ECKey.hashCode can trigger ArrayIndexOutOfBoundsException

[GoogleCodeExporter]

Consider this key:

base58
5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAbuatmU

privkey
0000000000000000000000000000000000000000000000000000000000000000

Its pubkey is only one byte long and thus triggers 
ArrayIndexOutOfBoundsException in the hashCode implementation. Try running this:

new DumpedPrivateKey(NetworkParameters.prodNet(), 
"5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAbuatmU").getKey().hashCode();

Granted, this is a very made up case. Anyhow, I wonder if perhaps there is 
other keys that would fail because they are maybe just 10 bytes shorter than 
"normal".

Original issue reported on code.google.com by andreas....@gmail.com on 4 Dec 2013 at 12:21

[GoogleCodeExporter]

It breaks because zero is not a valid EC private key. See SEC1 section 3.2.1 
step 1:

  "Randomly or pseudorandomly select an integer in the interval [1, n-1]"

Bouncy Castle does this. Thus a private key of zero will never be generated by 
a valid EC key generation algorithm.

I don't think any valid public key is ever likely to be less than 4 bytes long, 
which is what hashCode requires.

Original comment by hearn@google.com on 4 Dec 2013 at 10:06

• Changed state: Invalid

[GoogleCodeExporter]

Ok, I'd like to propose to not accept invalid keys like that. Currently people 
can import an invalid key into one's wallet and thus make it corrupt. I'd say 
either the DumpedPrivateKey constructor or the getKey() method should throw an 
exception.

Original comment by andreas....@gmail.com on 4 Dec 2013 at 10:13