Browse Source

Merge pull request #250 from dcousens/negrs

Negative R,S value checking
hk-custom-address
Wei Lu 11 years ago
parent
commit
c73ab8c816
  1. 13
      src/ecdsa.js
  2. 70
      test/fixtures/ecdsa.json

13
src/ecdsa.js

@ -86,8 +86,8 @@ function verifyRaw(curve, e, signature, Q) {
var r = signature.r var r = signature.r
var s = signature.s var s = signature.s
if (r.signum() === 0 || r.compareTo(n) >= 0) return false if (r.signum() <= 0 || r.compareTo(n) >= 0) return false
if (s.signum() === 0 || s.compareTo(n) >= 0) return false if (s.signum() <= 0 || s.compareTo(n) >= 0) return false
var c = s.modInverse(n) var c = s.modInverse(n)
@ -111,9 +111,15 @@ function verifyRaw(curve, e, signature, Q) {
function recoverPubKey(curve, e, signature, i) { function recoverPubKey(curve, e, signature, i) {
assert.strictEqual(i & 3, i, 'Recovery param is more than two bits') assert.strictEqual(i & 3, i, 'Recovery param is more than two bits')
var n = curve.n
var G = curve.G
var r = signature.r var r = signature.r
var s = signature.s var s = signature.s
assert(r.signum() > 0 && r.compareTo(n) < 0, 'Invalid r value')
assert(s.signum() > 0 && s.compareTo(n) < 0, 'Invalid s value')
// A set LSB signifies that the y-coordinate is odd // A set LSB signifies that the y-coordinate is odd
var isYOdd = i & 1 var isYOdd = i & 1
@ -121,9 +127,6 @@ function recoverPubKey(curve, e, signature, i) {
// first or second candidate key. // first or second candidate key.
var isSecondKey = i >> 1 var isSecondKey = i >> 1
var n = curve.n
var G = curve.G
// 1.1 Let x = r + jn // 1.1 Let x = r + jn
var x = isSecondKey ? r.add(n) : r var x = isSecondKey ? r.add(n) : r
var R = curve.pointFromX(isYOdd, x) var R = curve.pointFromX(isYOdd, x)

70
test/fixtures/ecdsa.json

@ -73,9 +73,19 @@
], ],
"invalid": { "invalid": {
"recoverPubKey": [ "recoverPubKey": [
{
"description": "Invalid r value (< 0)",
"exception": "Invalid r value",
"e": "01",
"signature": {
"r": "-01",
"s": "02"
},
"i": 0
},
{ {
"description": "Invalid r value (== 0)", "description": "Invalid r value (== 0)",
"exception": "nR is not a valid curve point", "exception": "Invalid r value",
"e": "01", "e": "01",
"signature": { "signature": {
"r": "00", "r": "00",
@ -83,6 +93,46 @@
}, },
"i": 0 "i": 0
}, },
{
"description": "Invalid s value (< 0)",
"exception": "Invalid s value",
"e": "01",
"signature": {
"r": "02",
"s": "-01"
},
"i": 0
},
{
"description": "Invalid s value (== 0)",
"exception": "Invalid s value",
"e": "01",
"signature": {
"r": "02",
"s": "00"
},
"i": 0
},
{
"description": "Invalid r value (nR is infinity)",
"exception": "nR is not a valid curve point",
"e": "01",
"signature": {
"r": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141",
"s": "01"
},
"i": 0
},
{
"description": "Invalid curve point",
"exception": "Point is not on the curve",
"e": "01",
"signature": {
"r": "99999999999999999999999999999999999999",
"s": "01"
},
"i": 0
},
{ {
"description": "Invalid i value (> 3)", "description": "Invalid i value (> 3)",
"exception": "Recovery param is more than two bits", "exception": "Recovery param is more than two bits",
@ -104,6 +154,15 @@
"s": "3180566392414476763164587487324397066658063772201694230600609996154610926757" "s": "3180566392414476763164587487324397066658063772201694230600609996154610926757"
} }
}, },
{
"description": "Invalid r value (< 0)",
"d": "01",
"e": "01",
"signature": {
"r": "-01",
"s": "02"
}
},
{ {
"description": "Invalid r value (== 0)", "description": "Invalid r value (== 0)",
"d": "01", "d": "01",
@ -122,6 +181,15 @@
"s": "02" "s": "02"
} }
}, },
{
"description": "Invalid s value (< 0)",
"d": "01",
"e": "01",
"signature": {
"r": "02",
"s": "-01"
}
},
{ {
"description": "Invalid s value (== 0)", "description": "Invalid s value (== 0)",
"d": "01", "d": "01",

Loading…
Cancel
Save