diff options
author | lloyd <[email protected]> | 2010-09-26 17:08:02 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-09-26 17:08:02 +0000 |
commit | c820501357ac3acc81ddb8fad9fd9fd5fee9b32f (patch) | |
tree | 3875bfc6611db18261ec96a5c71a836a265166bd /src/pubkey | |
parent | 6e71a3c9eeb838a79d82b19137f1c11b0e58c974 (diff) |
If we generate a k such that s or r is 0, don't fail, simply retry
with a new k.
Diffstat (limited to 'src/pubkey')
-rw-r--r-- | src/pubkey/ecdsa/ecdsa.cpp | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/src/pubkey/ecdsa/ecdsa.cpp b/src/pubkey/ecdsa/ecdsa.cpp index 88ef8a38a..2522fa9f3 100644 --- a/src/pubkey/ecdsa/ecdsa.cpp +++ b/src/pubkey/ecdsa/ecdsa.cpp @@ -38,21 +38,23 @@ ECDSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, { rng.add_entropy(msg, msg_len); - BigInt k; - k.randomize(rng, order.bits()); - - while(k >= order) - k.randomize(rng, order.bits() - 1); - BigInt m(msg, msg_len); - PointGFp k_times_P = base_point * k; - BigInt r = mod_order.reduce(k_times_P.get_affine_x()); + BigInt r = 0, s = 0; + + while(r == 0 || s == 0) + { + // This contortion is necessary for the tests + BigInt k; + k.randomize(rng, order.bits()); - if(r == 0) - throw Internal_Error("ECDSA_Signature_Operation: r was zero"); + while(k >= order) + k.randomize(rng, order.bits() - 1); - BigInt s = mod_order.multiply(inverse_mod(k, order), mul_add(x, r, m)); + PointGFp k_times_P = base_point * k; + r = mod_order.reduce(k_times_P.get_affine_x()); + s = mod_order.multiply(inverse_mod(k, order), mul_add(x, r, m)); + } SecureVector<byte> output(2*order.bytes()); r.binary_encode(&output[output.size() / 2 - r.bytes()]); |