Merge pull request #53 from jhoenicke/multicurve

Multicurve

bip32.c

@@ -36,16 +36,20 @@
 
 int hdnode_from_xpub(uint32_t depth, uint32_t fingerprint, uint32_t child_num, const uint8_t *chain_code, const uint8_t *public_key, const char* curve, HDNode *out)
 {
+	const ecdsa_curve *curve_info = get_curve_by_name(curve);
+	if (curve_info == 0) {
+		return 0;
+	}
 	if (public_key[0] != 0x02 && public_key[0] != 0x03) { // invalid pubkey
 		return 0;
 	}
+	out->curve = curve_info;
 	out->depth = depth;
 	out->fingerprint = fingerprint;
 	out->child_num = child_num;
 	memcpy(out->chain_code, chain_code, 32);
 	MEMSET_BZERO(out->private_key, 32);
 	memcpy(out->public_key, public_key, 33);
-	out->curve = get_curve_by_name(curve);
 	return 1;
 }
 
@@ -53,10 +57,12 @@ int hdnode_from_xprv(uint32_t depth, uint32_t fingerprint, uint32_t child_num, c
 {
 	bignum256 a;
 	bn_read_be(private_key, &a);
-	out->curve = get_curve_by_name(curve);
 
 	bool failed = false;
-	if (bn_is_zero(&a)) { // == 0
+	const ecdsa_curve *curve_info = get_curve_by_name(curve);
+	if (curve_info == 0) {
+		failed = true;
+	} else if (bn_is_zero(&a)) { // == 0
 		failed = true;
 	} else {
 		if (!bn_is_less(&a, &out->curve->order)) { // >= order
@@ -69,6 +75,7 @@ int hdnode_from_xprv(uint32_t depth, uint32_t fingerprint, uint32_t child_num, c
 		return 0;
 	}
 
+	out->curve = curve_info;
 	out->depth = depth;
 	out->fingerprint = fingerprint;
 	out->child_num = child_num;
@@ -86,6 +93,9 @@ int hdnode_from_seed(const uint8_t *seed, int seed_len, const char* curve, HDNod
 	out->fingerprint = 0x00000000;
 	out->child_num = 0;
 	out->curve = get_curve_by_name(curve);
+	if (out->curve == 0) {
+		return 0;
+	}
 	hmac_sha512((const uint8_t*) out->curve->bip32_name,
 				strlen(out->curve->bip32_name), seed, seed_len, I);
 	memcpy(out->private_key, I, 32);

tests.c

@@ -648,6 +648,33 @@ START_TEST(test_bip32_nist_compare)
 }
 END_TEST
 
+START_TEST(test_bip32_nist_invalid)
+{
+	HDNode node, node2;
+	int r;
+
+	// init m
+	hdnode_from_seed(fromhex("000102030405060708090a0b0c0d0e0f"), 16, NIST256P1_NAME, &node);
+
+	// [Chain m/28578']
+	r = hdnode_private_ckd_prime(&node, 28578);
+	ck_assert_int_eq(r, 1);
+	ck_assert_int_eq(node.fingerprint, 0xbe6105b5);
+	ck_assert_mem_eq(node.chain_code,  fromhex("e94c8ebe30c2250a14713212f6449b20f3329105ea15b652ca5bdfc68f6c65c2"), 32);
+	ck_assert_mem_eq(node.private_key, fromhex("06f0db126f023755d0b8d86d4591718a5210dd8d024e3e14b6159d63f53aa669"), 32);
+	ck_assert_mem_eq(node.public_key,  fromhex("02519b5554a4872e8c9c1c847115363051ec43e93400e030ba3c36b52a3e70a5b7"), 33);
+
+	memcpy(&node2, &node, sizeof(HDNode));
+	r = hdnode_private_ckd(&node2, 33941);
+	ck_assert_int_eq(r, 0);
+
+	memcpy(&node2, &node, sizeof(HDNode));
+	memset(&node2.private_key, 0, 32);
+	r = hdnode_public_ckd(&node2, 33941);
+	ck_assert_int_eq(r, 0);
+}
+END_TEST
+
 #define test_deterministic(KEY, MSG, K) do {	  \
 	sha256_Raw((uint8_t *)MSG, strlen(MSG), buf); \
 	res = generate_k_rfc6979(curve, &k, fromhex(KEY), buf); \
@@ -1569,6 +1596,7 @@ Suite *test_suite(void)
 	tcase_add_test(tc, test_bip32_nist_vector_1);
 	tcase_add_test(tc, test_bip32_nist_vector_2);
 	tcase_add_test(tc, test_bip32_nist_compare);
+	tcase_add_test(tc, test_bip32_nist_invalid);
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("rfc6979");