Remove order from RFC6979 and use scalar to reduce data

Autarkysoft · Jan 14, 2024 · 3862c35 · 3862c35
1 parent 8dce0e9
commit 3862c35
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 22 deletions.
diff --git a/Src/Autarkysoft.Bitcoin/Cryptography/Rfc6979.cs b/Src/Autarkysoft.Bitcoin/Cryptography/Rfc6979.cs
@@ -3,6 +3,7 @@
 // Distributed under the MIT software license, see the accompanying
 // file LICENCE or http://www.opensource.org/licenses/mit-license.php.
 
+using Autarkysoft.Bitcoin.Cryptography.EllipticCurve;
 using Autarkysoft.Bitcoin.Cryptography.Hashing;
 using System;
 using System.Numerics;
@@ -23,30 +24,17 @@ public sealed class Rfc6979 : IDisposable
         /// </summary>
         public Rfc6979()
         {
-            // Curve.N
-            order = BigInteger.Parse("115792089237316195423570985008687907853269984665640564039457584007908834671663");
-            HmacK = new HmacSha256();
-        }
-
-        /// <summary>
-        /// Initializes a new instance of <see cref="Rfc6979"/> with the given order used only for testing.
-        /// </summary>
-        /// <param name="order">Order of the test curve</param>
-        public Rfc6979(BigInteger order)
-        {
-            this.order = order;
             HmacK = new HmacSha256();
         }
 
 
 
         private const int QLen = 256;
-        private readonly BigInteger order;
         private HmacSha256 HmacK;
 
 
 
-        private BigInteger BitsToInt(byte[] ba)
+        private static BigInteger BitsToInt(byte[] ba)
         {
             BigInteger big = ba.ToBigInt(true, true);
             int vLen = ba.Length * 8;
@@ -81,11 +69,12 @@ public BigInteger GetK(byte[] data, byte[] keyBytes, byte[] extraEntropy)
             byte[] k = new byte[32];
 
             // d. 
-            // K = HMAC_K(V || 0x01 || int2octets(x) || bits2octets(h1))
+            // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1))
             int entLen = extraEntropy is null ? 0 : extraEntropy.Length;
             // 97 = 32 + 1 + 32 + 32
             byte[] bytesToHash = new byte[97 + entLen];
-            byte[] dataBa = (data.ToBigInt(true, true) % order).ToByteArray(true, true);
+            Scalar8x32 sc = new Scalar8x32(data, out _);
+            byte[] dataBa = sc.ToByteArray();
 
             Buffer.BlockCopy(v, 0, bytesToHash, 0, 32);
             // Set item at index 32 to 0x00
@@ -101,7 +90,7 @@ public BigInteger GetK(byte[] data, byte[] keyBytes, byte[] extraEntropy)
             // e.
             v = HmacK.ComputeHash(v, k);
 
-            // f. 
+            // f. K = HMAC_K(V || 0x01 || int2octets(x) || bits2octets(h1))
             Buffer.BlockCopy(v, 0, bytesToHash, 0, 32);
             // Set item at index 33 to 0x01 this time
             bytesToHash[32] = 0x01;
@@ -118,10 +107,10 @@ public BigInteger GetK(byte[] data, byte[] keyBytes, byte[] extraEntropy)
                 v = HmacK.ComputeHash(v, k);
 
                 // h.3.
-                BigInteger kTemp = BitsToInt(v);
-                if (kTemp != 0 && kTemp < order)
+                Scalar8x32 temp = new Scalar8x32(v, out bool of);
+                if (!temp.IsZero && !of)
                 {
-                    return kTemp;
+                    return new BigInteger(v, isUnsigned: true, isBigEndian: true);
                 }
                 else
                 {

diff --git a/Src/Tests/Bitcoin/Cryptography/Rfc6979Tests.cs b/Src/Tests/Bitcoin/Cryptography/Rfc6979Tests.cs
@@ -22,7 +22,7 @@ public void GetK_RFCTest1()
             byte[] data = Helper.HexToBytes("AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF");
             byte[] keyBytes = Helper.HexToBytes("C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721");
 
-            using Rfc6979 rfc = new Rfc6979(order);
+            using Rfc6979 rfc = new();
 
             BigInteger actual = rfc.GetK(data, keyBytes, null);
             BigInteger expected = BigInteger.Parse("00A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60", NumberStyles.HexNumber);
@@ -38,7 +38,7 @@ public void GetK_RFCTest2()
             byte[] data = Helper.HexToBytes("9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08");
             byte[] keyBytes = Helper.HexToBytes("C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721");
 
-            using Rfc6979 rfc = new Rfc6979(order);
+            using Rfc6979 rfc = new();
 
             BigInteger actual = rfc.GetK(data, keyBytes, null);
             BigInteger expected = BigInteger.Parse("00D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0", NumberStyles.HexNumber);