// Appends to data the first (len(data) / 32)bits of the result of sha256(data)
// Currently only supports data up to 32 bytes
func addChecksum(data []byte) []byte {
// Get first byte of sha256
hasher := sha256.New()
hasher.Write(data)
hash := hasher.Sum(nil)
firstChecksumByte := hash[0]
// len() is in bytes so we divide by 4
checksumBitLength := uint(len(data) / 4)
// For each bit of check sum we want we shift the data one the left
// and then set the (new) right most bit equal to checksum bit at that index
// staring from the left
dataBigInt := new(big.Int).SetBytes(data)
for i := uint(0); i < checksumBitLength; i++ {
// Bitshift 1 left
dataBigInt.Mul(dataBigInt, BigTwo)
// Set rightmost bit if leftmost checksum bit is set
if uint8(firstChecksumByte&(1<<(7-i))) > 0 {
dataBigInt.Or(dataBigInt, BigOne)
}
}
return dataBigInt.Bytes()
}
func (ek *ExtendedPublicKey) Serialize() {
serialized := make([]byte, 78)
//4 byte: version bytes (mainnet: 0x0488B21E public, 0x0488ADE4 private; testnet: 0x043587CF public, 0x04358394 private)
copy(serialized[0:], ek.Version)
//1 byte: depth: 0x00 for master nodes, 0x01 for level-1 derived keys, ....
serialized[4] = ek.Depth
//4 bytes: the fingerprint of the parent's key (0x00000000 if master key)
copy(serialized[5:], ek.ParentFingerPrint)
//4 bytes: child number. This is ser32(i) for i in xi = xpar/i, with xi the key being serialized. (0x00000000 if master key)
binary.BigEndian.PutUint32(serialized[9:], ek.ChildNumber)
//32 bytes: the chain code
copy(serialized[13:], ek.Chaincode)
//33 bytes: serP(K) for public keys
copy(serialized[45:], ek.PublicKey)
//add 32 checksum bits (derived from the double SHA-256 checksum)
firstSha256 := sha256.New()
firstSha256.Write(serialized)
one := firstSha256.Sum(nil)
secondSha256 := sha256.New()
secondSha256.Write(one)
checksum := secondSha256.Sum(nil)[:4]
serializedChecksum := make([]byte, 82)
copy(serializedChecksum[0:], serialized)
copy(serializedChecksum[78:], checksum)
//convert to the Base58 representation
buf := base58.Encode(serializedChecksum)
fmt.Println(buf)
}
func (k *keyDataGeneratorContents) GenerateKeyData(stream io.ReadCloser, keyData []byte) (
equalStream io.ReadCloser, err error) {
// Ensure the stream is closed once we're out of here
defer stream.Close()
if len(keyData) > sha256.Size {
// This should not happen when called from within this package. We
// don't use ciphers that need more than 32 bytes of key data.
return nil, errKeyDataToLarge
}
// We need a temporary buffer to save the contents of the stream
tempBuffer, err := newSecureTempBuffer()
if err != nil {
return nil, err
}
defer tempBuffer.Close()
// Store in temp buffer and calculate sha in the meantime
hasher := sha256.New()
_, err = io.Copy(tempBuffer, io.TeeReader(stream, hasher))
if err != nil {
return nil, err
}
hash := hasher.Sum(nil)
// Use hash to fill the keyData array
copy(keyData, hash)
// Ensure we read the same contents by requiring same hash on the data
return newReaderHashValidator(tempBuffer.Reader(), sha256.New(), hash), nil
}
func dblSha256(data []byte) []byte {
sha1 := sha256.New()
sha2 := sha256.New()
sha1.Write(data)
sha2.Write(sha1.Sum(nil))
return sha2.Sum(nil)
}
func TestGenerateKeys(t *testing.T) {
var err error
if testSender, err = dhkam.GenerateKey(rand.Reader); err != nil {
fmt.Println(err.Error())
t.FailNow()
}
if testReceiver, err = dhkam.GenerateKey(rand.Reader); err != nil {
fmt.Println(err.Error())
t.FailNow()
}
testSenderKEK = testSender.InitializeKEK(rand.Reader,
&testReceiver.PublicKey, dhkam.KEKAES128CBCHMACSHA256, nil, sha256.New())
if testSenderKEK == nil {
fmt.Println(ErrInvalidKEKParams.Error())
t.FailNow()
}
testReceiverKEK = testReceiver.InitializeKEK(rand.Reader,
&testSender.PublicKey, dhkam.KEKAES128CBCHMACSHA256, nil, sha256.New())
if testReceiverKEK == nil {
fmt.Println(ErrInvalidKEKParams.Error())
t.FailNow()
}
if testmsg, err = ioutil.ReadFile("README"); err != nil {
fmt.Println(err.Error())
t.FailNow()
}
}
func GenerateSin(pubkey []byte) string {
// FIRST STEP - COMPLETE
sha_256 := sha256.New()
sha_256.Write(pubkey)
// SECOND STEP - COMPLETE
rip := ripemd160.New()
rip.Write(sha_256.Sum(nil))
// THIRD STEP - COMPLETE
sin_version, _ := hex.DecodeString("0f02")
pubPrefixed := append(sin_version, rip.Sum(nil)...)
