aboutsummaryrefslogtreecommitdiffstats
path: root/src/pubkey
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-09-26 17:08:02 +0000
committerlloyd <[email protected]>2010-09-26 17:08:02 +0000
commitc820501357ac3acc81ddb8fad9fd9fd5fee9b32f (patch)
tree3875bfc6611db18261ec96a5c71a836a265166bd /src/pubkey
parent6e71a3c9eeb838a79d82b19137f1c11b0e58c974 (diff)
If we generate a k such that s or r is 0, don't fail, simply retry
with a new k.
Diffstat (limited to 'src/pubkey')
-rw-r--r--src/pubkey/ecdsa/ecdsa.cpp24
1 files changed, 13 insertions, 11 deletions
diff --git a/src/pubkey/ecdsa/ecdsa.cpp b/src/pubkey/ecdsa/ecdsa.cpp
index 88ef8a38a..2522fa9f3 100644
--- a/src/pubkey/ecdsa/ecdsa.cpp
+++ b/src/pubkey/ecdsa/ecdsa.cpp
@@ -38,21 +38,23 @@ ECDSA_Signature_Operation::sign(const byte msg[], u32bit msg_len,
{
rng.add_entropy(msg, msg_len);
- BigInt k;
- k.randomize(rng, order.bits());
-
- while(k >= order)
- k.randomize(rng, order.bits() - 1);
-
BigInt m(msg, msg_len);
- PointGFp k_times_P = base_point * k;
- BigInt r = mod_order.reduce(k_times_P.get_affine_x());
+ BigInt r = 0, s = 0;
+
+ while(r == 0 || s == 0)
+ {
+ // This contortion is necessary for the tests
+ BigInt k;
+ k.randomize(rng, order.bits());
- if(r == 0)
- throw Internal_Error("ECDSA_Signature_Operation: r was zero");
+ while(k >= order)
+ k.randomize(rng, order.bits() - 1);
- BigInt s = mod_order.multiply(inverse_mod(k, order), mul_add(x, r, m));
+ PointGFp k_times_P = base_point * k;
+ r = mod_order.reduce(k_times_P.get_affine_x());
+ s = mod_order.multiply(inverse_mod(k, order), mul_add(x, r, m));
+ }
SecureVector<byte> output(2*order.bytes());
r.binary_encode(&output[output.size() / 2 - r.bytes()]);