Add more checks for privateKeyModInverse

kripod · kripod · commit 8ce83d77112a · 2018-01-18T15:48:53.000+01:00
diff --git a/lib/elliptic/index.js b/lib/elliptic/index.js
@@ -79,6 +79,8 @@ exports.privateKeyNegate = function (privateKey) {
 
 exports.privateKeyModInverse = function (privateKey) {
   var bn = new BN(privateKey)
+  if (bn.cmp(ecparams.n) >= 0 || bn.isZero()) throw new Error(messages.EC_PRIVATE_KEY_RANGE_INVALID)
+
   return bn.invm(ecparams.n).toArrayLike(Buffer, 'be', 32)
 }
 
diff --git a/lib/js/index.js b/lib/js/index.js
@@ -24,7 +24,10 @@ exports.privateKeyNegate = function (privateKey) {
 }
 
 exports.privateKeyModInverse = function (privateKey) {
-  return BN.fromBuffer(privateKey).uinvm().toBuffer()
+  var bn = BN.fromBuffer(privateKey)
+  if (bn.isOverflow() || bn.isZero()) throw new Error(messages.EC_PRIVATE_KEY_RANGE_INVALID)
+
+  return bn.uinvm().toBuffer()
 }
 
 exports.privateKeyTweakAdd = function (privateKey, tweak) {
diff --git a/lib/messages.json b/lib/messages.json
@@ -2,6 +2,7 @@
   "COMPRESSED_TYPE_INVALID": "compressed should be a boolean",
   "EC_PRIVATE_KEY_TYPE_INVALID": "private key should be a Buffer",
   "EC_PRIVATE_KEY_LENGTH_INVALID": "private key length is invalid",
+  "EC_PRIVATE_KEY_RANGE_INVALID": "private key range is invalid",
   "EC_PRIVATE_KEY_TWEAK_ADD_FAIL": "tweak out of range or resulting private key is invalid",
   "EC_PRIVATE_KEY_TWEAK_MUL_FAIL": "tweak out of range",
   "EC_PRIVATE_KEY_EXPORT_DER_FAIL": "couldn't export to DER format",
diff --git a/test/privatekey.js b/test/privatekey.js
@@ -158,6 +158,22 @@ module.exports = function (t, secp256k1) {
       t.end()
     })
 
+    t.test('private key is 0', function (t) {
+      t.throws(function () {
+        var privateKey = util.BN_ZERO.toArrayLike(Buffer, 'be', 32)
+        secp256k1.privateKeyModInverse(privateKey)
+      }, new RegExp('^Error: ' + messages.EC_PRIVATE_KEY_RANGE_INVALID + '$'))
+      t.end()
+    })
+
+    t.test('private key equal to N', function (t) {
+      t.throws(function () {
+        var privateKey = util.ec.curve.n.toArrayLike(Buffer, 'be', 32)
+        secp256k1.privateKeyModInverse(privateKey)
+      }, new RegExp('^Error: ' + messages.EC_PRIVATE_KEY_RANGE_INVALID + '$'))
+      t.end()
+    })
+
     util.repeat(t, 'random tests', util.env.repeat, function (t) {
       var privateKey = util.getPrivateKey()
 

Original file line number	Diff line number	Diff line change
`@@ -79,6 +79,8 @@ exports.privateKeyNegate = function (privateKey) {`
`79`	`79`
`80`	`80`	`exports.privateKeyModInverse = function (privateKey) {`
`81`	`81`	`var bn = new BN(privateKey)`
	`82`	`+ if (bn.cmp(ecparams.n) >= 0 \|\| bn.isZero()) throw new Error(messages.EC_PRIVATE_KEY_RANGE_INVALID)`
	`83`	`+`
`82`	`84`	`return bn.invm(ecparams.n).toArrayLike(Buffer, 'be', 32)`
`83`	`85`	`}`
`84`	`86`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,10 @@ exports.privateKeyNegate = function (privateKey) {`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`exports.privateKeyModInverse = function (privateKey) {`
`27`		`- return BN.fromBuffer(privateKey).uinvm().toBuffer()`
	`27`	`+ var bn = BN.fromBuffer(privateKey)`
	`28`	`+ if (bn.isOverflow() \|\| bn.isZero()) throw new Error(messages.EC_PRIVATE_KEY_RANGE_INVALID)`
	`29`	`+`
	`30`	`+ return bn.uinvm().toBuffer()`
`28`	`31`	`}`
`29`	`32`
`30`	`33`	`exports.privateKeyTweakAdd = function (privateKey, tweak) {`