diff --git a/browser.js b/browser.js index fa5bd74..95f1ce1 100644 --- a/browser.js +++ b/browser.js @@ -78,6 +78,8 @@ var getPublic = exports.getPublic = function(privateKey) { exports.sign = function(privateKey, msg) { return new Promise(function(resolve) { assert(privateKey.length === 32, "Bad private key"); + assert(msg.length > 0, "Message should not be empty"); + assert(msg.length <= 32, "Message is too long"); resolve(new Buffer(ec.sign(msg, privateKey, {canonical: true}).toDER())); }); }; @@ -86,6 +88,8 @@ exports.verify = function(publicKey, msg, sig) { return new Promise(function(resolve, reject) { assert(publicKey.length === 65, "Bad public key"); assert(publicKey[0] === 4, "Bad public key"); + assert(msg.length > 0, "Message should not be empty"); + assert(msg.length <= 32, "Message is too long"); if (ec.verify(msg, sig, publicKey)) { resolve(); } else { diff --git a/index.js b/index.js index fadbb73..0da8a20 100644 --- a/index.js +++ b/index.js @@ -81,6 +81,8 @@ function padMsg(msg) { */ exports.sign = function(privateKey, msg) { return new promise(function(resolve) { + assert(msg.length > 0, "Message should not be empty"); + assert(msg.length <= 32, "Message is too long"); resolve(secp256k1.sign(privateKey, padMsg(msg))); }); }; @@ -95,6 +97,8 @@ exports.sign = function(privateKey, msg) { */ exports.verify = function(publicKey, msg, sig) { return new promise(function(resolve, reject) { + assert(msg.length > 0, "Message should not be empty"); + assert(msg.length <= 32, "Message is too long"); if (secp256k1.verify(publicKey, padMsg(msg), sig) === 1) { resolve(); } else { diff --git a/test.js b/test.js index 47e1630..d982616 100644 --- a/test.js +++ b/test.js @@ -93,6 +93,28 @@ describe("ECDSA", function() { return eccrypto.verify(publicKey, shortMsg, sig); }); }); + + it("shouldn't sign and verify messages longer than 32 bytes", function(done) { + var longMsg = Buffer(40); + var someSig = Buffer("304402204737396b697e5a3400e3aedd203d8be89879f97708647252bd0c17752ff4c8f302201d52ef234de82ce0719679fa220334c83b80e21b8505a781d32d94a27d9310aa", "hex"); + eccrypto.sign(privateKey, longMsg).catch(function() { + eccrypto.verify(privateKey, longMsg, someSig).catch(function(e) { + expect(e.message).to.not.match(/bad signature/i); + done(); + }); + }); + }); + + it("shouldn't sign and verify empty messages", function(done) { + var emptyMsg = Buffer(0); + var someSig = Buffer("304402204737396b697e5a3400e3aedd203d8be89879f97708647252bd0c17752ff4c8f302201d52ef234de82ce0719679fa220334c83b80e21b8505a781d32d94a27d9310aa", "hex"); + eccrypto.sign(privateKey, emptyMsg).catch(function() { + eccrypto.verify(publicKey, emptyMsg, someSig).catch(function(e) { + expect(e.message).to.not.match(/bad signature/i); + done(); + }); + }); + }); }); describe("ECDH", function() {