From 8bd6446e000fa59df3cda0ae3e424300747ea5ed Mon Sep 17 00:00:00 2001 From: Nikita Skovoroda Date: Fri, 18 Oct 2024 09:15:31 +0300 Subject: [PATCH] elliptic: fix key verification in loadCompressedPublicKey --- lib/elliptic.js | 4 ++++ package.json | 2 +- test/publickey.js | 6 ++++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/elliptic.js b/lib/elliptic.js index bd48ec1..d70cf8f 100644 --- a/lib/elliptic.js +++ b/lib/elliptic.js @@ -18,6 +18,10 @@ function loadCompressedPublicKey (first, xbuf) { let y = x.redSqr().redIMul(x).redIAdd(ecparams.b).redSqrt() if ((first === 0x03) !== y.isOdd()) y = y.redNeg() + // x*x*x + b = y*y + const x3 = x.redSqr().redIMul(x) + if (!y.redSqr().redISub(x3.redIAdd(ecparams.b)).isZero()) return null + return ec.keyPair({ pub: { x: x, y: y } }) } diff --git a/package.json b/package.json index 8de56bf..767a871 100644 --- a/package.json +++ b/package.json @@ -40,7 +40,7 @@ "node-gyp": "=10.1.0", "nyc": "^15.0.0", "prebuildify": "^6.0.1", - "prebuildify-cross": "github:fanatid/prebuildify-cross#9f7af67698f06e07d42304d9813a6f19aee5812c", + "prebuildify-cross": "^5.1.1", "standard": "^14.3.1", "tap-dot": "^2.0.0", "tape": "^4.10.1", diff --git a/test/publickey.js b/test/publickey.js index e8f3cec..aeb4428 100644 --- a/test/publickey.js +++ b/test/publickey.js @@ -32,6 +32,12 @@ module.exports = (t, secp256k1) => { invalidLength[0] = publicKey.compressed[0] t.false(secp256k1.publicKeyVerify(invalidLength), 'invalid length') + const zeroUncompressed = Buffer.concat([Buffer.from([0x04]), Buffer.alloc(64)]) + t.false(secp256k1.publicKeyVerify(zeroUncompressed), 'zero uncompressed') + + const zeroCompressed = Buffer.concat([Buffer.from([0x02]), Buffer.alloc(32)]) + t.false(secp256k1.publicKeyVerify(zeroCompressed), 'zero compressed') + t.end() })