aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-06-27 17:36:39 -0400
committerJack Lloyd <[email protected]>2018-06-27 17:36:39 -0400
commit6fbf29a87cce47800c431fa513c5be9e693118fc (patch)
tree27ec2fc1b25a0a5fb537653c939c966b7ccc4ad8 /src/lib
parent59af940718918e4da5cf36c64f2129d0747f383a (diff)
Correct computing of discriminant in EC_Group::verify_group
It was checking 4*a+27*b instead of 4*a^3 + 27*b^2
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/pubkey/ec_group/ec_group.cpp50
1 files changed, 34 insertions, 16 deletions
diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
index 1ad2fbb6d..586603507 100644
--- a/src/lib/pubkey/ec_group/ec_group.cpp
+++ b/src/lib/pubkey/ec_group/ec_group.cpp
@@ -701,24 +701,49 @@ bool EC_Group::verify_public_element(const PointGFp& point) const
bool EC_Group::verify_group(RandomNumberGenerator& rng,
bool) const
{
- //compute the discriminant
- Modular_Reducer p(get_p());
- BigInt discriminant = p.multiply(4, get_a());
- discriminant += p.multiply(27, get_b());
- discriminant = p.reduce(discriminant);
- //check the discriminant
+ const BigInt& p = get_p();
+ const BigInt& a = get_a();
+ const BigInt& b = get_b();
+ const BigInt& order = get_order();
+ const PointGFp& base_point = get_base_point();
+
+ if(a < 0 || a >= p)
+ return false;
+ if(b <= 0 || b >= p)
+ return false;
+ if(order <= 0)
+ return false;
+
+ //check if field modulus is prime
+ if(!is_prime(p, rng, 128))
+ {
+ return false;
+ }
+
+ //check if order is prime
+ if(!is_prime(order, rng, 128))
+ {
+ return false;
+ }
+
+ //compute the discriminant: 4*a^3 + 27*b^2 which must be nonzero
+ const Modular_Reducer mod_p(p);
+
+ const BigInt discriminant = mod_p.reduce(
+ mod_p.multiply(4, mod_p.cube(a)) +
+ mod_p.multiply(27, mod_p.square(b)));
+
if(discriminant == 0)
{
return false;
}
+
//check for valid cofactor
if(get_cofactor() < 1)
{
return false;
}
- const PointGFp base_point = get_base_point();
-
//check if the base point is on the curve
if(!base_point.on_the_curve())
{
@@ -728,19 +753,12 @@ bool EC_Group::verify_group(RandomNumberGenerator& rng,
{
return false;
}
-
- const BigInt& order = get_order();
-
- //check if order is prime
- if(!is_prime(order, rng, 128))
- {
- return false;
- }
//check if order of the base point is correct
if(!(base_point * order).is_zero())
{
return false;
}
+
return true;
}