ecdsa: enforce positive integers

src/ecdsa.js

@@ -86,8 +86,8 @@ function verifyRaw(curve, e, signature, Q) {
   var r = signature.r
   var s = signature.s
 
-  if (r.signum() === 0 || r.compareTo(n) >= 0) return false
-  if (s.signum() === 0 || s.compareTo(n) >= 0) return false
+  if (r.signum() <= 0 || r.compareTo(n) >= 0) return false
+  if (s.signum() <= 0 || s.compareTo(n) >= 0) return false
 
   var c = s.modInverse(n)
 
@@ -111,9 +111,15 @@ function verifyRaw(curve, e, signature, Q) {
 function recoverPubKey(curve, e, signature, i) {
   assert.strictEqual(i & 3, i, 'Recovery param is more than two bits')
 
+  var n = curve.n
+  var G = curve.G
+
   var r = signature.r
   var s = signature.s
 
+  assert(r.signum() > 0 && r.compareTo(n) < 0, 'Invalid r value')
+  assert(s.signum() > 0 && s.compareTo(n) < 0, 'Invalid s value')
+
   // A set LSB signifies that the y-coordinate is odd
   var isYOdd = i & 1
 
@@ -121,9 +127,6 @@ function recoverPubKey(curve, e, signature, i) {
   // first or second candidate key.
   var isSecondKey = i >> 1
 
-  var n = curve.n
-  var G = curve.G
-
   // 1.1 Let x = r + jn
   var x = isSecondKey ? r.add(n) : r
   var R = curve.pointFromX(isYOdd, x)

test/fixtures/ecdsa.json

@@ -104,6 +104,15 @@
           "s": "3180566392414476763164587487324397066658063772201694230600609996154610926757"
         }
       },
+      {
+        "description": "Invalid r value (< 0)",
+        "d": "01",
+        "e": "01",
+        "signature": {
+          "r": "-01",
+          "s": "02"
+        }
+      },
       {
         "description": "Invalid r value (== 0)",
         "d": "01",
@@ -122,6 +131,15 @@
           "s": "02"
         }
       },
+      {
+        "description": "Invalid s value (< 0)",
+        "d": "01",
+        "e": "01",
+        "signature": {
+          "r": "02",
+          "s": "-01"
+        }
+      },
       {
         "description": "Invalid s value (== 0)",
         "d": "01",