead.
Source§const OID: ObjectIdentifier
const OID: ObjectIdentifier
Source§impl<C, D> DigestSigner<D, Signature<C>> for SigningKey<C>where
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
D: Digest + FixedOutput,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
Sign message digest using a deterministic ephemeral scalar (k)
computed using the algorithm described in RFC6979 § 3.2.
impl<C, D> DigestSigner<D, Signature<C>> for SigningKey<C>where
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
D: Digest + FixedOutput,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
Sign message digest using a deterministic ephemeral scalar (k)
computed using the algorithm described in RFC6979 § 3.2.
Source§impl<C, D> DigestVerifier<D, Signature<C>> for VerifyingKey<C>
impl<C, D> DigestVerifier<D, Signature<C>> for VerifyingKey<C>
Source§impl<C> From<Signature<C>> for SignatureBytes<C>
impl<C> From<Signature<C>> for SignatureBytes<C>
Source§fn from(signature: Signature<C>) -> SignatureBytes<C>
fn from(signature: Signature<C>) -> SignatureBytes<C>
Source§impl<C> From<Signature<C>> for Signature<C>where
C: EcdsaCurve,
MaxSize<C>: ArraySize,
<FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArraySize,
impl<C> From<Signature<C>> for Signature<C>where
C: EcdsaCurve,
MaxSize<C>: ArraySize,
<FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArraySize,
Source§impl<C> From<SignatureWithOid<C>> for Signature<C>where
C: EcdsaCurve,
Available on crate feature digest only.
impl<C> From<SignatureWithOid<C>> for Signature<C>where
C: EcdsaCurve,
digest only.Source§fn from(sig: SignatureWithOid<C>) -> Signature<C>
fn from(sig: SignatureWithOid<C>) -> Signature<C>
Source§impl<C> MultipartSigner<Signature<C>> for SigningKey<C>where
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
impl<C> MultipartSigner<Signature<C>> for SigningKey<C>where
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
Source§fn try_multipart_sign(&self, msg: &[&[u8]]) -> Result<Signature<C>, Error>
fn try_multipart_sign(&self, msg: &[&[u8]]) -> Result<Signature<C>, Error>
Signer::try_sign() but the message is provided in non-contiguous byte
slices. Read moreSource§fn multipart_sign(&self, msg: &[&[u8]]) -> S
fn multipart_sign(&self, msg: &[&[u8]]) -> S
Signer::sign() but the message is provided in non-contiguous byte slices.Source§impl<C> MultipartVerifier<Signature<C>> for VerifyingKey<C>
impl<C> MultipartVerifier<Signature<C>> for VerifyingKey<C>
Source§fn multipart_verify(
&self,
msg: &[&[u8]],
signature: &Signature<C>,
) -> Result<()>
fn multipart_verify( &self, msg: &[&[u8]], signature: &Signature<C>, ) -> Result<()>
Verifier::verify() but the message is provided in non-contiguous byte
slices. Read moreSource§impl<C> PrehashSigner<Signature<C>> for SigningKey<C>where
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
Sign message prehash using a deterministic ephemeral scalar (k)
computed using the algorithm described in RFC6979 § 3.2.
impl<C> PrehashSigner<Signature<C>> for SigningKey<C>where
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
Sign message prehash using a deterministic ephemeral scalar (k)
computed using the algorithm described in RFC6979 § 3.2.
