Skip to content

Instantly share code, notes, and snippets.

@dominiek
Created February 16, 2018 03:02
Show Gist options
  • Save dominiek/6bf3e36b1d49f6a7311231e68c72047b to your computer and use it in GitHub Desktop.
Save dominiek/6bf3e36b1d49f6a7311231e68c72047b to your computer and use it in GitHub Desktop.
elliptic_signing.js
EC.prototype.sign = function sign(msg, key, enc, options) {
if (typeof enc === 'object') {
options = enc;
enc = null;
}
if (!options)
options = {};
key = this.keyFromPrivate(key, enc);
msg = this._truncateToN(new BN(msg, 16));
// Zero-extend key to provide enough entropy
var bytes = this.n.byteLength();
var bkey = key.getPrivate().toArray('be', bytes);
// Zero-extend nonce to have the same byte size as N
var nonce = msg.toArray('be', bytes);
// Instantiate Hmac_DRBG
var drbg = new HmacDRBG({
hash: this.hash,
entropy: bkey,
nonce: nonce,
pers: options.pers,
persEnc: options.persEnc || 'utf8'
});
// Number of bytes to generate
var ns1 = this.n.sub(new BN(1));
for (var iter = 0; true; iter++) {
var k = options.k ?
options.k(iter) :
new BN(drbg.generate(this.n.byteLength()));
k = this._truncateToN(k, true);
if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0)
continue;
var kp = this.g.mul(k);
if (kp.isInfinity())
continue;
var kpX = kp.getX();
var r = kpX.umod(this.n);
if (r.cmpn(0) === 0)
continue;
var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg));
s = s.umod(this.n);
if (s.cmpn(0) === 0)
continue;
var recoveryParam = (kp.getY().isOdd() ? 1 : 0) |
(kpX.cmp(r) !== 0 ? 2 : 0);
// Use complement of `s`, if it is > `n / 2`
if (options.canonical && s.cmp(this.nh) > 0) {
s = this.n.sub(s);
recoveryParam ^= 1;
}
return new Signature({ r: r, s: s, recoveryParam: recoveryParam });
}
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment