address review commnets

tanmay4l · tanmay4l · commit 0d1096a33181 · 2026-04-16T22:17:16.000+05:30
diff --git a/keys.go b/keys.go
@@ -76,6 +76,9 @@ func ValidatePrivateKey(b []byte) (bool, error) {
 	// ed25519 private keys are seed(32) + public(32); ensure they match.
 	derived := ed25519.NewKeyFromSeed(b[:ed25519.SeedSize])
 	if !bytes.Equal(derived, b) {
+		if !IsOnCurve(b[ed25519.SeedSize:]) {
+			return false, errors.New("invalid private key: seed/public key mismatch (provided public key is NOT on the ed25519 curve)")
+		}
 		return false, errors.New("invalid private key: seed/public key mismatch")
 	}
 	return true, nil
diff --git a/keys_test.go b/keys_test.go
@@ -18,6 +18,7 @@
 package solana
 
 import (
+	"crypto/ed25519"
 	"encoding/binary"
 	"encoding/hex"
 	"errors"
@@ -158,6 +159,28 @@ func TestPrivateKeyFromBase58RejectsMismatchedSeedAndPublicKey(t *testing.T) {
 	require.EqualError(t, err, "invalid private key: seed/public key mismatch")
 }
 
+func TestPrivateKeyFromBase58ReturnsDiagnosticForOffCurvePublicKey(t *testing.T) {
+	original := MustPrivateKeyFromBase58("66cDvko73yAf8LYvFMM3r8vF5vJtkk7JKMgEKwkmBC86oHdq41C7i1a2vS3zE1yCcdLLk6VUatUb32ZzVjSBXtRs")
+	require.Len(t, original, PrivateKeyLength)
+
+	tampered := append([]byte(nil), original...)
+	offCurve := make([]byte, ed25519.PublicKeySize)
+	found := false
+	for i := uint32(0); i < 100_000; i++ {
+		binary.LittleEndian.PutUint32(offCurve[:4], i)
+		if !IsOnCurve(offCurve) {
+			found = true
+			break
+		}
+	}
+	require.True(t, found, "expected to find an off-curve public key test vector")
+	copy(tampered[ed25519.SeedSize:], offCurve)
+
+	valid, err := ValidatePrivateKey(tampered)
+	require.False(t, valid)
+	require.EqualError(t, err, "invalid private key: seed/public key mismatch (provided public key is NOT on the ed25519 curve)")
+}
+
 func TestPublicKey_MarshalText(t *testing.T) {
 	keyString := "4wBqpZM9k69W87zdYXT2bRtLViWqTiJV3i2Kn9q7S6j"
 	keyParsed := MustPublicKeyFromBase58(keyString)