Source§impl<C> PrehashVerifier<Signature<C>> for VerifyingKey<C>
impl<C> PrehashVerifier<Signature<C>> for VerifyingKey<C>
Source§impl<C, D> RandomizedDigestSigner<D, Signature<C>> for SigningKey<C>where
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
D: Digest + FixedOutput,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
impl<C, D> RandomizedDigestSigner<D, Signature<C>> for SigningKey<C>where
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
D: Digest + FixedOutput,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
Source§impl<C> RandomizedMultipartSigner<Signature<C>> for SigningKey<C>where
Self: RandomizedDigestSigner<C::Digest, Signature<C>>,
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
impl<C> RandomizedMultipartSigner<Signature<C>> for SigningKey<C>where
Self: RandomizedDigestSigner<C::Digest, Signature<C>>,
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
Source§fn try_multipart_sign_with_rng<R: TryCryptoRng + ?Sized>(
&self,
rng: &mut R,
msg: &[&[u8]],
) -> Result<Signature<C>>
fn try_multipart_sign_with_rng<R: TryCryptoRng + ?Sized>( &self, rng: &mut R, msg: &[&[u8]], ) -> Result<Signature<C>>
RandomizedSigner::try_sign_with_rng() but the message is provided in
non-contiguous byte slices. Read moreSource§fn multipart_sign_with_rng<R>(&self, rng: &mut R, msg: &[&[u8]]) -> S
fn multipart_sign_with_rng<R>(&self, rng: &mut R, msg: &[&[u8]]) -> S
RandomizedSigner::sign_with_rng() but the message is provided in
non-contiguous byte slices.Source§impl<C> RandomizedPrehashSigner<Signature<C>> for SigningKey<C>where
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
impl<C> RandomizedPrehashSigner<Signature<C>> for SigningKey<C>where
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
Source§fn sign_prehash_with_rng<R: TryCryptoRng + ?Sized>(
&self,
rng: &mut R,
prehash: &[u8],
) -> Result<Signature<C>>
fn sign_prehash_with_rng<R: TryCryptoRng + ?Sized>( &self, rng: &mut R, prehash: &[u8], ) -> Result<Signature<C>>
Source§impl<C> RandomizedSigner<Signature<C>> for SigningKey<C>where
Self: RandomizedDigestSigner<C::Digest, Signature<C>>,
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
impl<C> RandomizedSigner<Signature<C>> for SigningKey<C>where
Self: RandomizedDigestSigner<C::Digest, Signature<C>>,
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
Source§fn try_sign_with_rng<R: TryCryptoRng + ?Sized>(
&self,
rng: &mut R,
msg: &[u8],
) -> Result<Signature<C>>
fn try_sign_with_rng<R: TryCryptoRng + ?Sized>( &self, rng: &mut R, msg: &[u8], ) -> Result<Signature<C>>
Source§impl<C> SignatureEncoding for Signature<C>
impl<C> SignatureEncoding for Signature<C>
Source§impl<C> Signer<Signature<C>> for SigningKey<C>where
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
Sign message using a deterministic ephemeral scalar (k)
computed using the algorithm described in RFC6979 § 3.2.
impl<C> Signer<Signature<C>> for SigningKey<C>where
C: EcdsaCurve + CurveArithmetic + DigestAlgorithm,
Scalar<C>: Invert<Output = CtOption<Scalar<C>>>,
SignatureSize<C>: ArraySize,
Sign message using a deterministic ephemeral scalar (k)
computed using the algorithm described in RFC6979 § 3.2.
Source§impl<C> TryFrom<Signature<C>> for Signature<C>where
C: EcdsaCurve,
MaxSize<C>: ArraySize,
<FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArraySize,
impl<C> TryFrom<Signature<C>> for Signature<C>where
C: EcdsaCurve,
MaxSize<C>: ArraySize,
<FieldBytesSize<C> as Add>::Output: Add<MaxOverhead> + ArraySize,
Source§impl<C> Verifier<Signature<C>> for VerifyingKey<C>
impl<C> Verifier<Signature<C>> for VerifyingKey<C>
Source§impl<C: EcdsaCurve> Zeroize for Signature<C>
impl<C: EcdsaCurve> Zeroize for Signature<C>
impl<C> Copy for Signature<C>where
C: EcdsaCurve,
SignatureSize<C>: ArraySize,
<SignatureSize<C> as ArraySize>::ArrayType<u8>: Copy,
impl<C: Eq + EcdsaCurve> Eq for Signature<C>
impl<C: EcdsaCurve> StructuralPartialEq for Signature<C>
Auto Trait Implementations§
impl<C> Freeze for Signature<C>
impl<C> RefUnwindSafe for Signature<C>
impl<C> Send for Signature<C>
impl<C> Sync for Signature<C>
impl<C> Unpin for Signature<C>
impl<C> UnsafeUnpin for Signature<C>
impl<C> UnwindSafe for Signature<C>
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<T> DynAssociatedAlgorithmIdentifier for Twhere
T: AssociatedAlgorithmIdentifier,
impl<T> DynAssociatedAlgorithmIdentifier for Twhere
T: AssociatedAlgorithmIdentifier,
Source§fn algorithm_identifier(&self) -> Result<AlgorithmIdentifier<Any>, Error>
fn algorithm_identifier(&self) -> Result<AlgorithmIdentifier<Any>, Error>
AlgorithmIdentifier for this structure. Read more