From 4f8040f8d41fc0512ac7959111cbdd049673a233 Mon Sep 17 00:00:00 2001
From: Daniel Cousens <github@dcousens.com>
Date: Sat, 14 Jun 2014 11:45:01 +1000
Subject: [PATCH] ecdsa: add invalid test fixtures for recoverPubKey

---
 src/ecdsa.js             |  5 +++--
 test/ecdsa.js            | 14 ++++++++++++++
 test/fixtures/ecdsa.json | 22 ++++++++++++++++++++++
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/src/ecdsa.js b/src/ecdsa.js
index ff2a8d7..e4f34f9 100644
--- a/src/ecdsa.js
+++ b/src/ecdsa.js
@@ -186,7 +186,7 @@ function parseSigCompact(buffer) {
   * http://www.secg.org/download/aid-780/sec1-v2.pdf
   */
 function recoverPubKey(curve, e, signature, i) {
-  assert.strictEqual(i & 3, i, 'The recovery param is more than two bits')
+  assert.strictEqual(i & 3, i, 'Recovery param is more than two bits')
 
   var r = signature.r
   var s = signature.s
@@ -223,7 +223,8 @@ function recoverPubKey(curve, e, signature, i) {
 
   // 1.4 Check that nR isn't at infinity
   var R = Point.fromAffine(curve, x, y)
-  curve.validate(R)
+  var nR = R.multiply(n)
+  assert(curve.isInfinity(nR), 'nR is not a valid curve point')
 
   // 1.5 Compute -e from e
   var eNeg = e.negate().mod(n)
diff --git a/test/ecdsa.js b/test/ecdsa.js
index 8569e08..46d259c 100644
--- a/test/ecdsa.js
+++ b/test/ecdsa.js
@@ -37,6 +37,20 @@ describe('ecdsa', function() {
       var Qprime = ecdsa.recoverPubKey(curve, e, parsed.signature, parsed.i)
       assert(Q.equals(Qprime))
     })
+
+    fixtures.invalid.recoverPubKey.forEach(function(f) {
+      it('throws on ' + f.description, function() {
+        var e = BigInteger.fromHex(f.e)
+        var signature = {
+          r: new BigInteger(f.signature.r),
+          s: new BigInteger(f.signature.s)
+        }
+
+        assert.throws(function() {
+          ecdsa.recoverPubKey(curve, e, signature, f.i)
+        }, new RegExp(f.exception))
+      })
+    })
   })
 
   describe('sign', function() {
diff --git a/test/fixtures/ecdsa.json b/test/fixtures/ecdsa.json
index 4795d07..c10d691 100644
--- a/test/fixtures/ecdsa.json
+++ b/test/fixtures/ecdsa.json
@@ -143,6 +143,28 @@
         "hex": "300c0204ffffffff0202ffffffff"
       }
     ],
+    "recoverPubKey": [
+      {
+        "description": "Invalid r value (== 0)",
+        "exception": "nR is not a valid curve point",
+        "e": "01",
+        "signature": {
+          "r": "00",
+          "s": "02"
+        },
+        "i": 0
+      },
+      {
+        "description": "Invalid i value (> 3)",
+        "exception": "Recovery param is more than two bits",
+        "e": "01",
+        "signature": {
+          "r": "00",
+          "s": "02"
+        },
+        "i": 4
+      }
+    ],
     "verifyRaw": [
       {
         "description": "The wrong signature",