Skip to content

Commit 01ef1c7

Browse files
paulmillrpaulmillr
committed
Disallow tweaks
1 parent 9a292c8 commit 01ef1c7

File tree

1 file changed

+10
-17
lines changed

1 file changed

+10
-17
lines changed

src/secp256k1-compat.ts

Lines changed: 10 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ import { sha256 } from "@noble/hashes/sha256";
22
import * as secp from "./secp256k1";
33
import { assertBool, assertBytes, hexToBytes, toHex } from "./utils";
44

5-
// Legacy compatibility layer for elliptic via noble-secp256k1
6-
// Use `secp256k1` module directly instead
5+
// Use `secp256k1` module directly.
6+
// This is a legacy compatibility layer for `tiny-secp256k1` via noble-secp256k1
77

88
// Copy-paste from secp256k1, maybe export it?
99
const bytesToNumber = (bytes: Uint8Array) => hexToNumber(toHex(bytes));
@@ -116,7 +116,6 @@ export function ecdsaSign(
116116
}
117117
const [signature, recid] = secp.signSync(msgHash, privateKey, {
118118
recovered: true,
119-
canonical: true,
120119
der: false
121120
});
122121
return { signature: output(out, 64, signature), recid };
@@ -235,10 +234,10 @@ export function publicKeyTweakAdd(
235234
assertBool(compressed);
236235
const p1 = secp.Point.fromHex(publicKey);
237236
const p2 = secp.Point.fromPrivateKey(tweak);
238-
if (p2.equals(secp.Point.ZERO)) {
237+
const point = p1.add(p2);
238+
if (p2.equals(secp.Point.ZERO) || point.equals(secp.Point.ZERO)) {
239239
throw new Error("Tweak must not be zero");
240240
}
241-
const point = p1.add(p2);
242241
return output(out, compressed ? 33 : 65, point.toRawBytes(compressed));
243242
}
244243

@@ -255,7 +254,7 @@ export function publicKeyTweakMul(
255254
if (bn === 0n) {
256255
throw new Error("Tweak must not be zero");
257256
}
258-
if (bn <= 0 || bn >= ORDER) {
257+
if (bn <= 1 || bn >= ORDER) {
259258
throw new Error("Tweak is zero or bigger than curve order");
260259
}
261260
const point = secp.Point.fromHex(publicKey).multiply(bn);
@@ -269,22 +268,16 @@ export function privateKeyTweakMul(
269268
assertBytes(privateKey, 32);
270269
assertBytes(tweak, 32);
271270
let bn = bytesToNumber(tweak);
272-
if (bn === 0n) {
273-
throw new Error("Tweak must not be zero");
274-
}
275-
if (bn >= ORDER) {
276-
throw new Error("Tweak bigger than curve order");
277-
}
278-
bn = mod(bn * bytesToNumber(privateKey), ORDER);
279-
if (bn >= ORDER) {
280-
bn -= ORDER;
271+
if (bn <= 1 || bn >= ORDER) {
272+
throw new Error("Tweak is zero or bigger than curve order");
281273
}
282-
if (bn === 0n) {
274+
const res = mod(bn * bytesToNumber(privateKey), ORDER);
275+
if (res === 0n) {
283276
throw new Error(
284277
"The tweak was out of range or the resulted private key is invalid"
285278
);
286279
}
287-
privateKey.set(hexToBytes(numberToHex(bn)));
280+
privateKey.set(hexToBytes(numberToHex(res)));
288281
return privateKey;
289282
}
290283
// internal -> DER

0 commit comments

Comments
 (0)