[FIX] Fail if PRNG has not been seeded with at least 256 bits of entropy before generating ECDSA signatures

Chris Clark · Chris Clark · commit fe7e30b737ea · 2015-04-07T18:08:02.000-07:00
diff --git a/src/js/ripple/keypair.js b/src/js/ripple/keypair.js
@@ -92,8 +92,9 @@ KeyPair.prototype.get_address = function() {
 };
 
 KeyPair.prototype.sign = function(hash) {
+  var PARANOIA_256_BITS = 6; // sjcl constant for ensuring 256 bits of entropy
   hash = UInt256.from_json(hash);
-  var sig = this._secret.sign(hash.to_bits(), 0);
+  var sig = this._secret.sign(hash.to_bits(), PARANOIA_256_BITS);
   sig = this._secret.canonicalizeSignature(sig);
   return this._secret.encodeDER(sig);
 };
diff --git a/src/js/ripple/transaction.js b/src/js/ripple/transaction.js
@@ -466,7 +466,7 @@ Transaction.prototype.sign = function() {
   }
 
   var key = seed.get_key(this.tx_json.Account);
-  var sig = key.sign(hash, 0);
+  var sig = key.sign(hash);
   var hex = sjcl.codec.hex.fromBits(sig).toUpperCase();
 
   this.tx_json.TxnSignature = hex;
diff --git a/test/transaction-manager-test.js b/test/transaction-manager-test.js
@@ -3,6 +3,7 @@
 var ws = require('ws');
 var lodash = require('lodash');
 var assert = require('assert-diff');
+var sjcl = require('ripple-lib').sjcl;
 var Remote = require('ripple-lib').Remote;
 var SerializedObject = require('ripple-lib').SerializedObject;
 var Transaction = require('ripple-lib').Transaction;
@@ -42,6 +43,11 @@ describe('TransactionManager', function() {
   var account;
   var transactionManager;
 
+  before(function() {
+    sjcl.random.addEntropy(
+      '3045022100A58B0460BC5092CB4F96155C19125A4E079C870663F1D5E8BBC9BD', 256);
+  });
+
   beforeEach(function(done) {
     rippled = new ws.Server({port: 5763});
 
diff --git a/test/transaction-test.js b/test/transaction-test.js
@@ -4,6 +4,7 @@ var Transaction      = require('ripple-lib').Transaction;
 var TransactionQueue = require('ripple-lib').TransactionQueue;
 var Remote           = require('ripple-lib').Remote;
 var Server           = require('ripple-lib').Server;
+var sjcl = require('ripple-lib').sjcl;
 
 var transactionResult = {
   engine_result: 'tesSUCCESS',
@@ -35,6 +36,11 @@ var transactionResult = {
 };
 
 describe('Transaction', function() {
+  before(function() {
+    sjcl.random.addEntropy(
+      '3045022100A58B0460BC5092CB4F96155C19125A4E079C870663F1D5E8BBC9BD', 256);
+  });
+
   it('Success listener', function(done) {
     var transaction = new Transaction();
 

Original file line number	Diff line number	Diff line change
`@@ -466,7 +466,7 @@ Transaction.prototype.sign = function() {`
`466`	`466`	`}`
`467`	`467`
`468`	`468`	`var key = seed.get_key(this.tx_json.Account);`
`469`		`- var sig = key.sign(hash, 0);`
	`469`	`+ var sig = key.sign(hash);`
`470`	`470`	`var hex = sjcl.codec.hex.fromBits(sig).toUpperCase();`
`471`	`471`
`472`	`472`	`this.tx_json.TxnSignature = hex;`