crypto/secp256k1: sign with deterministic K (rfc6979) (#3561)

crypto/secp256k1/secp256.go

@@ -40,8 +40,6 @@ import (
 	"errors"
 	"math/big"
 	"unsafe"
-
-	"github.com/ethereum/go-ethereum/crypto/randentropy"
 )
 
 var (
@@ -89,13 +87,11 @@ func Sign(msg []byte, seckey []byte) ([]byte, error) {
 	}
 
 	var (
-		msgdata       = (*C.uchar)(unsafe.Pointer(&msg[0]))
-		nonce         = randentropy.GetEntropyCSPRNG(32)
-		noncefunc     = &(*C.secp256k1_nonce_function_default)
-		noncefuncData = unsafe.Pointer(&nonce[0])
-		sigstruct     C.secp256k1_ecdsa_recoverable_signature
+		msgdata   = (*C.uchar)(unsafe.Pointer(&msg[0]))
+		noncefunc = C.secp256k1_nonce_function_rfc6979
+		sigstruct C.secp256k1_ecdsa_recoverable_signature
 	)
-	if C.secp256k1_ecdsa_sign_recoverable(context, &sigstruct, msgdata, seckeydata, noncefunc, noncefuncData) == 0 {
+	if C.secp256k1_ecdsa_sign_recoverable(context, &sigstruct, msgdata, seckeydata, noncefunc, nil) == 0 {
 		return nil, ErrSignFailed
 	}
 

crypto/secp256k1/secp256_test.go

@@ -112,6 +112,24 @@ func TestSignAndRecover(t *testing.T) {
 	}
 }
 
+func TestSignDeterministic(t *testing.T) {
+	_, seckey := generateKeyPair()
+	msg := make([]byte, 32)
+	copy(msg, "hi there")
+
+	sig1, err := Sign(msg, seckey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	sig2, err := Sign(msg, seckey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(sig1, sig2) {
+		t.Fatal("signatures not equal")
+	}
+}
+
 func TestRandomMessagesWithSameKey(t *testing.T) {
 	pubkey, seckey := generateKeyPair()
 	keys := func() ([]byte, []byte) {