From b4c8b367d2f2404c9622fcfcca5a0ddeacf9baa2 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Fri, 25 Jul 2014 15:20:54 +0700 Subject: Check point against cofactor after decompression --- crypto/src/math/ec/ECCurve.cs | 3 +++ crypto/src/math/ec/ECPoint.cs | 12 +++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) (limited to 'crypto/src') diff --git a/crypto/src/math/ec/ECCurve.cs b/crypto/src/math/ec/ECCurve.cs index 889da292f..eaa3e0c3d 100644 --- a/crypto/src/math/ec/ECCurve.cs +++ b/crypto/src/math/ec/ECCurve.cs @@ -387,6 +387,9 @@ namespace Org.BouncyCastle.Math.EC BigInteger X = new BigInteger(1, encoded, 1, expectedLength); p = DecompressPoint(yTilde, X); + if (!p.SatisfiesCofactor()) + throw new ArgumentException("Invalid point"); + break; } diff --git a/crypto/src/math/ec/ECPoint.cs b/crypto/src/math/ec/ECPoint.cs index dbeaf31aa..3e206e65f 100644 --- a/crypto/src/math/ec/ECPoint.cs +++ b/crypto/src/math/ec/ECPoint.cs @@ -67,6 +67,12 @@ namespace Org.BouncyCastle.Math.EC this.m_withCompression = withCompression; } + protected internal bool SatisfiesCofactor() + { + BigInteger h = Curve.Cofactor; + return h == null || h.Equals(BigInteger.One) || !ECAlgorithms.ReferenceMultiply(this, h).IsInfinity; + } + protected abstract bool SatisfiesCurveEquation(); public ECPoint GetDetachedPoint() @@ -304,12 +310,8 @@ namespace Org.BouncyCastle.Math.EC if (!SatisfiesCurveEquation()) return false; - BigInteger h = curve.Cofactor; - if (h != null && !h.Equals(BigInteger.One) - && ECAlgorithms.ReferenceMultiply(this, h).IsInfinity) - { + if (!SatisfiesCofactor()) return false; - } } return true; -- cgit 1.5.1