frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modulo-reduce msg32 inside RFC6979 nonce fn to match spec. Fixes #1063.

Browse Source
This commit is contained in:
Paul Miller 2022-01-17 04:07:16 +02:00
parent a1102b1219
commit 45f37b6506
No known key found for this signature in database
GPG Key ID: 46BEEF337A641ABB
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/secp256k1.c
View File

@ -423,8 +423,12 @@ static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *m
unsigned int offset = 0; unsigned int offset = 0;
secp256k1_rfc6979_hmac_sha256 rng; secp256k1_rfc6979_hmac_sha256 rng;
unsigned int i; unsigned int i;
secp256k1_scalar msg;
unsigned char msgmod32[32];
secp256k1_scalar_set_b32(&msg, msg32, NULL);
secp256k1_scalar_get_b32(msgmod32, &msg);
/* We feed a byte array to the PRNG as input, consisting of: /* We feed a byte array to the PRNG as input, consisting of:
* - the private key (32 bytes) and message (32 bytes), see RFC 6979 3.2d. * - the private key (32 bytes) and reduced message (32 bytes), see RFC 6979 3.2d.
* - optionally 32 extra bytes of data, see RFC 6979 3.6 Additional Data. * - optionally 32 extra bytes of data, see RFC 6979 3.6 Additional Data.
* - optionally 16 extra bytes with the algorithm name. * - optionally 16 extra bytes with the algorithm name.
* Because the arguments have distinct fixed lengths it is not possible for * Because the arguments have distinct fixed lengths it is not possible for
@ -432,7 +436,7 @@ static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *m
* nonces. * nonces.
*/ */
buffer_append(keydata, &offset, key32, 32); buffer_append(keydata, &offset, key32, 32);
buffer_append(keydata, &offset, msg32, 32); buffer_append(keydata, &offset, msgmod32, 32);
if (data != NULL) { if (data != NULL) {
buffer_append(keydata, &offset, data, 32); buffer_append(keydata, &offset, data, 32);
} }