Issue with publicPointFromPrivate() function #3
Description
PROBLEM: The following function in ECKeyPair.cs allows one to obtain the public key from an input private key.
public static ECPoint publicPointFromPrivate(BigInteger privKey)
{
/*
* TODO: FixedPointCombMultiplier currently doesn't support scalars longer than the group
* order, but that could change in future versions.
*/
if (privKey.BitLength > CURVE.N.BitLength)
{
privKey = privKey.Mod(CURVE.N);
}
return new FixedPointCombMultiplier().Multiply(CURVE.G, privKey);
}
If the input privKey has a bit length that is larger than the bit length of the group order N, then privKey is reduced modulo N. There are couple of issues here: 1) Any input privKey that does not fall between 1 and N-1 (both inclusive) should be outright rejected. 2) Comparing the bit length of N and privKey is not correct. One should rather compare their values directly.
SOLUTION: Replace the if condition by instead checking whether the input privKey is valid or not. A valid privKey is simply a scalar value that is between 1 and N-1. If privKey is invalid, then the function should simply throw an error instead of reducing privKey modulo N.