ecdsa: add invalid test fixtures for recoverPubKey

11 years ago · 4f8040f8d4
3 changed files with 39 additions and 2 deletions
--- a/src/ecdsa.js
+++ b/src/ecdsa.js
@ -186,7 +186,7 @@ function parseSigCompact(buffer) {
  * http://www.secg.org/download/aid-780/sec1-v2.pdf
  */
 function recoverPubKey(curve, e, signature, i) {
-  assert.strictEqual(i & 3, i, 'The recovery param is more than two bits')
+  assert.strictEqual(i & 3, i, 'Recovery param is more than two bits')

  var r = signature.r
  var s = signature.s
@ -223,7 +223,8 @@ function recoverPubKey(curve, e, signature, i) {

  // 1.4 Check that nR isn't at infinity
  var R = Point.fromAffine(curve, x, y)
-  curve.validate(R)
+  var nR = R.multiply(n)
+  assert(curve.isInfinity(nR), 'nR is not a valid curve point')

  // 1.5 Compute -e from e
  var eNeg = e.negate().mod(n)
--- a/test/ecdsa.js
+++ b/test/ecdsa.js
@ -37,6 +37,20 @@ describe('ecdsa', function() {
      var Qprime = ecdsa.recoverPubKey(curve, e, parsed.signature, parsed.i)
      assert(Q.equals(Qprime))
    })
+
+    fixtures.invalid.recoverPubKey.forEach(function(f) {
+      it('throws on ' + f.description, function() {
+        var e = BigInteger.fromHex(f.e)
+        var signature = {
+          r: new BigInteger(f.signature.r),
+          s: new BigInteger(f.signature.s)
+        }
+
+        assert.throws(function() {
+          ecdsa.recoverPubKey(curve, e, signature, f.i)
+        }, new RegExp(f.exception))
+      })
+    })
  })

  describe('sign', function() {
--- a/test/fixtures/ecdsa.json
+++ b/test/fixtures/ecdsa.json
@ -143,6 +143,28 @@
        "hex": "300c0204ffffffff0202ffffffff"
      }
    ],
+    "recoverPubKey": [
+      {
+        "description": "Invalid r value (== 0)",
+        "exception": "nR is not a valid curve point",
+        "e": "01",
+        "signature": {
+          "r": "00",
+          "s": "02"
+        },
+        "i": 0
+      },
+      {
+        "description": "Invalid i value (> 3)",
+        "exception": "Recovery param is more than two bits",
+        "e": "01",
+        "signature": {
+          "r": "00",
+          "s": "02"
+        },
+        "i": 4
+      }
+    ],
    "verifyRaw": [
      {
        "description": "The wrong signature",