From 96778a1c216f7d0d987dd8ea6474b2d3eebe9cfc Mon Sep 17 00:00:00 2001
From: Felix Lange <fjl@users.noreply.github.com>
Date: Sun, 22 Jan 2017 23:28:47 +0100
Subject: crypto/secp256k1: sign with deterministic K (rfc6979) (#3561)

---
 crypto/secp256k1/secp256.go      | 12 ++++--------
 crypto/secp256k1/secp256_test.go | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/crypto/secp256k1/secp256.go b/crypto/secp256k1/secp256.go
index 070e0d902..4284115e2 100644
--- a/crypto/secp256k1/secp256.go
+++ b/crypto/secp256k1/secp256.go
@@ -40,8 +40,6 @@ import (
 	"errors"
 	"math/big"
 	"unsafe"
-
-	"github.com/ethereum/go-ethereum/crypto/randentropy"
 )
 
 var (
@@ -89,13 +87,11 @@ func Sign(msg []byte, seckey []byte) ([]byte, error) {
 	}
 
 	var (
-		msgdata       = (*C.uchar)(unsafe.Pointer(&msg[0]))
-		nonce         = randentropy.GetEntropyCSPRNG(32)
-		noncefunc     = &(*C.secp256k1_nonce_function_default)
-		noncefuncData = unsafe.Pointer(&nonce[0])
-		sigstruct     C.secp256k1_ecdsa_recoverable_signature
+		msgdata   = (*C.uchar)(unsafe.Pointer(&msg[0]))
+		noncefunc = C.secp256k1_nonce_function_rfc6979
+		sigstruct C.secp256k1_ecdsa_recoverable_signature
 	)
-	if C.secp256k1_ecdsa_sign_recoverable(context, &sigstruct, msgdata, seckeydata, noncefunc, noncefuncData) == 0 {
+	if C.secp256k1_ecdsa_sign_recoverable(context, &sigstruct, msgdata, seckeydata, noncefunc, nil) == 0 {
 		return nil, ErrSignFailed
 	}
 
diff --git a/crypto/secp256k1/secp256_test.go b/crypto/secp256k1/secp256_test.go
index ec28b8e39..287ab512e 100644
--- a/crypto/secp256k1/secp256_test.go
+++ b/crypto/secp256k1/secp256_test.go
@@ -112,6 +112,24 @@ func TestSignAndRecover(t *testing.T) {
 	}
 }
 
+func TestSignDeterministic(t *testing.T) {
+	_, seckey := generateKeyPair()
+	msg := make([]byte, 32)
+	copy(msg, "hi there")
+
+	sig1, err := Sign(msg, seckey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	sig2, err := Sign(msg, seckey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(sig1, sig2) {
+		t.Fatal("signatures not equal")
+	}
+}
+
 func TestRandomMessagesWithSameKey(t *testing.T) {
 	pubkey, seckey := generateKeyPair()
 	keys := func() ([]byte, []byte) {
-- 
cgit v1.2.3