summary refs log tree commit diff
path: root/crypto
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2014-05-19 20:19:44 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2014-05-19 20:19:44 +0700
commitf735d9b63d2c46f16a9da34397022bd46cd2e30a (patch)
tree40ab02b2422e8185d048de7300ceb9c3f1c434a0 /crypto
parentPort some minor updates from Java (diff)
downloadBouncyCastle.NET-ed25519-f735d9b63d2c46f16a9da34397022bd46cd2e30a.tar.xz
Check the low-bit of y is consistent with the header byte in hybrid EC point encodings
Diffstat (limited to 'crypto')
-rw-r--r--crypto/src/math/ec/ECCurve.cs26


1 files changed, 20 insertions, 6 deletions
diff --git a/crypto/src/math/ec/ECCurve.cs b/crypto/src/math/ec/ECCurve.cs
index 50ff88e82..9c16375e6 100644
--- a/crypto/src/math/ec/ECCurve.cs
+++ b/crypto/src/math/ec/ECCurve.cs
@@ -362,23 +362,37 @@ namespace Org.BouncyCastle.Math.EC
                         throw new ArgumentException("Incorrect length for compressed encoding", "encoded");
 
                     int yTilde = encoded[0] & 1;
-                    BigInteger X1 = new BigInteger(1, encoded, 1, expectedLength);
+                    BigInteger X = new BigInteger(1, encoded, 1, expectedLength);
 
-                    p = DecompressPoint(yTilde, X1);
+                    p = DecompressPoint(yTilde, X);
                     break;
                 }
 
                 case 0x04: // uncompressed
+                {
+                    if (encoded.Length != (2 * expectedLength + 1))
+                        throw new ArgumentException("Incorrect length for uncompressed encoding", "encoded");
+
+                    BigInteger X = new BigInteger(1, encoded, 1, expectedLength);
+                    BigInteger Y = new BigInteger(1, encoded, 1 + expectedLength, expectedLength);
+
+                    p = CreatePoint(X, Y);
+                    break;
+                }
+
                 case 0x06: // hybrid
                 case 0x07: // hybrid
                 {
                     if (encoded.Length != (2 * expectedLength + 1))
-                        throw new ArgumentException("Incorrect length for uncompressed/hybrid encoding", "encoded");
+                        throw new ArgumentException("Incorrect length for hybrid encoding", "encoded");
+
+                    BigInteger X = new BigInteger(1, encoded, 1, expectedLength);
+                    BigInteger Y = new BigInteger(1, encoded, 1 + expectedLength, expectedLength);
 
-                    BigInteger X1 = new BigInteger(1, encoded, 1, expectedLength);
-                    BigInteger Y1 = new BigInteger(1, encoded, 1 + expectedLength, expectedLength);
+                    if (Y.TestBit(0) != (encoded[0] == 0x07))
+                        throw new ArgumentException("Inconsistent Y coordinate in hybrid encoding", "encoded");
 
-                    p = CreatePoint(X1, Y1);
+                    p = CreatePoint(X, Y);
                     break;
                 }
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-20 01:04:11 +0000