From 513d880c648277062fa8853087bd90a70a1c9ab9 Mon Sep 17 00:00:00 2001 From: Kagami Hiiragi Date: Sat, 27 Dec 2014 15:47:25 +0300 Subject: [PATCH] Check private key length in getPublic --- browser.js | 5 +++++ test.js | 1 + 2 files changed, 6 insertions(+) diff --git a/browser.js b/browser.js index ab96170..7886210 100644 --- a/browser.js +++ b/browser.js @@ -5,11 +5,16 @@ "use strict"; require("es6-promise").polyfill(); +var assert = require("assert"); var EC = require("elliptic").ec; var ec = new EC("secp256k1"); exports.getPublic = function(privateKey) { + // `elliptic` doesn't have such checkings so we do it ourself. We + // should always ensure that library user doesn't try to do something + // dumb. + assert(privateKey.length === 32, "Bad private key"); // XXX(Kagami): `elliptic.utils.encode` returns array for every // encoding except `hex`. return new Buffer(ec.keyPair(privateKey).getPublic("arr")); diff --git a/test.js b/test.js index d6ffce8..e6199b0 100644 --- a/test.js +++ b/test.js @@ -16,6 +16,7 @@ describe("Key convertion", function() { it("should throw on invalid private key", function() { expect(eccrypto.getPublic.bind(null, Buffer("00", "hex"))).to.throw(Error); + expect(eccrypto.getPublic.bind(null, Buffer("test"))).to.throw(Error); }); });