// FOURTH STEP - COMPLETE
sha2nd := sha256.New()
sha2nd.Write([]byte(pubPrefixed))
sha3rd := sha256.New()
sha3rd.Write([]byte(sha2nd.Sum(nil)))
// // FIFTH STEP - COMPLETE
checksum := sha3rd.Sum(nil)[0:4]
// SIXTH STEP - COMPLETE
pubWithChecksum := append(pubPrefixed, checksum...)
// SIN
sin := base58.Encode(pubWithChecksum)
return sin
}
// NewSignature generates a ECDSA signature given the raw transaction and privateKey to sign with
func NewSignature(rawTransaction []byte, privateKey []byte) ([]byte, error) {
//Start secp256k1
secp256k1.Start()
var privateKey32 [32]byte
for i := 0; i < 32; i++ {
privateKey32[i] = privateKey[i]
}
//Get the raw public key
publicKey, success := secp256k1.Pubkey_create(privateKey32, false)
if !success {
return nil, errors.New("Failed to create public key from provided private key.")
}
//Hash the raw transaction twice with SHA256 before the signing
shaHash := sha256.New()
shaHash.Write(rawTransaction)
var hash []byte = shaHash.Sum(nil)
shaHash2 := sha256.New()
shaHash2.Write(hash)
rawTransactionHashed := shaHash2.Sum(nil)
//Sign the raw transaction
signedTransaction, success := secp256k1.Sign(rawTransactionHashed, privateKey32, newNonce())
if !success {
return nil, errors.New("Failed to sign transaction")
}
//Verify that it worked.
verified := secp256k1.Verify(rawTransactionHashed, signedTransaction, publicKey)
if !verified {
return nil, errors.New("Failed to verify signed transaction")
}
//Stop secp256k1 and return signature
secp256k1.Stop()
return signedTransaction, nil
}
func main() {
// read whole the file
b, err := ioutil.ReadFile("file")
if err != nil {
panic(err)
}
blocks := (len(b) / 1024)
if len(b)%1024 == 0 {
blocks--
}
firstBlock := true
currentHash := sha256.New()
for i := blocks; i >= 0; i-- {
startIndex := i * 1024
endIndex := startIndex + 1024
block := b[startIndex:endIndex]
if firstBlock {
block = b[startIndex:]
} else {
//append current hash to block
block = currentHash.Sum(block)
}
firstBlock = false
//hash current block
currentHash = sha256.New()
currentHash.Write(block)
}
resultingHash := hex.EncodeToString(currentHash.Sum(make([]byte, 0)))
fmt.Println(resultingHash)
}
func main() {
if os.Args[1] == "-h" {
toHash := os.Args[2]
hasher := sha256.New()
hasher.Write([]byte(toHash))
fmt.Println(base64.URLEncoding.EncodeToString(hasher.Sum(nil)))
return
} else if os.Args[1] == "-i" {
toHash := os.Args[3]
hasher := sha256.New()
hasher.Write([]byte(toHash))
p := base64.URLEncoding.EncodeToString(hasher.Sum(nil))
u := os.Args[2]
h := os.Args[4]
if db.Exists(u) == 0 {
did := db.InsertUser(u, p, h, false)
fmt.Println(did)
} else {
fmt.Println("Failed due to existence/failure")
}
} else if os.Args[1] == "-f" {
db.Fix()
}
}
func TestChunker(t *testing.T) {
// setup data source
buf := getRandom(23, 32*1024*1024)
ch := chunker.New(bytes.NewReader(buf), testPol, sha256.New())
chunks := testWithData(t, ch, chunks1)
// test reader
for i, c := range chunks {
rd := c.Reader(bytes.NewReader(buf))
h := sha256.New()
