From 4f4034d1a4d2f041a182a39da965272551012caf Mon Sep 17 00:00:00 2001 From: Michiel Visser Date: Fri, 10 Nov 2023 15:20:39 +0100 Subject: [PATCH] LibCrypto: Also check Z when checking if point is on the curve --- Userland/Libraries/LibCrypto/Curves/SECP256r1.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Userland/Libraries/LibCrypto/Curves/SECP256r1.cpp b/Userland/Libraries/LibCrypto/Curves/SECP256r1.cpp index ab1a3157be..4c7e0f88be 100644 --- a/Userland/Libraries/LibCrypto/Curves/SECP256r1.cpp +++ b/Userland/Libraries/LibCrypto/Curves/SECP256r1.cpp @@ -408,6 +408,8 @@ static void convert_jacobian_to_affine(JacobianPoint& point) temp = modular_multiply(temp, point.z); temp = modular_inverse(temp); point.y = modular_multiply(point.y, temp); + // Z' = 1 + point.z = to_montgomery(1u); } static bool is_point_on_curve(JacobianPoint const& point) @@ -426,7 +428,7 @@ static bool is_point_on_curve(JacobianPoint const& point) temp = modular_sub(temp, to_montgomery(B)); temp = modular_reduce(temp); - return temp.is_zero_constant_time(); + return temp.is_zero_constant_time() && point.z.is_equal_to_constant_time(to_montgomery(1u)); } ErrorOr SECP256r1::generate_private_key()