signConst method

Implementation

List<int> signConst(List<int> data, HashFunc hashMethod) {
  if (generator.curve != Curves.curveEd25519) {
    throw const CryptoSignException(
      "Constant-time signing is only supported for Ed25519.",
    );
  }
  final secBytes = BigintUtils.toBytes(
    secret,
    length: generator.curve.baselen,
    order: Endian.little,
  );
  final hash = hashMethod().update([...extendedKey, ...data]).digest();
  final rScalar = Ed25519Utils.scalarReduceConst(hash);
  final R = Ed25519Utils.scalarMultBase(rScalar);
  final kBytes =
      hashMethod().update([...R, ...publicKey.toBytes(), ...data]).digest();
  List<int> s = Ed25519Utils.scalarReduceConst(kBytes);
  List<int> s2 = List.filled(32, 0);
  CryptoOps.scMulAdd(s2, s, secBytes, rScalar);
  CryptoOps.scReduce32Copy(s2, s2);
  if (Ed25519Utils.scIsZero(s) || Ed25519Utils.scIsZero(rScalar)) {
    throw const CryptoSignException(
      "ECDSA signing aborted. s generation failed.",
    );
  }
  final signature = [...R, ...s2];
  if (publicKey.verify(data, signature, hashMethod)) {
    return signature;
  }
  throw CryptoSignException.signatureVerificationFailed;
}