@exodus/elliptic - npm Package Compare versions

Comparing version 6.5.4-precomputed to 6.6.1-precomputed

lib/elliptic/ec/index.js

@@ -81,4 +81,23 @@ 'use strict';
 
-EC.prototype._truncateToN = function _truncateToN(msg, truncOnly) {
-  var delta = msg.byteLength() * 8 - this.n.bitLength();
+EC.prototype._truncateToN = function _truncateToN(msg, truncOnly, bitLength) {
+  var byteLength;
+  if (BN.isBN(msg) || typeof msg === 'number') {
+    msg = new BN(msg, 16);
+    byteLength = msg.byteLength();
+  } else if (typeof msg === 'object') {
+    // BN assumes an array-like input and asserts length
+    byteLength = msg.length;
+    msg = new BN(msg, 16);
+  } else {
+    // BN converts the value to string
+    var str = msg.toString();
+    // HEX encoding
+    byteLength = (str.length + 1) >>> 1;
+    msg = new BN(str, 16);
+  }
+  // Allow overriding
+  if (typeof bitLength !== 'number') {
+    bitLength = byteLength * 8;
+  }
+  var delta = bitLength - this.n.bitLength();
   if (delta > 0)
@@ -100,5 +119,15 @@ msg = msg.ushrn(delta);
 
+  if (typeof msg !== 'string' && typeof msg !== 'number' && !BN.isBN(msg)) {
+    assert(typeof msg === 'object' && msg && typeof msg.length === 'number',
+      'Expected message to be an array-like, a hex string, or a BN instance');
+    assert((msg.length >>> 0) === msg.length); // non-negative 32-bit integer
+    for (var i = 0; i < msg.length; i++) assert((msg[i] & 255) === msg[i]);
+  }
+
   key = this.keyFromPrivate(key, enc);
-  msg = this._truncateToN(new BN(msg, 16));
+  msg = this._truncateToN(msg, false, options.msgBitLength);
 
+  // Would fail further checks, but let's make the error message clear
+  assert(!msg.isNeg(), 'Can not sign a negative message');
+
   // Zero-extend key to provide enough entropy
@@ -111,2 +140,5 @@ var bytes = this.n.byteLength();
 
+  // Recheck nonce to be bijective to msg
+  assert((new BN(nonce)).eq(msg), 'Can not sign message');
+
   // Instantiate Hmac_DRBG
@@ -159,4 +191,7 @@ var drbg = new HmacDRBG({
 
-EC.prototype.verify = function verify(msg, signature, key, enc) {
-  msg = this._truncateToN(new BN(msg, 16));
+EC.prototype.verify = function verify(msg, signature, key, enc, options) {
+  if (!options)
+    options = {};
+
+  msg = this._truncateToN(msg, false, options.msgBitLength);
   key = this.keyFromPublic(key, enc);
@@ -163,0 +198,0 @@ signature = new Signature(signature, 'hex');

lib/elliptic/ec/key.js

@@ -114,4 +114,4 @@ 'use strict';
 
-KeyPair.prototype.verify = function verify(msg, signature) {
-  return this.ec.verify(msg, signature, this);
+KeyPair.prototype.verify = function verify(msg, signature, options) {
+  return this.ec.verify(msg, signature, this, undefined, options);
 };
@@ -118,0 +118,0 @@

lib/elliptic/ec/signature.js

@@ -41,2 +41,6 @@ 'use strict';
 
+  if(buf[p.place] === 0x00) {
+    return false;
+  }
+
   var val = 0;
@@ -90,2 +94,5 @@ for (var i = 0, off = p.place; i < octetLen; i++, off++) {
   }
+  if ((data[p.place] & 128) !== 0) {
+    return false;
+  }
   var r = data.slice(p.place, rlen + p.place);
@@ -103,2 +110,5 @@ p.place += rlen;
   }
+  if ((data[p.place] & 128) !== 0) {
+    return false;
+  }
   var s = data.slice(p.place, slen + p.place);
@@ -105,0 +115,0 @@ if (r[0] === 0) {

lib/elliptic/eddsa/index.js

@@ -55,2 +55,5 @@ 'use strict';
   sig = this.makeSignature(sig);
+  if (sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()) {
+    return false;
+  }
   var key = this.keyFromPublic(pub);
@@ -57,0 +60,0 @@ var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message);

lib/elliptic/eddsa/signature.js

@@ -24,2 +24,3 @@ 'use strict';
   if (Array.isArray(sig)) {
+    assert(sig.length === eddsa.encodingLength * 2, 'Signature has invalid size');
     sig = {
@@ -26,0 +27,0 @@ R: sig.slice(0, eddsa.encodingLength),

lib/elliptic/utils.js

@@ -17,3 +17,6 @@ 'use strict';
   var naf = new Array(Math.max(num.bitLength(), bits) + 1);
-  naf.fill(0);
+  var i;
+  for (i = 0; i < naf.length; i += 1) {
+    naf[i] = 0;
+  }
 
@@ -23,3 +26,3 @@ var ws = 1 << (w + 1);
 
-  for (var i = 0; i < naf.length; i++) {
+  for (i = 0; i < naf.length; i++) {
     var z;
@@ -26,0 +29,0 @@ var mod = k.andln(ws - 1);

package.json

 {
   "name": "@exodus/elliptic",
-  "version": "6.5.4-precomputed",
+  "version": "6.6.1-precomputed",
   "description": "EC cryptography",
@@ -5,0 +5,0 @@ "main": "lib/elliptic.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

475324

increased by0.35%

Lines of code

10234

increased by0.46%

No dependency changes