| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 |
- const createHmac = require('create-hmac')
-
- const ONE1 = Buffer.alloc(1, 1)
- const ZERO1 = Buffer.alloc(1, 0)
-
- // https://tools.ietf.org/html/rfc6979#section-3.2
- function deterministicGenerateK (hash, x, checkSig, isPrivate, extraEntropy) {
- // Step A, ignored as hash already provided
- // Step B
- // Step C
- let k = Buffer.alloc(32, 0)
- let v = Buffer.alloc(32, 1)
-
- // Step D
- k = createHmac('sha256', k)
- .update(v)
- .update(ZERO1)
- .update(x)
- .update(hash)
- .update(extraEntropy || '')
- .digest()
-
- // Step E
- v = createHmac('sha256', k).update(v).digest()
-
- // Step F
- k = createHmac('sha256', k)
- .update(v)
- .update(ONE1)
- .update(x)
- .update(hash)
- .update(extraEntropy || '')
- .digest()
-
- // Step G
- v = createHmac('sha256', k).update(v).digest()
-
- // Step H1/H2a, ignored as tlen === qlen (256 bit)
- // Step H2b
- v = createHmac('sha256', k).update(v).digest()
-
- let T = v
-
- // Step H3, repeat until T is within the interval [1, n - 1] and is suitable for ECDSA
- while (!isPrivate(T) || !checkSig(T)) {
- k = createHmac('sha256', k)
- .update(v)
- .update(ZERO1)
- .digest()
-
- v = createHmac('sha256', k).update(v).digest()
-
- // Step H1/H2a, again, ignored as tlen === qlen (256 bit)
- // Step H2b again
- v = createHmac('sha256', k).update(v).digest()
- T = v
- }
-
- return T
- }
-
- module.exports = deterministicGenerateK
|
