From 155513d8e9013ec21ae71a3c73afbb6de775a3c9 Mon Sep 17 00:00:00 2001
From: Alex Beregszaszi <alex@rtfs.hu>
Date: Wed, 23 Mar 2016 12:20:55 +0000
Subject: [PATCH] Ensure private keys are valid according to the curve

---
 index.js      | 3 +++
 package.json  | 2 +-
 test/index.js | 5 +++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 282456d..3f94b01 100644
--- a/index.js
+++ b/index.js
@@ -14,6 +14,9 @@ function decipherBuffer (decipher, data) {
 }
 
 var Wallet = function (priv) {
+  if (!ethUtil.isValidPrivate(priv)) {
+    throw new Error('Private key does not satisfy the curve requirements (ie. it is invalid)')
+  }
   this.privKey = priv
 }
 
diff --git a/package.json b/package.json
index b20083e..4247047 100644
--- a/package.json
+++ b/package.json
@@ -25,7 +25,7 @@
   "homepage": "https://github.com/axic/ethereumjs-wallet",
   "dependencies": {
     "aes-js": "^0.2.3",
-    "ethereumjs-util": "^4.2.0",
+    "ethereumjs-util": "^4.3.0",
     "scrypt.js": "^0.1.0",
     "uuid": "^2.0.1",
     "utf8": "^2.1.1"
diff --git a/test/index.js b/test/index.js
index 91f5077..312bd57 100644
--- a/test/index.js
+++ b/test/index.js
@@ -9,6 +9,11 @@ describe('.getPrivateKey()', function () {
   it('should work', function () {
     assert.equal(fixturewallet.getPrivateKey().toString('hex'), 'efca4cdd31923b50f4214af5d2ae10e7ac45a5019e9431cc195482d707485378')
   })
+  it('should fail', function () {
+    assert.throws(function () {
+      Wallet.fromPrivateKey(new Buffer('001122', 'hex'))
+    })
+  })
 })
 
 describe('.getPrivateKeyString()', function () {