elliptic: fix key verification in loadCompressedPublicKey

ChALkeR · fanatid · commit 9a15fff274f8 · 2024-10-18T13:17:16.000+07:00
diff --git a/lib/elliptic.js b/lib/elliptic.js
@@ -18,6 +18,10 @@ function loadCompressedPublicKey (first, xbuf) {
   let y = x.redSqr().redIMul(x).redIAdd(ecparams.b).redSqrt()
   if ((first === 0x03) !== y.isOdd()) y = y.redNeg()
 
+  // x*x*x + b = y*y
+  const x3 = x.redSqr().redIMul(x)
+  if (!y.redSqr().redISub(x3.redIAdd(ecparams.b)).isZero()) return null
+
   return ec.keyPair({ pub: { x: x, y: y } })
 }
 
diff --git a/package.json b/package.json
@@ -40,7 +40,7 @@
     "node-gyp": "=10.1.0",
     "nyc": "^15.0.0",
     "prebuildify": "^6.0.1",
-    "prebuildify-cross": "github:fanatid/prebuildify-cross#9f7af67698f06e07d42304d9813a6f19aee5812c",
+    "prebuildify-cross": "^5.1.1",
     "standard": "^14.3.1",
     "tap-dot": "^2.0.0",
     "tape": "^4.10.1",
diff --git a/test/publickey.js b/test/publickey.js
@@ -32,6 +32,12 @@ module.exports = (t, secp256k1) => {
       invalidLength[0] = publicKey.compressed[0]
       t.false(secp256k1.publicKeyVerify(invalidLength), 'invalid length')
 
+      const zeroUncompressed = Buffer.concat([Buffer.from([0x04]), Buffer.alloc(64)])
+      t.false(secp256k1.publicKeyVerify(zeroUncompressed), 'zero uncompressed')
+
+      const zeroCompressed = Buffer.concat([Buffer.from([0x02]), Buffer.alloc(32)])
+      t.false(secp256k1.publicKeyVerify(zeroCompressed), 'zero compressed')
+
       t.end()
     })
 

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,10 @@ function loadCompressedPublicKey (first, xbuf) {`
`18`	`18`	`let y = x.redSqr().redIMul(x).redIAdd(ecparams.b).redSqrt()`
`19`	`19`	`if ((first === 0x03) !== y.isOdd()) y = y.redNeg()`
`20`	`20`
	`21`	`+ // xxx + b = y*y`
	`22`	`+ const x3 = x.redSqr().redIMul(x)`
	`23`	`+ if (!y.redSqr().redISub(x3.redIAdd(ecparams.b)).isZero()) return null`
	`24`	`+`
`21`	`25`	`return ec.keyPair({ pub: { x: x, y: y } })`
`22`	`26`	`}`
`23`	`27`