From be3ce88a3ae8cff791107a09286a8bf407cfdbbd Mon Sep 17 00:00:00 2001
From: Daniel Cousens <github@dcousens.com>
Date: Tue, 29 Jul 2014 23:45:10 +1000
Subject: [PATCH 1/2] ecdsa: enforce positive integers
---
src/ecdsa.js | 13 ++++++++-----
test/fixtures/ecdsa.json | 18 ++++++++++++++++++
2 files changed, 26 insertions(+), 5 deletions(-)
diff --git a/src/ecdsa.js b/src/ecdsa.js
index 96c5351..5d57525 100644
--- a/src/ecdsa.js
+++ b/src/ecdsa.js
@@ -86,8 +86,8 @@ function verifyRaw(curve, e, signature, Q) {
var r = signature.r
var s = signature.s
- if (r.signum() === 0 || r.compareTo(n) >= 0) return false
- if (s.signum() === 0 || s.compareTo(n) >= 0) return false
+ if (r.signum() <= 0 || r.compareTo(n) >= 0) return false
+ if (s.signum() <= 0 || s.compareTo(n) >= 0) return false
var c = s.modInverse(n)
@@ -111,9 +111,15 @@ function verifyRaw(curve, e, signature, Q) {
function recoverPubKey(curve, e, signature, i) {
assert.strictEqual(i & 3, i, 'Recovery param is more than two bits')
+ var n = curve.n
+ var G = curve.G
+
var r = signature.r
var s = signature.s
+ assert(r.signum() > 0 && r.compareTo(n) < 0, 'Invalid r value')
+ assert(s.signum() > 0 && s.compareTo(n) < 0, 'Invalid s value')
+
// A set LSB signifies that the y-coordinate is odd
var isYOdd = i & 1
@@ -121,9 +127,6 @@ function recoverPubKey(curve, e, signature, i) {
// first or second candidate key.
var isSecondKey = i >> 1
- var n = curve.n
- var G = curve.G
-
// 1.1 Let x = r + jn
var x = isSecondKey ? r.add(n) : r
var R = curve.pointFromX(isYOdd, x)
diff --git a/test/fixtures/ecdsa.json b/test/fixtures/ecdsa.json
index 3f1421f..8d2adf0 100644
--- a/test/fixtures/ecdsa.json
+++ b/test/fixtures/ecdsa.json
@@ -104,6 +104,15 @@
"s": "3180566392414476763164587487324397066658063772201694230600609996154610926757"
}
},
+ {
+ "description": "Invalid r value (< 0)",
+ "d": "01",
+ "e": "01",
+ "signature": {
+ "r": "-01",
+ "s": "02"
+ }
+ },
{
"description": "Invalid r value (== 0)",
"d": "01",
@@ -122,6 +131,15 @@
"s": "02"
}
},
+ {
+ "description": "Invalid s value (< 0)",
+ "d": "01",
+ "e": "01",
+ "signature": {
+ "r": "02",
+ "s": "-01"
+ }
+ },
{
"description": "Invalid s value (== 0)",
"d": "01",
From 5657dcf2aa0372b43985b4af6ccebae2e4bc4ebb Mon Sep 17 00:00:00 2001
From: Daniel Cousens <github@dcousens.com>
Date: Tue, 29 Jul 2014 23:45:50 +1000
Subject: [PATCH 2/2] ecdsa: add improved test coverage for recoverPubKey
---
test/fixtures/ecdsa.json | 52 +++++++++++++++++++++++++++++++++++++++-
1 file changed, 51 insertions(+), 1 deletion(-)
diff --git a/test/fixtures/ecdsa.json b/test/fixtures/ecdsa.json
index 8d2adf0..03a2687 100644
--- a/test/fixtures/ecdsa.json
+++ b/test/fixtures/ecdsa.json
@@ -73,9 +73,19 @@
],
"invalid": {
"recoverPubKey": [
+ {
+ "description": "Invalid r value (< 0)",
+ "exception": "Invalid r value",
+ "e": "01",
+ "signature": {
+ "r": "-01",
+ "s": "02"
+ },
+ "i": 0
+ },
{
"description": "Invalid r value (== 0)",
- "exception": "nR is not a valid curve point",
+ "exception": "Invalid r value",
"e": "01",
"signature": {
"r": "00",
@@ -83,6 +93,46 @@
},
"i": 0
},
+ {
+ "description": "Invalid s value (< 0)",
+ "exception": "Invalid s value",
+ "e": "01",
+ "signature": {
+ "r": "02",
+ "s": "-01"
+ },
+ "i": 0
+ },
+ {
+ "description": "Invalid s value (== 0)",
+ "exception": "Invalid s value",
+ "e": "01",
+ "signature": {
+ "r": "02",
+ "s": "00"
+ },
+ "i": 0
+ },
+ {
+ "description": "Invalid r value (nR is infinity)",
+ "exception": "nR is not a valid curve point",
+ "e": "01",
+ "signature": {
+ "r": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141",
+ "s": "01"
+ },
+ "i": 0
+ },
+ {
+ "description": "Invalid curve point",
+ "exception": "Point is not on the curve",
+ "e": "01",
+ "signature": {
+ "r": "99999999999999999999999999999999999999",
+ "s": "01"
+ },
+ "i": 0
+ },
{
"description": "Invalid i value (> 3)",
"exception": "Recovery param is more than two bits",