diff --git a/src/ecdsa.js b/src/ecdsa.js index 96c5351..5d57525 100644 --- a/src/ecdsa.js +++ b/src/ecdsa.js @@ -86,8 +86,8 @@ function verifyRaw(curve, e, signature, Q) { var r = signature.r var s = signature.s - if (r.signum() === 0 || r.compareTo(n) >= 0) return false - if (s.signum() === 0 || s.compareTo(n) >= 0) return false + if (r.signum() <= 0 || r.compareTo(n) >= 0) return false + if (s.signum() <= 0 || s.compareTo(n) >= 0) return false var c = s.modInverse(n) @@ -111,9 +111,15 @@ function verifyRaw(curve, e, signature, Q) { function recoverPubKey(curve, e, signature, i) { assert.strictEqual(i & 3, i, 'Recovery param is more than two bits') + var n = curve.n + var G = curve.G + var r = signature.r var s = signature.s + assert(r.signum() > 0 && r.compareTo(n) < 0, 'Invalid r value') + assert(s.signum() > 0 && s.compareTo(n) < 0, 'Invalid s value') + // A set LSB signifies that the y-coordinate is odd var isYOdd = i & 1 @@ -121,9 +127,6 @@ function recoverPubKey(curve, e, signature, i) { // first or second candidate key. var isSecondKey = i >> 1 - var n = curve.n - var G = curve.G - // 1.1 Let x = r + jn var x = isSecondKey ? r.add(n) : r var R = curve.pointFromX(isYOdd, x) diff --git a/test/fixtures/ecdsa.json b/test/fixtures/ecdsa.json index 3f1421f..8d2adf0 100644 --- a/test/fixtures/ecdsa.json +++ b/test/fixtures/ecdsa.json @@ -104,6 +104,15 @@ "s": "3180566392414476763164587487324397066658063772201694230600609996154610926757" } }, + { + "description": "Invalid r value (< 0)", + "d": "01", + "e": "01", + "signature": { + "r": "-01", + "s": "02" + } + }, { "description": "Invalid r value (== 0)", "d": "01", @@ -122,6 +131,15 @@ "s": "02" } }, + { + "description": "Invalid s value (< 0)", + "d": "01", + "e": "01", + "signature": { + "r": "02", + "s": "-01" + } + }, { "description": "Invalid s value (== 0)", "d": "01",