I have been doing differential fuzzing of elliptic curve libraries.
And I found one inconsistency with this javascript library.
Reproducer code is
var EC = require('elliptic').ec;
var utils = require('elliptic').utils;
var ec = new EC(process.argv[2]);
var pt1 = ec.curve.decodePoint(process.argv[3], "hex")
var sc = utils.toArray(process.argv[4], "hex")
var pt2 = pt1.mul(sc)
console.log(pt2.encode('hex'));
Reproducer command with this code named elliptic.js is
node elliptic.js p224 04fffffffffffffffffffffffff6fefffeffffffffffffffffffff52fa456dccc33f1d634106fda91244bf704f3dab9650616d0ac30bc05650 ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d
I get the following stack trace
elliptic/lib/elliptic/curve/short.js:415
return this.x.fromRed();
^
TypeError: Cannot read property 'fromRed' of null
at Point.getX (elliptic/lib/elliptic/curve/short.js:415:17)
at Point._encode (elliptic/lib/elliptic/curve/base.js:295:16)
at Point.encode (elliptic/lib/elliptic/curve/base.js:304:28)
at Object.<anonymous> (ecfuzzer/modules/elliptic.js:8:17)
at Module._compile (internal/modules/cjs/loader.js:774:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:785:10)
at Module.load (internal/modules/cjs/loader.js:641:32)
at Function.Module._load (internal/modules/cjs/loader.js:556:12)
at Function.Module.runMain (internal/modules/cjs/loader.js:837:10)
at internal/main/run_main_module.js:17:11
Expected output is simply 00 aka infinity point encoding
I have been doing differential fuzzing of elliptic curve libraries. And I found one inconsistency with this javascript library.
Reproducer code is
Reproducer command with this code named elliptic.js is
node elliptic.js p224 04fffffffffffffffffffffffff6fefffeffffffffffffffffffff52fa456dccc33f1d634106fda91244bf704f3dab9650616d0ac30bc05650 ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3dI get the following stack trace
Expected output is simply
00aka infinity point encoding