fix edge case for publicKeyTweakAdd (#140)

After base point multiplication and adding point we should check that
result is not infinity point.

Author: fanatid

lib/elliptic/index.js

@@ -130,7 +130,10 @@ exports.publicKeyTweakAdd = function (publicKey, tweak, compressed) {
   tweak = new BN(tweak)
   if (tweak.cmp(ecparams.n) >= 0) throw new Error(messages.EC_PUBLIC_KEY_TWEAK_ADD_FAIL)
 
-  return Buffer.from(ecparams.g.mul(tweak).add(pair.pub).encode(true, compressed))
+  var point = ecparams.g.mul(tweak).add(pair.pub)
+  if (point.isInfinity()) throw new Error(messages.EC_PUBLIC_KEY_TWEAK_ADD_FAIL)
+
+  return Buffer.from(point.encode(true, compressed))
 }
 
 exports.publicKeyTweakMul = function (publicKey, tweak, compressed) {

lib/js/index.js

@@ -78,7 +78,10 @@ exports.publicKeyTweakAdd = function (publicKey, tweak, compressed) {
   tweak = BN.fromBuffer(tweak)
   if (tweak.isOverflow()) throw new Error(messages.EC_PUBLIC_KEY_TWEAK_ADD_FAIL)
 
-  return g.mul(tweak).add(point).toPublicKey(compressed)
+  var result = g.mul(tweak).add(point)
+  if (result.inf) throw new Error(messages.EC_PUBLIC_KEY_TWEAK_ADD_FAIL)
+
+  return result.toPublicKey(compressed)
 }
 
 exports.publicKeyTweakMul = function (publicKey, tweak, compressed) {

test/publickey.js

@@ -241,6 +241,18 @@ module.exports = function (t, secp256k1) {
       t.end()
     })
 
+    t.test('tweak produce infinity point', function (t) {
+      // G * 1 - G = 0
+      t.throws(function () {
+        var publicKey = Buffer.from(util.ec.g.encode(null, true))
+        publicKey[0] = publicKey[0] ^ 0x01 // change sign of G
+        var tweak = util.BN_ONE.toArrayLike(Buffer, 'be', 32)
+        secp256k1.publicKeyTweakAdd(publicKey, tweak, true)
+      }, new RegExp('^Error: ' + messages.EC_PUBLIC_KEY_TWEAK_ADD_FAIL + '$'))
+
+      t.end()
+    })
+
     t.test('compressed should be a boolean', function (t) {
       t.throws(function () {
         var privateKey = util.getPrivateKey()