RanchiMall/fcoin
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

schnorr: fix issues mentioned in #89.

Browse Source
This commit is contained in:
Christopher Jeffrey 2016-11-09 18:24:34 -08:00
parent 60a4c0a34d
commit 3bc4fa5822
No known key found for this signature in database
GPG Key ID: 8962AB9DE6666BBD
1 changed files with 26 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
lib/crypto/schnorr.js
View File

@ -11,6 +11,7 @@ var elliptic = require('elliptic');
var Signature = require('elliptic/lib/elliptic/ec/signature');
var hmacDRBG = require('elliptic/lib/elliptic/hmac-drbg');
var crypto = require('./crypto');
var curves = elliptic.curves;
var curve = elliptic.ec('secp256k1').curve;
var sha256 = require('./crypto').sha256;
@ -76,6 +77,9 @@ schnorr._sign = function _sign(msg, prv, k, hash, pubnonce) {
h = schnorr.hash(msg, r.getX(), hash);
if (h.cmpn(0) === 0)
return;
if (h.cmp(curve.n) >= 0)
return;
@ -100,7 +104,7 @@ schnorr._sign = function _sign(msg, prv, k, hash, pubnonce) {
schnorr.sign = function sign(msg, key, hash, pubnonce) {
var prv = new BN(key);
var k, sig;
var k, sig, drbg;
if (prv.cmpn(0) === 0)
throw new Error('Bad private key.');
@ -108,8 +112,10 @@ schnorr.sign = function sign(msg, key, hash, pubnonce) {
if (prv.cmp(curve.n) >= 0)
throw new Error('Bad private key.');
drbg = schnorr.drbg(msg, key, pubnonce);
while (!sig) {
k = new BN(crypto.randomBytes(32));
k = new BN(drbg.generate(curve.n.byteLength()));
sig = schnorr._sign(msg, prv, k, hash, pubnonce);
}
@ -304,16 +310,16 @@ schnorr.partialSign = function partialSign(msg, priv, privnonce, pubs, hash) {
schnorr.alg = new Buffer('Schnorr+SHA256 ', 'ascii');
/**
* Perform hmac drbg according to rfc6979.
* Instantiate an HMAC-DRBG.
* @param {Buffer} msg
* @param {Buffer} priv
* @param {Buffer} data
* @returns {Buffer}
* @returns {HmacDRBG}
*/
schnorr.rfc6979 = function rfc6979(msg, priv, data) {
schnorr.drbg = function drbg(msg, priv, data) {
var kdata = new Buffer(112);
var drbg, prv, pers;
var prv, pers;
kdata.fill(0);
@ -329,16 +335,26 @@ schnorr.rfc6979 = function rfc6979(msg, priv, data) {
msg = toArray(kdata.slice(32, 64));
pers = toArray(kdata.slice(64));
drbg = new hmacDRBG({
hash: require('hash.js').sha256,
return new hmacDRBG({
hash: curves.secp256k1.hash,
entropy: prv,
nonce: msg,
pers: pers
});
};
drbg = drbg.generate(curve.n.byteLength());
/**
* Perform hmac drbg according to rfc6979.
* @param {Buffer} msg
* @param {Buffer} priv
* @param {Buffer} data
* @returns {Buffer}
*/
return new Buffer(drbg);
schnorr.rfc6979 = function rfc6979(msg, priv, data) {
var drbg = schnorr.drbg(msg, priv, data);
var bytes = drbg.generate(curve.n.byteLength());
return new Buffer(bytes);
};
/**