n, err := io.Copy(h, rd)
if err != nil {
t.Fatalf("io.Copy(): %v", err)
}
if uint(n) != chunks1[i].Length {
t.Fatalf("reader returned wrong number of bytes: expected %d, got %d",
chunks1[i].Length, n)
}
d := h.Sum(nil)
if !bytes.Equal(d, chunks1[i].Digest) {
t.Fatalf("wrong hash returned: expected %02x, got %02x",
chunks1[i].Digest, d)
}
}
// setup nullbyte data source
buf = bytes.Repeat([]byte{0}, len(chunks2)*chunker.MinSize)
ch = chunker.New(bytes.NewReader(buf), testPol, sha256.New())
testWithData(t, ch, chunks2)
}
func keyList(ks *store.KeyStore, cfg *config) error {
updated := time.Unix(ks.Timestamp, 0).Format(timeFormat)
fmt.Println("Key store was last updated", updated)
fmt.Printf("%d keys stored\n", len(ks.Keys))
fmt.Println("Owner public key:")
h := sha256.New()
h.Write(ks.PublicKey)
fmt.Printf("\tFingerprint: %x\n", h.Sum(nil))
if len(ks.Keys) > 0 {
fmt.Println("Key store:")
for k, v := range ks.Keys {
fmt.Printf("\t%s\n", k)
ut := time.Unix(v.Timestamp, 0)
st := time.Unix(v.SignatureTime, 0)
signer, ok := ks.FindPublic(v.KeySigner)
if !ok {
signer = "<unknown>"
}
h = sha256.New()
h.Write(v.Keys)
fmt.Printf("\t\tLast update: %s\n", ut.Format(timeFormat))
fmt.Printf("\t\t Signed at: %s\n", st.Format(timeFormat))
fmt.Printf("\t\t Signed by: %s\n", signer)
fmt.Printf("\t\tFingerprint: %x\n", h.Sum(nil))
}
}
return nil
}
// Creates a new tree hasher.
func NewTreeHash() *TreeHash {
var result TreeHash
result.whole = sha256.New()
result.part = sha256.New()
result.hashers = io.MultiWriter(result.whole, result.part)
result.nodes = make([]treeHashNode, 0)
return &result
}
//TODO: test and add to tests
//double SHA-256 hashing of a single byte array
func DoubleSHA(b []byte) []byte {
var h hash.Hash = sha256.New()
h.Write(b)
var h2 hash.Hash = sha256.New()
h2.Write(h.Sum(nil))
return h2.Sum(nil)
}
// DoubleSHA256 computes a double sha256 hash of the first 21 bytes of the
// address. This is the one function shared with the other bitcoin RC task.
// Returned is the full 32 byte sha256 hash. (The bitcoin checksum will be
// the first four bytes of the slice.)
func (a *A25) doubleSHA256() []byte {
h := sha256.New()
h.Write(a[:21])
d := h.Sum([]byte{})
h = sha256.New()
h.Write(d)
return h.Sum(d[:0])
}
/**
* xzDecInit - Allocate and initialize a XZ decoder state
* @dictMax: Maximum size of the LZMA2 dictionary (history buffer) for
* decoding. LZMA2 dictionary is always 2^n bytes
* or 2^n + 2^(n-1) bytes (the latter sizes are less common
* in practice), so other values for dictMax don't make sense.
*
* dictMax specifies the maximum allowed dictionary size that xzDecRun
* may allocate once it has parsed the dictionary size from the stream
* headers. This way excessive allocations can be avoided while still
* limiting the maximum memory usage to a sane value to prevent running the
* system out of memory when decompressing streams from untrusted sources.
*
* xzDecInit returns a pointer to an xzDec, which is ready to be used with
* xzDecRun.
