RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 12:47:35 +00:00
Code Issues Activity Actions

LibCrypto: Also check Z when checking if point is on the curve

Browse source
This commit is contained in:
Michiel Visser 2023-11-10 15:20:39 +01:00 committed by Andrew Kaster
parent 399dc211fa
commit 4f4034d1a4
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Libraries/LibCrypto/Curves/SECP256r1.cpp
View file

@ -408,6 +408,8 @@ static void convert_jacobian_to_affine(JacobianPoint& point)
temp = modular_multiply(temp, point.z); temp = modular_multiply(temp, point.z);
temp = modular_inverse(temp); temp = modular_inverse(temp);
point.y = modular_multiply(point.y, temp); point.y = modular_multiply(point.y, temp);
// Z' = 1
point.z = to_montgomery(1u);
} }
static bool is_point_on_curve(JacobianPoint const& point) static bool is_point_on_curve(JacobianPoint const& point)
@ -426,7 +428,7 @@ static bool is_point_on_curve(JacobianPoint const& point)
temp = modular_sub(temp, to_montgomery(B)); temp = modular_sub(temp, to_montgomery(B));
temp = modular_reduce(temp); temp = modular_reduce(temp);
return temp.is_zero_constant_time(); return temp.is_zero_constant_time() && point.z.is_equal_to_constant_time(to_montgomery(1u));
} }
ErrorOr<ByteBuffer> SECP256r1::generate_private_key() ErrorOr<ByteBuffer> SECP256r1::generate_private_key()