Merge pull request #191 from tomato42/unlikely-keys

handle private keys equal to n-1

Author: tomato42

src/ecdsa/ellipticcurve.py

@@ -619,8 +619,12 @@ def mul_add(self, self_mul, other, other_mul):
         X1, Y1 = self.__x, self.__y
         other = other.scale()
         X2, Y2 = other.__x, other.__y
-        both = (self + other).scale()
-        X4, Y4 = both.__x, both.__y
+        both = self + other
+        if both is INFINITY:
+            X4, Y4 = 0, 0
+        else:
+            both.scale()
+            X4, Y4 = both.__x, both.__y
         _double = self._double
         _add = self._add
         while i > 1:

src/ecdsa/test_keys.py

@@ -24,6 +24,7 @@
     sigdecode_der,
     sigdecode_strings,
 )
+from .curves import NIST256p
 
 
 class TestVerifyingKeyFromString(unittest.TestCase):
@@ -408,3 +409,10 @@ def test_SigningKey_sign_digest(convert):
     sig = sk.sign_digest(convert(data_hash))
 
     vk.verify(sig, data)
+
+
+def test_SigningKey_with_unlikely_value():
+    sk = SigningKey.from_secret_exponent(NIST256p.order - 1, curve=NIST256p)
+    vk = sk.verifying_key
+    sig = sk.sign(b"hello")
+    assert vk.verify(sig, b"hello")