[FIX] Fail if PRNG has not been seeded with at least 256 bits of entropy before generating ECDSA signatures

2025-11-20 12:15:51 +00:00 · 2015-04-06 15:28:51 -07:00
parent a02b8e3e5c
commit fe7e30b737
4 changed files with 15 additions and 2 deletions
--- a/src/js/ripple/keypair.js
+++ b/src/js/ripple/keypair.js
@@ -92,8 +92,9 @@ KeyPair.prototype.get_address = function() {
 };

 KeyPair.prototype.sign = function(hash) {
+  var PARANOIA_256_BITS = 6; // sjcl constant for ensuring 256 bits of entropy
  hash = UInt256.from_json(hash);
-  var sig = this._secret.sign(hash.to_bits(), 0);
+  var sig = this._secret.sign(hash.to_bits(), PARANOIA_256_BITS);
  sig = this._secret.canonicalizeSignature(sig);
  return this._secret.encodeDER(sig);
 };
--- a/src/js/ripple/transaction.js
+++ b/src/js/ripple/transaction.js
@@ -466,7 +466,7 @@ Transaction.prototype.sign = function() {
  }

  var key = seed.get_key(this.tx_json.Account);
-  var sig = key.sign(hash, 0);
+  var sig = key.sign(hash);
  var hex = sjcl.codec.hex.fromBits(sig).toUpperCase();

  this.tx_json.TxnSignature = hex;
--- a/test/transaction-manager-test.js
+++ b/test/transaction-manager-test.js
@@ -3,6 +3,7 @@
 var ws = require('ws');
 var lodash = require('lodash');
 var assert = require('assert-diff');
+var sjcl = require('ripple-lib').sjcl;
 var Remote = require('ripple-lib').Remote;
 var SerializedObject = require('ripple-lib').SerializedObject;
 var Transaction = require('ripple-lib').Transaction;
@@ -42,6 +43,11 @@ describe('TransactionManager', function() {
  var account;
  var transactionManager;

+  before(function() {
+    sjcl.random.addEntropy(
+      '3045022100A58B0460BC5092CB4F96155C19125A4E079C870663F1D5E8BBC9BD', 256);
+  });
+
  beforeEach(function(done) {
    rippled = new ws.Server({port: 5763});

--- a/test/transaction-test.js
+++ b/test/transaction-test.js
@@ -4,6 +4,7 @@ var Transaction      = require('ripple-lib').Transaction;
 var TransactionQueue = require('ripple-lib').TransactionQueue;
 var Remote           = require('ripple-lib').Remote;
 var Server           = require('ripple-lib').Server;
+var sjcl = require('ripple-lib').sjcl;

 var transactionResult = {
  engine_result: 'tesSUCCESS',
@@ -35,6 +36,11 @@ var transactionResult = {
 };

 describe('Transaction', function() {
+  before(function() {
+    sjcl.random.addEntropy(
+      '3045022100A58B0460BC5092CB4F96155C19125A4E079C870663F1D5E8BBC9BD', 256);
+  });
+
  it('Success listener', function(done) {
    var transaction = new Transaction();