From be3ce88a3ae8cff791107a09286a8bf407cfdbbd Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Tue, 29 Jul 2014 23:45:10 +1000 Subject: [PATCH 1/2] ecdsa: enforce positive integers --- src/ecdsa.js | 13 ++++++++----- test/fixtures/ecdsa.json | 18 ++++++++++++++++++ 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/src/ecdsa.js b/src/ecdsa.js index 96c5351..5d57525 100644 --- a/src/ecdsa.js +++ b/src/ecdsa.js @@ -86,8 +86,8 @@ function verifyRaw(curve, e, signature, Q) { var r = signature.r var s = signature.s - if (r.signum() === 0 || r.compareTo(n) >= 0) return false - if (s.signum() === 0 || s.compareTo(n) >= 0) return false + if (r.signum() <= 0 || r.compareTo(n) >= 0) return false + if (s.signum() <= 0 || s.compareTo(n) >= 0) return false var c = s.modInverse(n) @@ -111,9 +111,15 @@ function verifyRaw(curve, e, signature, Q) { function recoverPubKey(curve, e, signature, i) { assert.strictEqual(i & 3, i, 'Recovery param is more than two bits') + var n = curve.n + var G = curve.G + var r = signature.r var s = signature.s + assert(r.signum() > 0 && r.compareTo(n) < 0, 'Invalid r value') + assert(s.signum() > 0 && s.compareTo(n) < 0, 'Invalid s value') + // A set LSB signifies that the y-coordinate is odd var isYOdd = i & 1 @@ -121,9 +127,6 @@ function recoverPubKey(curve, e, signature, i) { // first or second candidate key. var isSecondKey = i >> 1 - var n = curve.n - var G = curve.G - // 1.1 Let x = r + jn var x = isSecondKey ? r.add(n) : r var R = curve.pointFromX(isYOdd, x) diff --git a/test/fixtures/ecdsa.json b/test/fixtures/ecdsa.json index 3f1421f..8d2adf0 100644 --- a/test/fixtures/ecdsa.json +++ b/test/fixtures/ecdsa.json @@ -104,6 +104,15 @@ "s": "3180566392414476763164587487324397066658063772201694230600609996154610926757" } }, + { + "description": "Invalid r value (< 0)", + "d": "01", + "e": "01", + "signature": { + "r": "-01", + "s": "02" + } + }, { "description": "Invalid r value (== 0)", "d": "01", @@ -122,6 +131,15 @@ "s": "02" } }, + { + "description": "Invalid s value (< 0)", + "d": "01", + "e": "01", + "signature": { + "r": "02", + "s": "-01" + } + }, { "description": "Invalid s value (== 0)", "d": "01", From 5657dcf2aa0372b43985b4af6ccebae2e4bc4ebb Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Tue, 29 Jul 2014 23:45:50 +1000 Subject: [PATCH 2/2] ecdsa: add improved test coverage for recoverPubKey --- test/fixtures/ecdsa.json | 52 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/test/fixtures/ecdsa.json b/test/fixtures/ecdsa.json index 8d2adf0..03a2687 100644 --- a/test/fixtures/ecdsa.json +++ b/test/fixtures/ecdsa.json @@ -73,9 +73,19 @@ ], "invalid": { "recoverPubKey": [ + { + "description": "Invalid r value (< 0)", + "exception": "Invalid r value", + "e": "01", + "signature": { + "r": "-01", + "s": "02" + }, + "i": 0 + }, { "description": "Invalid r value (== 0)", - "exception": "nR is not a valid curve point", + "exception": "Invalid r value", "e": "01", "signature": { "r": "00", @@ -83,6 +93,46 @@ }, "i": 0 }, + { + "description": "Invalid s value (< 0)", + "exception": "Invalid s value", + "e": "01", + "signature": { + "r": "02", + "s": "-01" + }, + "i": 0 + }, + { + "description": "Invalid s value (== 0)", + "exception": "Invalid s value", + "e": "01", + "signature": { + "r": "02", + "s": "00" + }, + "i": 0 + }, + { + "description": "Invalid r value (nR is infinity)", + "exception": "nR is not a valid curve point", + "e": "01", + "signature": { + "r": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "s": "01" + }, + "i": 0 + }, + { + "description": "Invalid curve point", + "exception": "Point is not on the curve", + "e": "01", + "signature": { + "r": "99999999999999999999999999999999999999", + "s": "01" + }, + "i": 0 + }, { "description": "Invalid i value (> 3)", "exception": "Recovery param is more than two bits",