lib: group element check on mul_wnaf - secp256k1 - Pure Haskell Schnorr, ECDSA on the elliptic curve secp256k1 (docs.ppad.tech/secp256k1).

commit 13255e8aac201bdd52afefdcfe9d209302163cf4
parent 397deab990d563b9f0fa5fe6d58a925e297c4c52
Author: Jared Tobin <jared@jtobin.io>
Date:   Tue, 17 Jun 2025 10:12:35 +0400

lib: group element check on mul_wnaf

Diffstat:
M lib/Crypto/Curve/Secp256k1.hs  | 5 +++--

1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/Crypto/Curve/Secp256k1.hs b/lib/Crypto/Curve/Secp256k1.hs
@@ -636,8 +636,9 @@ _precompute ctxW = Context {..} where
 -- Timing-safe wNAF (w-ary non-adjacent form) scalar multiplication of
 -- secp256k1 points.
 mul_wnaf :: Context -> Integer -> Projective
-mul_wnaf Context {..} _SECRET =
-    loop 0 _CURVE_ZERO _CURVE_G _SECRET
+mul_wnaf Context {..} _SECRET
+    | not (ge _SECRET) = error "ppad-secp256k1 (mul_wnaf): invalid scalar"
+    | otherwise = loop 0 _CURVE_ZERO _CURVE_G _SECRET
   where
     wins = 256 `quot` ctxW + 1
     wsize = 2 ^ (ctxW - 1)

	secp256k1 Pure Haskell Schnorr, ECDSA on the elliptic curve secp256k1 (docs.ppad.tech/secp256k1).
	git clone git://git.ppad.tech/secp256k1.git
	Log \| Files \| Refs \| README \| LICENSE