UNPKG

@smartledger/elliptic-fix

Version:

Security fix for signature malleability vulnerability in Elliptic package v6.5.5 used by bsv@1.5.6

github.com/smartledger/elliptic-fix

smartledger/elliptic-fix

31 lines (25 loc) 1.24 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
const elliptic = require('./index.js'); const ed = new elliptic.eddsa('ed25519'); // Test data const key = ed.keyFromSecret('0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef'); const msg = Buffer.from('test message'); // Create a valid signature const validSig = key.sign(msg); // Create a malleable signature by modifying the S value const validSigBytes = Buffer.from(validSig.toHex(), 'hex'); const R = validSigBytes.slice(0, 32); const malleableS = ed.curve.n.addn(1); // S = n + 1 const malleableSBytes = malleableS.toArrayLike(Buffer, 'le', 32); const malleableSig = Buffer.concat([R, malleableSBytes]).toString('hex'); // Verify the fix is working const validResult = ed.verify(msg, validSig.toHex(), key.getPublic()); const malleableResult = ed.verify(msg, malleableSig, key.getPublic()); if (validResult && !malleableResult) { console.log('\n✅ Security fix successfully installed:'); console.log('- Valid signatures are accepted'); console.log('- Malleable signatures (S >= n) are rejected'); } else { console.error('\n❌ Security fix verification failed!'); console.error('Please report this issue at: https://github.com/yourusername/bsv-elliptic-fix/issues'); process.exit(1); }