// Sign is the exported version of sign. It uses RFC6979 and Blake256 to // produce a Schnorr signature. func Sign(curve *secp256k1.KoblitzCurve, priv *secp256k1.PrivateKey, hash []byte) (r, s *big.Int, err error) { // Convert the private scalar to a 32 byte big endian number. pA := BigIntToEncodedBytes(priv.GetD()) defer zeroArray(pA) // Generate a 32-byte scalar to use as a nonce. Try RFC6979 // first. kB := nonceRFC6979(priv.Serialize(), hash, nil, nil) for { sig, err := schnorrSign(curve, hash, pA[:], kB, nil, nil, chainhash.HashFuncB) if err == nil { r = sig.GetR() s = sig.GetS() break } errTyped, ok := err.(SchnorrError) if !ok { return nil, nil, fmt.Errorf("unknown error type") } if errTyped.GetCode() != ErrSchnorrHashValue { return nil, nil, err } // We need to compute a new nonce, because the one we used // didn't work. Compute a random nonce. _, err = rand.Read(kB) if err != nil { return nil, nil, err } } return r, s, nil }