search

indutny / elliptic

Fast Elliptic Curve Cryptography in plain javascript
1.69k stars 376 forks source link

EdDSA Assert fails #119

Open ghost opened 7 years ago

ghost commented 7 years ago

Encoding:

var objj = {
                rsa: keys.rsa.public,
                rsa_sig: keys.ec.dsa_obj.priv.sign(Array.from(convertB64toUint8(keys.rsa.public))).toHex(),
                ec: keys.ec.public,
                ec_sig: keys.ec.dsa_obj.priv.sign(Array.from(convertB64toUint8(keys.ec.public))).toHex()
            };

Decoding:

EdDSA.keyFromPublic(Array.from(convertB64toUint8(keys.ec.public))).verify(Array.from(convertB64toUint8(objj.ec)), objj.ec_sig)

Additional Functions:

convertB64toUint8:

function convertB64toUint8(base64) {
    return new Uint8Array(atob(base64).split("").map(function(c) { return c.charCodeAt(0); }));
}

Array.from is there because otherwise, I get errors about slicing and concat.

Stacktrace:

Uncaught Error: Assertion failed
    at d (http://localhost/data/javascript/elliptic.min.js:1:812)
    at s.sqrt (http://localhost/data/javascript/elliptic.min.js:2:10086)
    at f.redSqrt (http://localhost/data/javascript/elliptic.min.js:2:6331)
    at d.pointFromY (http://localhost/data/javascript/elliptic.min.js:2:19039)
    at d.decodePoint (http://localhost/data/javascript/elliptic.min.js:3:19758)
    at d.<anonymous> (http://localhost/data/javascript/elliptic.min.js:3:20584)
    at d.a.(anonymous function) [as pub] (http://localhost/data/javascript/elliptic.min.js:4:18583)
    at d.verify (http://localhost/data/javascript/elliptic.min.js:3:19063)
    at d.verify (http://localhost/data/javascript/elliptic.min.js:3:21182)
    at IDBRequest.request.onsuccess (http://localhost/data/javascript/init.js:1432:84)

The second number represents the pretty printed file line number in Chrome of the minified file.

fanatid commented 7 years ago

@Dacnomanie can you reproduce same in node?

ghost commented 7 years ago

I've never used Node before

ghost commented 7 years ago

It works when I use the ec class instead of eddsa, I assume these are equivalent in terms of security benefits if I'm using ed25519 as the curve?