Add more input checkings

2015-01-21 03:04:56 +03:00 · 2015-01-21 03:04:56 +03:00 · 4351c28a6c
commit 4351c28a6c
parent 69745567ff
3 changed files with 30 additions and 0 deletions
--- a/browser.js
+++ b/browser.js
@ -78,6 +78,8 @@ var getPublic = exports.getPublic = function(privateKey) {
 exports.sign = function(privateKey, msg) {
  return new Promise(function(resolve) {
    assert(privateKey.length === 32, "Bad private key");
+    assert(msg.length > 0, "Message should not be empty");
+    assert(msg.length <= 32, "Message is too long");
    resolve(new Buffer(ec.sign(msg, privateKey, {canonical: true}).toDER()));
  });
 };
@ -86,6 +88,8 @@ exports.verify = function(publicKey, msg, sig) {
  return new Promise(function(resolve, reject) {
    assert(publicKey.length === 65, "Bad public key");
    assert(publicKey[0] === 4, "Bad public key");
+    assert(msg.length > 0, "Message should not be empty");
+    assert(msg.length <= 32, "Message is too long");
    if (ec.verify(msg, sig, publicKey)) {
      resolve();
    } else {
--- a/index.js
+++ b/index.js
@ -81,6 +81,8 @@ function padMsg(msg) {
 */
 exports.sign = function(privateKey, msg) {
  return new promise(function(resolve) {
+    assert(msg.length > 0, "Message should not be empty");
+    assert(msg.length <= 32, "Message is too long");
    resolve(secp256k1.sign(privateKey, padMsg(msg)));
  });
 };
@ -95,6 +97,8 @@ exports.sign = function(privateKey, msg) {
 */
 exports.verify = function(publicKey, msg, sig) {
  return new promise(function(resolve, reject) {
+    assert(msg.length > 0, "Message should not be empty");
+    assert(msg.length <= 32, "Message is too long");
    if (secp256k1.verify(publicKey, padMsg(msg), sig) === 1) {
     resolve();
    } else {
--- a/test.js
+++ b/test.js
@ -93,6 +93,28 @@ describe("ECDSA", function() {
      return eccrypto.verify(publicKey, shortMsg, sig);
    });
  });
+
+  it("shouldn't sign and verify messages longer than 32 bytes", function(done) {
+    var longMsg = Buffer(40);
+    var someSig = Buffer("304402204737396b697e5a3400e3aedd203d8be89879f97708647252bd0c17752ff4c8f302201d52ef234de82ce0719679fa220334c83b80e21b8505a781d32d94a27d9310aa", "hex");
+    eccrypto.sign(privateKey, longMsg).catch(function() {
+      eccrypto.verify(privateKey, longMsg, someSig).catch(function(e) {
+        expect(e.message).to.not.match(/bad signature/i);
+        done();
+      });
+    });
+  });
+
+  it("shouldn't sign and verify empty messages", function(done) {
+    var emptyMsg = Buffer(0);
+    var someSig = Buffer("304402204737396b697e5a3400e3aedd203d8be89879f97708647252bd0c17752ff4c8f302201d52ef234de82ce0719679fa220334c83b80e21b8505a781d32d94a27d9310aa", "hex");
+    eccrypto.sign(privateKey, emptyMsg).catch(function() {
+      eccrypto.verify(publicKey, emptyMsg, someSig).catch(function(e) {
+        expect(e.message).to.not.match(/bad signature/i);
+        done();
+      });
+    });
+  });
 });

 describe("ECDH", function() {