Merge 58b9e7b into 5d6c701

cryptocoinjs · Jan 18, 2016 · 856b0e7 · 856b0e7
2 parents 5d6c701 + 58b9e7b
commit 856b0e7
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/lib/elliptic/recover.js b/lib/elliptic/recover.js
@@ -28,6 +28,10 @@ exports.recoverSync = function (msg, signature, recovery) {
   try {
     var sigObj = {r: signature.slice(0, 32), s: signature.slice(32, 64)}
     var pubKey = ec.recoverPubKey(msg, sigObj, recovery)
+    if (!ec.verify(msg, sigObj, pubKey)) {
+      throw new Error(messages.ECDSA_RECOVER_FAIL)
+    }
+
     return new Buffer(pubKey.encodeCompressed())
   } catch (err) {
     throw new Error(messages.ECDSA_RECOVER_FAIL)

diff --git a/test/recover.js b/test/recover.js
@@ -111,5 +111,13 @@ module.exports = function (secp256k1, opts) {
         secp256k1.recoverSync(util.getMessage(), signature, 0)
       }).to.throw(Error, /signature/)
     })
+
+    it('Should throw error on invalid siganture', function () {
+      expect(function () {
+        var msgHash = new Buffer('fe7a79529ed5f7c3375d06b26b186a8644e0e16c373d7a12be41c62d6042b77a', 'hex')
+        var signature = new Buffer('98ff921201554726367d2be8c804a7ff89ccf285ebc57dff8ae4c44b9c19ac4a0000000000000000000000000000000000000000000000000000000000000000', 'hex')
+        secp256k1.recoverSync(msgHash, signature, 0)
+      }).to.throw(Error, /public/)
+    })
   })
 }