diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-05-19 20:19:44 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-05-19 20:19:44 +0700 |
commit | f735d9b63d2c46f16a9da34397022bd46cd2e30a (patch) | |
tree | 40ab02b2422e8185d048de7300ceb9c3f1c434a0 /crypto | |
parent | Port some minor updates from Java (diff) | |
download | BouncyCastle.NET-ed25519-f735d9b63d2c46f16a9da34397022bd46cd2e30a.tar.xz |
Check the low-bit of y is consistent with the header byte in hybrid EC point encodings
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/src/math/ec/ECCurve.cs | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/crypto/src/math/ec/ECCurve.cs b/crypto/src/math/ec/ECCurve.cs index 50ff88e82..9c16375e6 100644 --- a/crypto/src/math/ec/ECCurve.cs +++ b/crypto/src/math/ec/ECCurve.cs @@ -362,23 +362,37 @@ namespace Org.BouncyCastle.Math.EC throw new ArgumentException("Incorrect length for compressed encoding", "encoded"); int yTilde = encoded[0] & 1; - BigInteger X1 = new BigInteger(1, encoded, 1, expectedLength); + BigInteger X = new BigInteger(1, encoded, 1, expectedLength); - p = DecompressPoint(yTilde, X1); + p = DecompressPoint(yTilde, X); break; } case 0x04: // uncompressed + { + if (encoded.Length != (2 * expectedLength + 1)) + throw new ArgumentException("Incorrect length for uncompressed encoding", "encoded"); + + BigInteger X = new BigInteger(1, encoded, 1, expectedLength); + BigInteger Y = new BigInteger(1, encoded, 1 + expectedLength, expectedLength); + + p = CreatePoint(X, Y); + break; + } + case 0x06: // hybrid case 0x07: // hybrid { if (encoded.Length != (2 * expectedLength + 1)) - throw new ArgumentException("Incorrect length for uncompressed/hybrid encoding", "encoded"); + throw new ArgumentException("Incorrect length for hybrid encoding", "encoded"); + + BigInteger X = new BigInteger(1, encoded, 1, expectedLength); + BigInteger Y = new BigInteger(1, encoded, 1 + expectedLength, expectedLength); - BigInteger X1 = new BigInteger(1, encoded, 1, expectedLength); - BigInteger Y1 = new BigInteger(1, encoded, 1 + expectedLength, expectedLength); + if (Y.TestBit(0) != (encoded[0] == 0x07)) + throw new ArgumentException("Inconsistent Y coordinate in hybrid encoding", "encoded"); - p = CreatePoint(X1, Y1); + p = CreatePoint(X, Y); break; } |