Better check for input args in derive

This commit is contained in:
Kagami Hiiragi 2015-07-13 22:03:42 +03:00
parent ed4a3f43ef
commit 58604cc9d7
3 changed files with 15 additions and 6 deletions

View File

@ -100,6 +100,8 @@ exports.verify = function(publicKey, msg, sig) {
var derive = exports.derive = function(privateKeyA, publicKeyB) { var derive = exports.derive = function(privateKeyA, publicKeyB) {
return new Promise(function(resolve) { return new Promise(function(resolve) {
assert(Buffer.isBuffer(privateKeyA), "Bad input");
assert(Buffer.isBuffer(publicKeyB), "Bad input");
assert(privateKeyA.length === 32, "Bad private key"); assert(privateKeyA.length === 32, "Bad private key");
assert(publicKeyB.length === 65, "Bad public key"); assert(publicKeyB.length === 65, "Bad public key");
assert(publicKeyB[0] === 4, "Bad public key"); assert(publicKeyB[0] === 4, "Bad public key");

12
ecdh.cc
View File

@ -70,15 +70,15 @@ NAN_METHOD(Derive) {
NanScope(); NanScope();
if (args.Length() != 2 || if (args.Length() != 2 ||
!args[0]->IsObject() || // privkey_a !node::Buffer::HasInstance(args[0]) || // privkey_a
!args[1]->IsObject()) { // pubkey_b !node::Buffer::HasInstance(args[1])) { // pubkey_b
return NanThrowError("Bad input"); return NanThrowError("Bad input");
} }
char* privkey_a = node::Buffer::Data(args[0]->ToObject()); char* privkey_a = node::Buffer::Data(args[0]);
size_t privkey_a_len = node::Buffer::Length(args[0]->ToObject()); size_t privkey_a_len = node::Buffer::Length(args[0]);
char* pubkey_b = node::Buffer::Data(args[1]->ToObject()); char* pubkey_b = node::Buffer::Data(args[1]);
size_t pubkey_b_len = node::Buffer::Length(args[1]->ToObject()); size_t pubkey_b_len = node::Buffer::Length(args[1]);
if (privkey_a == NULL || if (privkey_a == NULL ||
privkey_a_len != PRIVKEY_SIZE || privkey_a_len != PRIVKEY_SIZE ||
pubkey_b == NULL || pubkey_b == NULL ||

View File

@ -142,6 +142,13 @@ describe("ECDH", function() {
}); });
}); });
}); });
it("should reject promise on bad arguments", function(done) {
eccrypto.derive({}, {}).catch(function(e) {
expect(e.message).to.match(/bad input/i);
done();
});
});
}); });
describe("ECIES", function() { describe("ECIES", function() {