*/
func xzDecInit(dictMax uint32) *xzDec {
s := new(xzDec)
s.lzma2 = xzDecLZMA2Create(dictMax)
s.block.hash.sha256 = sha256.New()
s.index.hash.sha256 = sha256.New()
xzDecReset(s)
return s
}
// Fountain takes an io.Reader from a source file and implements a Luby
// Transform fountain code encoding algorithm over the file. It uses degree
// of distribution, chunk size, and a percent of chunks to generate into
// blocks.
func Fountain(src io.Reader, dist int, size int, perc float32, signature string) []Block {
// Still requires signature for signing blocks
// Convert io.Reader to string
buf := new(bytes.Buffer)
buf.ReadFrom(src)
s := buf.String()
// Setting hash seed
id := s
// Chunking source string
chunks := make([]string, len(s)/size)
for i := 0; i < len(s)/size; i++ {
chunks[i] = s[i*size : (i*size)+size]
}
// Padding last chunk
remainder := s[(len(s)-1)-(len(s)%size):]
remainder = remainder + string([]byte{1})
for (size - len(remainder)) > 0 {
remainder = remainder + string([]byte{0})
}
chunks = append(chunks, remainder)
// Combining chunks into blocks
blocks := []Block{}
for i := 0; i < int(float32(len(chunks))*perc); i++ {
// Generate Id hash
h := sha256.New()
io.WriteString(h, id)
id = string(h.Sum(nil))
// Randomly selects first block element
index := random(0, len(chunks)-1)
parents := []string{string(index)}
data := chunks[index]
// Randomly selects subsequent elements
for j := 0; j < random(0, dist-1); j++ {
index := random(0, len(chunks)-1)
parents = append(parents, string(index))
data = xor(data, chunks[index])
}
// Hash content and prepend hash to content
h = sha256.New()
io.WriteString(h, data+signature)
shash := string(h.Sum(nil))
// Append block to resulting []Block
blocks = append(blocks, Block{id, parents, data, shash})
}
return blocks
}
// GitHookInstalled is used to check if a given hook is installed as
// specified, it does nothing more, Params:
// h (*GitHookMgr): the hook mgr structure (find location of repo/etc)
// path (string): where is the hook we wish to install?
// name (string): what is the "git name" for the hook?
// link (bool): is hook a symlink to hookPath, or full copy/install?
// Returns boolean, true if hook is installed as specified, false otherwise
func GitHookInstalled(h *GitHookMgr, path, name string, link bool) bool {
cachedPathHashes := make(map[string]string)
repoPath, _, err := h.Exists(LocalPath)
hookInstalled := false
hookInstallPath := ""
if err == nil && repoPath != "" { // if the local path exists...
hookInstallPath = filepath.Join(repoPath, ".git", "hooks", name)
if isBareRepo(repoPath) {
hookInstallPath = filepath.Join(repoPath, "hooks", name)
}
if link { // if client wants a link, see if link is there already...
fileInfo, err := os.Lstat(hookInstallPath)
if err != nil {
return false // if not there then installed is false
}
if fileInfo.Mode()&os.ModeSymlink == 0 {
return false // if not a symlink then installed is false
}
originFile, err := os.Readlink(hookInstallPath)
if err != nil {
return false // if cannot read link, installed is false
}
if originFile != path {
return false // target is not what we wanted, installed is false
}
hookInstalled = true
} else { // user wants copy of file, see if there and sha matches..
if there, err := file.Exists(hookInstallPath); err != nil || !there {
return false // err checking existence|not there, not installed
}
installed, err := ioutil.ReadFile(hookInstallPath)
hasher := sha256.New()
hasher.Write(installed)
installedFileHash := hex.EncodeToString(hasher.Sum(nil))
if err != nil {
return false // failed to read file, assume not installed
}
wantedFileHash := ""
if cachedHash, ok := cachedPathHashes[path]; ok {
wantedFileHash = cachedHash // only gen the hash of the target file once per pass
} else {
wanted, err2 := ioutil.ReadFile(path)
if err2 != nil {
return false // failed to read file, assume not installed
}
hasher = sha256.New()
hasher.Write(wanted)
wantedFileHash = hex.EncodeToString(hasher.Sum(nil))
}
if installedFileHash != wantedFileHash {
return false // sha's differ, assume rev we want not installed
}
hookInstalled = true
}
}
return hookInstalled
}
// Hash takes a salt and provided string and returns their corresponding
// combined sha256 string
func Hash(salt, provided string) string {
hasher := sha256.New()
hasher.Write([]byte(provided))
first := hex.EncodeToString(hasher.Sum(nil))
hasher = sha256.New()
hasher.Write(append([]byte(first), salt...))
return hex.EncodeToString(hasher.Sum(nil))
}
/**
* xzDecInit - Allocate and initialize a XZ decoder state
* @dictMax: Maximum size of the LZMA2 dictionary (history buffer) for
* decoding. LZMA2 dictionary is always 2^n bytes
* or 2^n + 2^(n-1) bytes (the latter sizes are less common
* in practice), so other values for dictMax don't make sense.
