crypto: ensure private keys are < N (#15745)

Fixes #15744
pull/15807/head
Alex Wu 7 years ago committed by Felix Lange
parent 908faf8cd7
commit 6cd6b921ac
  1. 10
      crypto/crypto.go

@ -97,6 +97,16 @@ func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) {
return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize) return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize)
} }
priv.D = new(big.Int).SetBytes(d) priv.D = new(big.Int).SetBytes(d)
// The priv.D must < N
if priv.D.Cmp(secp256k1_N) >= 0 {
return nil, fmt.Errorf("invalid private key, >=N")
}
// The priv.D must not be zero or negative.
if priv.D.Sign() <= 0 {
return nil, fmt.Errorf("invalid private key, zero or negative")
}
priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d) priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d)
if priv.PublicKey.X == nil { if priv.PublicKey.X == nil {
return nil, errors.New("invalid private key") return nil, errors.New("invalid private key")

Loading…
Cancel
Save