From 4351c28a6cb9899c6dd14a22cb71c7b345f1f9b4 Mon Sep 17 00:00:00 2001
From: Kagami Hiiragi <kagami@genshiken.org>
Date: Wed, 21 Jan 2015 03:04:56 +0300
Subject: [PATCH] Add more input checkings

---
 browser.js |  4 ++++
 index.js   |  4 ++++
 test.js    | 22 ++++++++++++++++++++++
 3 files changed, 30 insertions(+)

diff --git a/browser.js b/browser.js
index fa5bd74..95f1ce1 100644
--- a/browser.js
+++ b/browser.js
@@ -78,6 +78,8 @@ var getPublic = exports.getPublic = function(privateKey) {
 exports.sign = function(privateKey, msg) {
   return new Promise(function(resolve) {
     assert(privateKey.length === 32, "Bad private key");
+    assert(msg.length > 0, "Message should not be empty");
+    assert(msg.length <= 32, "Message is too long");
     resolve(new Buffer(ec.sign(msg, privateKey, {canonical: true}).toDER()));
   });
 };
@@ -86,6 +88,8 @@ exports.verify = function(publicKey, msg, sig) {
   return new Promise(function(resolve, reject) {
     assert(publicKey.length === 65, "Bad public key");
     assert(publicKey[0] === 4, "Bad public key");
+    assert(msg.length > 0, "Message should not be empty");
+    assert(msg.length <= 32, "Message is too long");
     if (ec.verify(msg, sig, publicKey)) {
       resolve();
     } else {
diff --git a/index.js b/index.js
index fadbb73..0da8a20 100644
--- a/index.js
+++ b/index.js
@@ -81,6 +81,8 @@ function padMsg(msg) {
  */
 exports.sign = function(privateKey, msg) {
   return new promise(function(resolve) {
+    assert(msg.length > 0, "Message should not be empty");
+    assert(msg.length <= 32, "Message is too long");
     resolve(secp256k1.sign(privateKey, padMsg(msg)));
   });
 };
@@ -95,6 +97,8 @@ exports.sign = function(privateKey, msg) {
  */
 exports.verify = function(publicKey, msg, sig) {
   return new promise(function(resolve, reject) {
+    assert(msg.length > 0, "Message should not be empty");
+    assert(msg.length <= 32, "Message is too long");
     if (secp256k1.verify(publicKey, padMsg(msg), sig) === 1) {
      resolve();
     } else {
diff --git a/test.js b/test.js
index 47e1630..d982616 100644
--- a/test.js
+++ b/test.js
@@ -93,6 +93,28 @@ describe("ECDSA", function() {
       return eccrypto.verify(publicKey, shortMsg, sig);
     });
   });
+
+  it("shouldn't sign and verify messages longer than 32 bytes", function(done) {
+    var longMsg = Buffer(40);
+    var someSig = Buffer("304402204737396b697e5a3400e3aedd203d8be89879f97708647252bd0c17752ff4c8f302201d52ef234de82ce0719679fa220334c83b80e21b8505a781d32d94a27d9310aa", "hex");
+    eccrypto.sign(privateKey, longMsg).catch(function() {
+      eccrypto.verify(privateKey, longMsg, someSig).catch(function(e) {
+        expect(e.message).to.not.match(/bad signature/i);
+        done();
+      });
+    });
+  });
+
+  it("shouldn't sign and verify empty messages", function(done) {
+    var emptyMsg = Buffer(0);
+    var someSig = Buffer("304402204737396b697e5a3400e3aedd203d8be89879f97708647252bd0c17752ff4c8f302201d52ef234de82ce0719679fa220334c83b80e21b8505a781d32d94a27d9310aa", "hex");
+    eccrypto.sign(privateKey, emptyMsg).catch(function() {
+      eccrypto.verify(publicKey, emptyMsg, someSig).catch(function(e) {
+        expect(e.message).to.not.match(/bad signature/i);
+        done();
+      });
+    });
+  });
 });
 
 describe("ECDH", function() {