Fix ECDSA nonce boundary checks (TOB-BSV-23) and add validation tests

Stephen-Thomson · Stephen-Thomson · commit 6b5b98c59ebf · 2025-12-03T06:22:01.000-08:00
diff --git a/src/primitives/ECDSA.ts b/src/primitives/ECDSA.ts
@@ -87,7 +87,7 @@ export const sign = (
     if (kBN == null) throw new Error('k is undefined')
     kBN = truncateToN(kBN, true)
 
-    if (kBN.cmpn(1) <= 0 || kBN.cmp(ns1) >= 0) {
+    if (kBN.cmpn(1) < 0 || kBN.cmp(ns1) > 0) {
       if (BigNumber.isBN(customK)) {
         throw new Error('Invalid fixed custom K value (must be >1 and <N‑1)')
       }
diff --git a/src/primitives/__tests/ECDSA.test.ts b/src/primitives/__tests/ECDSA.test.ts
@@ -61,4 +61,33 @@ describe('ECDSA', () => {
     const signature = ECDSA.sign(msg, key)
     expect(ECDSA.verify(msg, signature, wrongPub)).toBeFalsy()
   })
+
+  it('should accept custom k = 1 and k = n-1', () => {
+    const n = curve.n
+    const one = new BigNumber(1)
+
+    // k = 1 → valid
+    const k1 = one
+    const sig1 = ECDSA.sign(msg, key, undefined, k1)
+    expect(ECDSA.verify(msg, sig1, pub)).toBeTruthy()
+
+    // k = n-1 → valid
+    const km1 = n.subn(1)
+    const sig2 = ECDSA.sign(msg, key, undefined, km1)
+    expect(ECDSA.verify(msg, sig2, pub)).toBeTruthy()
+  })
+
+  it('should reject custom k < 1 or k > n-1', () => {
+    const n = curve.n
+
+    // k = 0 → invalid
+    expect(() =>
+      ECDSA.sign(msg, key, undefined, new BigNumber(0))
+    ).toThrow()
+
+    // k = n → invalid
+    expect(() =>
+      ECDSA.sign(msg, key, undefined, n)
+    ).toThrow()
+  })
 })

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ export const sign = (`
`87`	`87`	`if (kBN == null) throw new Error('k is undefined')`
`88`	`88`	`kBN = truncateToN(kBN, true)`
`89`	`89`
`90`		`- if (kBN.cmpn(1) <= 0 \|\| kBN.cmp(ns1) >= 0) {`
	`90`	`+ if (kBN.cmpn(1) < 0 \|\| kBN.cmp(ns1) > 0) {`
`91`	`91`	`if (BigNumber.isBN(customK)) {`
`92`	`92`	`throw new Error('Invalid fixed custom K value (must be >1 and <N‑1)')`
`93`	`93`	`}`