ecdsa: add default checkSig, to be removed in 2.0.0

10 years ago · 6938c8f8cc
2 changed files with 38 additions and 1 deletions
--- a/src/ecdsa.js
+++ b/src/ecdsa.js
@ -12,7 +12,33 @@ var ONE = new Buffer([1])
 function deterministicGenerateK(curve, hash, d, checkSig) {
  typeForce('Buffer', hash)
  typeForce('BigInteger', d)
-  typeForce('Function', checkSig)
+//  typeForce('Function', checkSig)
+
+  // FIXME: remove in 2.0.0
+  if (typeof checkSig !== 'function') {
+    console.warn('deterministicGenerateK requires a checkSig callback in 2.0.0, see #337 for more information')
+
+    checkSig = function(k) {
+      var G = curve.G
+      var n = curve.n
+      var e = BigInteger.fromBuffer(hash)
+
+      var Q = G.multiply(k)
+
+      if (curve.isInfinity(Q))
+        return false
+
+      var r = Q.affineX.mod(n)
+      if (r.signum() === 0)
+        return false
+
+      var s = k.modInverse(n).multiply(e.add(d.multiply(r))).mod(n)
+      if (s.signum() === 0)
+        return false
+
+      return true
+    }
+  }

  // sanity check
  assert.equal(hash.length, 32, 'Hash must be 256 bit')
--- a/test/ecdsa.js
+++ b/test/ecdsa.js
@ -27,6 +27,17 @@ describe('ecdsa', function() {
      })
    })

+    // FIXME: remove in 2.0.0
+    fixtures.valid.ecdsa.forEach(function(f) {
+      it('(deprecated) for \"' + f.message + '\"', function() {
+        var d = BigInteger.fromHex(f.d)
+        var h1 = crypto.sha256(f.message)
+
+        var k = ecdsa.deterministicGenerateK(curve, h1, d) // default checkSig
+        assert.equal(k.toHex(), f.k)
+      })
+    })
+
    it('loops until an appropriate k value is found', sinon.test(function() {
      this.mock(BigInteger).expects('fromBuffer')
        .exactly(3)