diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-10-25 13:28:44 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-10-25 13:28:44 +0700 |
commit | f5e46026d8ac5c0db0d6426ad6854e98019e8812 (patch) | |
tree | 2c073c6ac989ca872e456247f04dc8332e17a49d /crypto/src/math/ec/rfc8032/Ed25519.cs | |
parent | Refactoring in Asn1.X500 (diff) | |
download | BouncyCastle.NET-ed25519-f5e46026d8ac5c0db0d6426ad6854e98019e8812.tar.xz |
EdDSA: extra guards against faults
Diffstat (limited to 'crypto/src/math/ec/rfc8032/Ed25519.cs')
-rw-r--r-- | crypto/src/math/ec/rfc8032/Ed25519.cs | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/crypto/src/math/ec/rfc8032/Ed25519.cs b/crypto/src/math/ec/rfc8032/Ed25519.cs index bf3a1a8d8..7318a8a7e 100644 --- a/crypto/src/math/ec/rfc8032/Ed25519.cs +++ b/crypto/src/math/ec/rfc8032/Ed25519.cs @@ -167,13 +167,14 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 F.Sqr(p.x, u); F.Sqr(p.y, v); F.Mul(u, v, t); - F.Sub(v, u, v); + F.Sub(u, v, u); F.Mul(t, C_d, t); F.AddOne(t); - F.Sub(t, v, t); + F.Add(t, u, t); F.Normalize(t); + F.Normalize(v); - return F.IsZero(t); + return F.IsZero(t) & ~F.IsZero(v); } private static int CheckPoint(PointAccum p) @@ -187,15 +188,17 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 F.Sqr(p.y, v); F.Sqr(p.z, w); F.Mul(u, v, t); - F.Sub(v, u, v); - F.Mul(v, w, v); + F.Sub(u, v, u); + F.Mul(u, w, u); F.Sqr(w, w); F.Mul(t, C_d, t); F.Add(t, w, t); - F.Sub(t, v, t); + F.Add(t, u, t); F.Normalize(t); + F.Normalize(v); + F.Normalize(w); - return F.IsZero(t); + return F.IsZero(t) & ~F.IsZero(v) & ~F.IsZero(w); } #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER @@ -950,7 +953,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 F.Normalize(p.y); F.Normalize(p.z); - return F.IsZeroVar(p.x) && F.AreEqualVar(p.y, p.z); + return F.IsZeroVar(p.x) && !F.IsZeroVar(p.y) && F.AreEqualVar(p.y, p.z); } private static void PointAdd(ref PointExtended p, ref PointExtended q, ref PointExtended r, ref PointTemp t) |