*
* dictMax specifies the maximum allowed dictionary size that xzDecRun
* may allocate once it has parsed the dictionary size from the stream
* headers. This way excessive allocations can be avoided while still
* limiting the maximum memory usage to a sane value to prevent running the
* system out of memory when decompressing streams from untrusted sources.
*
* xzDecInit returns a pointer to an xzDec, which is ready to be used with
* xzDecRun.
*/
func xzDecInit(dictMax uint32, header *Header) *xzDec {
s := new(xzDec)
s.crc32 = crc32.NewIEEE()
s.Header = header
s.block.hash.sha256 = sha256.New()
s.index.hash.sha256 = sha256.New()
s.lzma2 = xzDecLZMA2Create(dictMax)
xzDecReset(s)
return s
}
func main() {
flag.Parse()
// Read the input file
in, err := ioutil.ReadFile(*inFile)
if err != nil {
log.Fatalf("input file: %s", err)
}
fmt.Println(len(in), in)
// Read the private key
pemData, err := ioutil.ReadFile(*keyFile)
if err != nil {
log.Fatalf("read key file: %s", err)
}
// Extract the PEM-encoded data block
block, _ := pem.Decode(pemData)
if block == nil {
log.Fatalf("bad key data: %s", "not PEM-encoded")
}
if got, want := block.Type, "RSA PRIVATE KEY"; got != want {
log.Fatalf("unknown key type %q, want %q", got, want)
}
// Decode the RSA private key
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
log.Fatalf("bad private key: %s", err)
}
label := []byte("orders")
var out []byte
if *decrypt {
// Decrypt the data
out, err = rsa.DecryptOAEP(sha256.New(), rand.Reader, priv, in, label)
if err != nil {
log.Fatalf("decrypt: %s", err)
}
} else {
out, err = rsa.EncryptOAEP(sha256.New(), rand.Reader, &priv.PublicKey, in, label)
if err != nil {
log.Fatalf("encrypt: %s", err)
}
//fmt.Println(priv.PublicKey)
//fmt.Println(priv)
}
// Write data to output file
if err := ioutil.WriteFile(*outFile, out, 0600); err != nil {
log.Fatalf("write output: %s", err)
}
}
// GenHash generate SHA-256 hash for given password and salt
func GenHash(password, salt string) string {
hasher := sha256.New()
hasher.Write([]byte(password + salt))
prehash := fmt.Sprintf("%064x", hasher.Sum(nil))
hasher2 := sha256.New()
hasher2.Write([]byte(salt + prehash))
return fmt.Sprintf("%x", hasher.Sum(nil))
}
//ComputeBlockHash computes the SHA256 double-hash of the block header
func ComputeBlockHash(Block *block.Block) (string, error) {
hasher := sha256.New()
slicetwo := append(Block.Header.BytePreviousBlockHash[:], Block.Header.ByteMerkleRoot[:]...)
slicethree := append(Block.Header.ByteTimeStamp[:], Block.Header.ByteTargetValue[:]...)
slicefour := append(slicethree[:], Block.Header.ByteNonce[:]...)
slicetwofour := append(slicetwo[:], slicefour[:]...)
kimbo := append(Block.Header.ByteFormatVersion, slicetwofour...)
hasher.Write(kimbo)
slasher := hasher.Sum(nil)
hasherTwo := sha256.New()
hasherTwo.Write(slasher)
return hex.EncodeToString(hasherTwo.Sum(nil)), nil
}
//TODO: test and add to tests
//double SHA-256 hash of a concatenation of the reverse of two inputs
func DoubleSHAPairRev(a []byte, b []byte) []byte {
var tmp []byte
//hash the concatenation of the reverse of both inputs
var answer hash.Hash = sha256.New()
//answer.Write(append(a[:]+b[:]))
answer.Write(append(Rev(a), Rev(b)...))
