ECDSA adjustments

This commit is contained in:
Paul Miller 2023-01-08 17:46:55 +00:00
parent 5600629bca
commit 9f7df0f13b
No known key found for this signature in database
GPG Key ID: 697079DA6878B89B
2 changed files with 23 additions and 7 deletions

@ -922,16 +922,16 @@ export function weierstrass(curveDef: CurveType): CurveFn {
function bits2int_2(bytes: Uint8Array): bigint { function bits2int_2(bytes: Uint8Array): bigint {
const delta = bytes.length * 8 - CURVE.nBitLength; const delta = bytes.length * 8 - CURVE.nBitLength;
const big = bytesToNumberBE(bytes); const num = bytesToNumberBE(bytes);
return delta > 0 ? big >> BigInt(delta) : big; return delta > 0 ? num >> BigInt(delta) : num;
} }
// Ensures ECDSA message hashes are 32 bytes and < curve order // Ensures ECDSA message hashes are 32 bytes and < curve order
function _truncateHash(hash: Uint8Array, truncateOnly = false): bigint { function _truncateHash(hash: Uint8Array, truncateOnly = false): bigint {
let h = bits2int_2(hash); const h = bits2int_2(hash);
if (truncateOnly) return h;
const { n } = CURVE; const { n } = CURVE;
if (!truncateOnly && h >= n) h -= n; return h >= n ? h - n : h;
return h;
} }
const truncateHash = CURVE.truncateHash || _truncateHash; const truncateHash = CURVE.truncateHash || _truncateHash;
@ -1134,8 +1134,19 @@ export function weierstrass(curveDef: CurveType): CurveFn {
// RFC6979 methods // RFC6979 methods
function bits2int(bytes: Uint8Array): bigint { function bits2int(bytes: Uint8Array): bigint {
const { nByteLength } = CURVE; const { nByteLength } = CURVE;
if (!(bytes instanceof Uint8Array)) throw new Error('Expected Uint8Array');
const slice = bytes.length > nByteLength ? bytes.slice(0, nByteLength) : bytes; const slice = bytes.length > nByteLength ? bytes.slice(0, nByteLength) : bytes;
return bytesToNumberBE(slice); // const slice = bytes; nByteLength; nBitLength;
let num = bytesToNumberBE(slice);
// const { nBitLength } = CURVE;
// const delta = (bytes.length * 8) - nBitLength;
// if (delta > 0) {
// // console.log('bits=', bytes.length*8, 'CURVE n=', nBitLength, 'delta=', delta);
// // console.log(bytes.length, nBitLength, delta);
// // console.log(bytes, new Error().stack);
// num >>= BigInt(delta);
// }
return num;
} }
function bits2octets(bytes: Uint8Array): Uint8Array { function bits2octets(bytes: Uint8Array): Uint8Array {
const z1 = bits2int(bytes); const z1 = bits2int(bytes);

@ -2,6 +2,7 @@ import { deepStrictEqual, throws } from 'assert';
import { should } from 'micro-should'; import { should } from 'micro-should';
import * as fc from 'fast-check'; import * as fc from 'fast-check';
import * as mod from '../lib/esm/abstract/modular.js'; import * as mod from '../lib/esm/abstract/modular.js';
import { bytesToHex as toHex } from '../lib/esm/abstract/utils.js';
// Generic tests for all curves in package // Generic tests for all curves in package
import { secp192r1 } from '../lib/esm/p192.js'; import { secp192r1 } from '../lib/esm/p192.js';
import { secp224r1 } from '../lib/esm/p224.js'; import { secp224r1 } from '../lib/esm/p224.js';
@ -497,7 +498,11 @@ for (const name in CURVES) {
const priv = C.utils.randomPrivateKey(); const priv = C.utils.randomPrivateKey();
const pub = C.getPublicKey(priv); const pub = C.getPublicKey(priv);
const sig = C.sign(msg, priv); const sig = C.sign(msg, priv);
deepStrictEqual(C.verify(sig, msg, pub), true); deepStrictEqual(
C.verify(sig, msg, pub),
true,
`priv=${toHex(priv)},pub=${toHex(pub)},msg=${msg}`
);
}), }),
{ numRuns: NUM_RUNS } { numRuns: NUM_RUNS }
) )