diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-07-25 15:20:54 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-07-25 15:20:54 +0700 |
commit | b4c8b367d2f2404c9622fcfcca5a0ddeacf9baa2 (patch) | |
tree | 1e9870660312ebdc0644e9194166ad61cf14e0bd /crypto | |
parent | Add GetCipherType method and refactor (diff) | |
download | BouncyCastle.NET-ed25519-b4c8b367d2f2404c9622fcfcca5a0ddeacf9baa2.tar.xz |
Check point against cofactor after decompression
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/src/math/ec/ECCurve.cs | 3 | ||||
-rw-r--r-- | crypto/src/math/ec/ECPoint.cs | 12 |
2 files changed, 10 insertions, 5 deletions
diff --git a/crypto/src/math/ec/ECCurve.cs b/crypto/src/math/ec/ECCurve.cs index 889da292f..eaa3e0c3d 100644 --- a/crypto/src/math/ec/ECCurve.cs +++ b/crypto/src/math/ec/ECCurve.cs @@ -387,6 +387,9 @@ namespace Org.BouncyCastle.Math.EC BigInteger X = new BigInteger(1, encoded, 1, expectedLength); p = DecompressPoint(yTilde, X); + if (!p.SatisfiesCofactor()) + throw new ArgumentException("Invalid point"); + break; } diff --git a/crypto/src/math/ec/ECPoint.cs b/crypto/src/math/ec/ECPoint.cs index dbeaf31aa..3e206e65f 100644 --- a/crypto/src/math/ec/ECPoint.cs +++ b/crypto/src/math/ec/ECPoint.cs @@ -67,6 +67,12 @@ namespace Org.BouncyCastle.Math.EC this.m_withCompression = withCompression; } + protected internal bool SatisfiesCofactor() + { + BigInteger h = Curve.Cofactor; + return h == null || h.Equals(BigInteger.One) || !ECAlgorithms.ReferenceMultiply(this, h).IsInfinity; + } + protected abstract bool SatisfiesCurveEquation(); public ECPoint GetDetachedPoint() @@ -304,12 +310,8 @@ namespace Org.BouncyCastle.Math.EC if (!SatisfiesCurveEquation()) return false; - BigInteger h = curve.Cofactor; - if (h != null && !h.Equals(BigInteger.One) - && ECAlgorithms.ReferenceMultiply(this, h).IsInfinity) - { + if (!SatisfiesCofactor()) return false; - } } return true; |