From 95bfb188490ae519ef18a224a92d6e49d38493eb Mon Sep 17 00:00:00 2001 From: bip32JP Date: Fri, 2 Jan 2015 15:32:33 +0900 Subject: [PATCH 1/2] Fix the error loop. I added a similar badrs function to python-ecdsa and compared the results. The 1 badrs (aka forcing it to loop once) gave me a different value. It turns out you missed one of the `v = hmac_k(v)` steps during the loop. Adding one extra `v = hmac_k(v)` in each loop makes it match up with python-ecdsa perfectly (I even tried up to badrs = 30 and it was fine. --- lib/crypto/ecdsa.js | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/crypto/ecdsa.js b/lib/crypto/ecdsa.js index 9ab220d0e..42fa7749e 100644 --- a/lib/crypto/ecdsa.js +++ b/lib/crypto/ecdsa.js @@ -100,6 +100,7 @@ ECDSA.prototype.deterministicK = function(badrs) { for (var i = 0; i < badrs || !(T.lt(N) && T.gt(0)); i++) { k = Hash.sha256hmac(Buffer.concat([v, new Buffer([0x00])]), k); v = Hash.sha256hmac(v, k); + v = Hash.sha256hmac(v, k); T = BN.fromBuffer(v); } From bc6f592daa4b06d745cb09e2067eb63f708c501a Mon Sep 17 00:00:00 2001 From: bip32JP Date: Fri, 2 Jan 2015 15:33:46 +0900 Subject: [PATCH 2/2] fix tests fix tests to match python-ecdsa --- test/crypto/ecdsa.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/crypto/ecdsa.js b/test/crypto/ecdsa.js index 79cd53bb4..bce76cd1d 100644 --- a/test/crypto/ecdsa.js +++ b/test/crypto/ecdsa.js @@ -103,7 +103,7 @@ describe('ECDSA', function() { ecdsa.k.toBuffer().toString('hex') .should.not.equal('fcce1de7a9bcd6b2d3defade6afa1913fb9229e3b7ddf4749b55c4848b2a196e'); ecdsa.k.toBuffer().toString('hex') - .should.equal('6f4dcca6fa7a137ae9d110311905013b3c053c732ad18611ec2752bb3dcef9d8'); + .should.equal('727fbcb59eb48b1d7d46f95a04991fc512eb9dbf9105628e3aec87428df28fd8'); }); it('should compute this test vector correctly', function() { // test fixture from bitcoinjs