If message is curve order, the produced signature differs from C libsecp256k1

```
operation name: ECDSA_Sign
ecc curve: secp256k1
private key: 56312477249014209074628570412053507700651251817507875221581725004376025072551
input: {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 
 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41} (32 bytes)
nonce source: RFC 6979
digest: NULL

Module rust_libsecp256k1 result:

X: 47388130725345365543943056156955089862855904171373701656697778116764682363258
Y: 37092251669891195025340922069241978179057338816763561493770821876984336293314
R: 6375717680451201706338283387674951504853972890504340254901358912364890170048
S: 38089468653229875417331679605347400350541399507585865787553720087037855685678


Module secp256k1 result:

X: 47388130725345365543943056156955089862855904171373701656697778116764682363258
Y: 37092251669891195025340922069241978179057338816763561493770821876984336293314
R: 33254199737740308679695132562303764730039452340150568623617514127015066954758
S: 6671420881794714356399876285623712604606322001251819062355155017162344624447
```

Similar bug: https://github.com/trezor/trezor-firmware/pull/1374
Found with [Cryptofuzz](https://github.com/guidovranken/cryptofuzz).


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

If message is curve order, the produced signature differs from C libsecp256k1 #62

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

If message is curve order, the produced signature differs from C libsecp256k1 #62

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions