diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-07-25 11:46:07 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-07-25 11:46:07 +0400 |
commit | e25e94a046a6934819133886439984e2fecb2b04 (patch) | |
tree | b262f6dc2d5975c7bfee3c2232310abcddb59fa2 /core/src/main/java/org/bouncycastle | |
parent | 42e43cf4310c95209ad496b98604ef4e5f998502 (diff) |
Add cofactor validation after point decompression
Diffstat (limited to 'core/src/main/java/org/bouncycastle')
-rw-r--r-- | core/src/main/java/org/bouncycastle/math/ec/ECCurve.java | 29 | ||||
-rw-r--r-- | core/src/main/java/org/bouncycastle/math/ec/ECPoint.java | 10 |
2 files changed, 27 insertions, 12 deletions
diff --git a/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java b/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java index 4bd2fd2a..cd0593c9 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java +++ b/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java @@ -472,7 +472,12 @@ public abstract class ECCurve y = y.negate(); } - return this.createRawPoint(x, y, true); + ECPoint p = this.createRawPoint(x, y, true); + if (!p.satisfiesCofactor()) + { + throw new IllegalArgumentException("Invalid point"); + } + return p; } } @@ -974,14 +979,14 @@ public abstract class ECCurve */ protected ECPoint decompressPoint(int yTilde, BigInteger X1) { - ECFieldElement xp = fromBigInteger(X1), yp = null; - if (xp.isZero()) + ECFieldElement x = fromBigInteger(X1), y = null; + if (x.isZero()) { - yp = b.sqrt(); + y = b.sqrt(); } else { - ECFieldElement beta = xp.square().invert().multiply(b).add(a).add(xp); + ECFieldElement beta = x.square().invert().multiply(b).add(a).add(x); ECFieldElement z = solveQuadraticEquation(beta); if (z != null) { @@ -995,24 +1000,30 @@ public abstract class ECCurve case COORD_LAMBDA_AFFINE: case COORD_LAMBDA_PROJECTIVE: { - yp = z.add(xp); + y = z.add(x); break; } default: { - yp = z.multiply(xp); + y = z.multiply(x); break; } } } } - if (yp == null) + if (y == null) { throw new IllegalArgumentException("Invalid point compression"); } - return createRawPoint(xp, yp, true); + ECPoint p = this.createRawPoint(x, y, true); + if (!p.satisfiesCofactor()) + { + throw new IllegalArgumentException("Invalid point"); + } + + return p; } /** diff --git a/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java b/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java index ec320f00..7cd04e46 100644 --- a/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java +++ b/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java @@ -64,6 +64,12 @@ public abstract class ECPoint this.zs = zs; } + protected boolean satisfiesCofactor() + { + BigInteger h = curve.getCofactor(); + return h == null || h.equals(ECConstants.ONE) || !ECAlgorithms.referenceMultiply(this, h).isInfinity(); + } + protected abstract boolean satisfiesCurveEquation(); public final ECPoint getDetachedPoint() @@ -303,9 +309,7 @@ public abstract class ECPoint return false; } - BigInteger h = curve.getCofactor(); - if (h != null && !h.equals(ECConstants.ONE) - && ECAlgorithms.referenceMultiply(this, h).isInfinity()) + if (!satisfiesCofactor()) { return false; } |