//hash it again
tmp = answer.Sum(nil)
answer = sha256.New()
answer.Write(tmp)
return Rev(answer.Sum(nil)) //return the reverse of the output
}
//TODO: test and add to tests
//double SHA-256 hash of a concatenation of the two inputs
func DoubleSHAPair(a []byte, b []byte) []byte {
var tmp []byte
//hash the concatenation of the two inputs
var answer hash.Hash = sha256.New()
answer.Write(append(a, b...))
//hash it the second time
tmp = answer.Sum(nil)
answer = sha256.New()
answer.Write(tmp)
return answer.Sum(nil) //return
}
//BitcoinRipeMD160ToAddress takes 20 byte RipeMD160 hash and returns the 25-byte address as well as updates the address representation of the output
func BitcoinRipeMD160ToAddress(hash160 []byte, address *block.Address) []byte {
ret := append([]byte{0}, hash160[:]...) //append network byte of 0 (main network) as checksum
sha2 := sha256.New()
sha2.Write(ret) //sha256 on ripemd hash
hash3 := sha2.Sum(nil)
sha3 := sha256.New()
sha3.Write(hash3) // compute second hash to get checksum to store at end of output
hash4 := sha3.Sum(nil)
ret = append(ret[:], hash4[0:4]...)
address.Address = BitcoinToASCII(ret)
address.RipeMD160 = hex.EncodeToString(hash160)
address.PublicKey = hex.EncodeToString(hash160)
return ret
}
func (uid *UserId) calcScopedDigest(pubkey *Pubkey) string {
h := sha256.New()
h.Write([]byte(pubkey.RFingerprint))
h.Write([]byte("{uid}"))
h.Write(uid.Packet)
return toAscii85String(h.Sum(nil))
}
// HashData returns the sha256 sum of src.
func HashData(src io.Reader) (string, error) {
h := sha256.New()
if _, err := io.Copy(h, src); err != nil {
return "", err
}
return "sha256:" + hex.EncodeToString(h.Sum(nil)), nil
}
// Generate a human readable sha1 hash of the given file path
func hashFile(path string) (hashes FileInfo, err error) {
f, err := os.Open(path)
if err != nil {
return
}
defer f.Close()
reader := bufio.NewReader(f)
if GetConfig().Hashes.SHA1 {
sha1Hash := sha1.New()
_, err = io.Copy(sha1Hash, reader)
if err == nil {
hashes.Sha1 = hex.EncodeToString(sha1Hash.Sum(nil))
}
}
if GetConfig().Hashes.SHA256 {
sha256Hash := sha256.New()
_, err = io.Copy(sha256Hash, reader)
if err == nil {
hashes.Sha256 = hex.EncodeToString(sha256Hash.Sum(nil))
}
}
if GetConfig().Hashes.MD5 {
md5Hash := md5.New()
_, err = io.Copy(md5Hash, reader)
if err == nil {
hashes.Md5 = hex.EncodeToString(md5Hash.Sum(nil))
}
}
return
}
func (obj FileType) StateOKFile() bool {
if PathIsDir(obj.Path) {
log.Fatal("This should only be called on a File type.")
}
// run a diff, and return true if needs changing
hash := sha256.New()
f, err := os.Open(obj.Path)
if err != nil {
//log.Fatal(err)
return false
}
defer f.Close()
if _, err := io.Copy(hash, f); err != nil {
//log.Fatal(err)
return false
}
sha256sum := hex.EncodeToString(hash.Sum(nil))
//fmt.Printf("sha256sum: %v\n", sha256sum)
if obj.HashSHA256fromContent() == sha256sum {
return true
}
return false
}
func EcdsaSign(priv, hash []byte) (r, s *big.Int, err error) {
var sig secp256k1.Signature
var sec, msg, nonce secp256k1.Number
sec.SetBytes(priv)
msg.SetBytes(hash)
sha := sha256.New()
sha.Write(priv)
sha.Write(hash)
for {
var buf [32]byte
rand.Read(buf[:])
sha.Write(buf[:])
nonce.SetBytes(sha.Sum(nil))
if nonce.Sign() > 0 && nonce.Cmp(&secp256k1.TheCurve.Order.Int) < 0 {
break
}
}
if sig.Sign(&sec, &msg, &nonce, nil) != 1 {
err = errors.New("ESCDS Sign error()")
}
return &sig.R.Int, &sig.S.Int, nil
}