From 7f831e4474def2c2b8bfc9b91d386ab175871153 Mon Sep 17 00:00:00 2001
From: Dmitry Chestnykh <dmitry@codingrobots.com>
Date: Mon, 21 Oct 2024 08:31:04 +0200
Subject: [PATCH] Ensure the secret key length is 64 bytes when signing.

Thanks to Nikita Skovoroda (@ChALkeR) for reporting the issue.
---
 packages/ed25519/ed25519.test.ts | 7 +++++++
 packages/ed25519/ed25519.ts      | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/packages/ed25519/ed25519.test.ts b/packages/ed25519/ed25519.test.ts
index 772f9ca..2c241e6 100644
--- a/packages/ed25519/ed25519.test.ts
+++ b/packages/ed25519/ed25519.test.ts
@@ -5157,6 +5157,13 @@ describe("ed25519", () => {
         expect(ok).toBe(true);
     });
 
+    it("should not sign with secret key of invalid length", () => {
+        const keys = generateKeyPair();
+        const message = new Uint8Array([1, 2, 3]);
+        const secretKey = keys.secretKey.subarray(0, 32);
+        expect(() => sign(secretKey, message)).toThrow();
+    });
+
     it("should extract public key from secret key", () => {
         const keys = generateKeyPair();
         const publicKey = extractPublicKeyFromSecretKey(keys.secretKey);
diff --git a/packages/ed25519/ed25519.ts b/packages/ed25519/ed25519.ts
index 23500ff..0554a73 100644
--- a/packages/ed25519/ed25519.ts
+++ b/packages/ed25519/ed25519.ts
@@ -739,6 +739,9 @@ function reduce(r: Uint8Array) {
 
 // Returns 64-byte signature of the message under the 64-byte secret key.
 export function sign(secretKey: Uint8Array, message: Uint8Array): Uint8Array {
+    if (secretKey.length !== SECRET_KEY_LENGTH) {
+        throw new Error(`ed25519: secret key must be ${SECRET_KEY_LENGTH} bytes`);
+    }
     const x = new Float64Array(64);
     const p = [gf(), gf(), gf(), gf()];