Merge GH #902 Extend EC_PublicKey check, add EC_Group check, ECC invalid key tests

3 files changed, 79 insertions, 3 deletions

diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
index cbc628195..e8a9672ab 100644
--- a/src/lib/pubkey/ec_group/ec_group.cpp
+++ b/src/lib/pubkey/ec_group/ec_group.cpp
@@ -12,6 +12,7 @@
 #include <botan/der_enc.h>
 #include <botan/oids.h>
 #include <botan/pem.h>
+#include <botan/reducer.h>
 
 namespace Botan {
 
@@ -130,4 +131,44 @@ std::string EC_Group::PEM_encode() const
    return PEM_Code::encode(der, "EC PARAMETERS");
    }
 
+bool EC_Group::verify_group(RandomNumberGenerator& rng,
+                            bool) const
+   {
+   //compute the discriminant
+   Modular_Reducer p(m_curve.get_p());
+   BigInt discriminant = p.multiply(4, m_curve.get_a());
+   discriminant += p.multiply(27, m_curve.get_b());
+   discriminant = p.reduce(discriminant);
+   //check the discriminant
+   if(discriminant == 0)
+      {
+      return false;
+      }
+   //check for valid cofactor
+   if(m_cofactor < 1)
+      {
+      return false;
+      }
+   //check if the base point is on the curve
+   if(!m_base_point.on_the_curve())
+      {
+      return false;
+      }
+   if((m_base_point * m_cofactor).is_zero())
+      {
+      return false;
+      }
+   //check if order is prime
+   if(!is_prime(m_order, rng, 128))
+      {
+      return false;
+      }
+   //check if order of the base point is correct
+   if(!(m_base_point * m_order).is_zero())
+      {
+      return false;
+      }
+   return true;
+   }
+
 }
diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h
index 15c09a54d..a2cd4d719 100644
--- a/src/lib/pubkey/ec_group/ec_group.h
+++ b/src/lib/pubkey/ec_group/ec_group.h
@@ -113,7 +113,14 @@ class BOTAN_DLL EC_Group
       * @result the OID
       */
       std::string get_oid() const { return m_oid; }
-
+      
+      /**
+       * Verify EC_Group domain
+       * @returns true if group is valid. false otherwise
+       */
+      bool verify_group(RandomNumberGenerator& rng,
+                            bool strong = false) const;
+      
       bool operator==(const EC_Group& other) const
          {
          return ((get_curve() == other.get_curve()) &&
diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp
index cb0af42eb..0c59c75fd 100644
--- a/src/lib/pubkey/ecc_key/ecc_key.cpp
+++ b/src/lib/pubkey/ecc_key/ecc_key.cpp
@@ -44,12 +44,40 @@ EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id,
    m_domain_encoding{EC_DOMPAR_ENC_EXPLICIT}
    {}
 
-bool EC_PublicKey::check_key(RandomNumberGenerator&,
+bool EC_PublicKey::check_key(RandomNumberGenerator& rng,
                              bool) const
    {
-   return public_point().on_the_curve();
+   //verify domain parameters
+   if(!m_domain_params.verify_group(rng))
+      {
+      return false;
+      }
+   //check that public point is not at infinity
+   if(public_point().is_zero())
+      {
+      return false;
+      }
+   //check that public point is on the curve
+   if(!public_point().on_the_curve())
+      {
+      return false;
+      }
+   if(m_domain_params.get_cofactor() > 1)
+      {
+      if((public_point() * m_domain_params.get_cofactor()).is_zero())
+         {
+         return false;
+         }
+      //check that public point has order q
+      if(!(public_point() * m_domain_params.get_order()).is_zero())
+         {
+         return false;
+         }
+      }
+   return true;
    }
 
+
 AlgorithmIdentifier EC_PublicKey::algorithm_identifier() const
    {
    return AlgorithmIdentifier(get_oid(), DER_domain());