ecdsa: adhere strictly to RFC6979
The previous impl. was in breach of the following section: > Please note that when k is generated from T, the result of bits2int is > compared to q, not reduced modulo q. If the value is not between 1 and > q-1, the process loops. > Performing a simple modular reduction would induce biases that would be > detrimental to signature security.
This commit is contained in:
Daniel Cousens
parent
d93623e2b1
commit
776656df8b
2 changed files with 27 additions and 8 deletions
test
|
|
@ -15,7 +15,7 @@ var fixtures = require('./fixtures/ecdsa.json')
|
|||
describe('ecdsa', function() {
|
||||
describe('deterministicGenerateK', function() {
|
||||
fixtures.valid.forEach(function(f) {
|
||||
it('determines k for \"' + f.message + '\"', function() {
|
||||
it('for \"' + f.message + '\"', function() {
|
||||
var d = BigInteger.fromHex(f.d)
|
||||
var h1 = crypto.sha256(f.message)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue