diff options
Diffstat (limited to 'src/crypto/ec/ec_montgomery.c')
| -rw-r--r-- | src/crypto/ec/ec_montgomery.c | 58 |
1 files changed, 40 insertions, 18 deletions
diff --git a/src/crypto/ec/ec_montgomery.c b/src/crypto/ec/ec_montgomery.c index 3715e0c..1d4113d 100644 --- a/src/crypto/ec/ec_montgomery.c +++ b/src/crypto/ec/ec_montgomery.c @@ -74,24 +74,6 @@ #include "internal.h" -const EC_METHOD *EC_GFp_mont_method(void) { - static const EC_METHOD ret = {ec_GFp_mont_group_init, - ec_GFp_mont_group_finish, - ec_GFp_mont_group_clear_finish, - ec_GFp_mont_group_copy, - ec_GFp_mont_group_set_curve, - ec_GFp_simple_point_get_affine_coordinates, - ec_wNAF_mul /* XXX: Not constant time. */, - ec_wNAF_precompute_mult, - ec_GFp_mont_field_mul, - ec_GFp_mont_field_sqr, - ec_GFp_mont_field_encode, - ec_GFp_mont_field_decode, - ec_GFp_mont_field_set_to_one}; - - return &ret; -} - int ec_GFp_mont_group_init(EC_GROUP *group) { int ok; @@ -256,3 +238,43 @@ int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, } return 1; } + +static int ec_GFp_mont_check_pub_key_order(const EC_GROUP *group, + const EC_POINT* pub_key, + BN_CTX *ctx) { + EC_POINT *point = EC_POINT_new(group); + int ret = 0; + + if (point == NULL || + !ec_wNAF_mul(group, point, NULL, pub_key, EC_GROUP_get0_order(group), + ctx) || + !EC_POINT_is_at_infinity(group, point)) { + goto err; + } + + ret = 1; + +err: + EC_POINT_free(point); + return ret; +} + +const EC_METHOD *EC_GFp_mont_method(void) { + static const EC_METHOD ret = { + ec_GFp_mont_group_init, + ec_GFp_mont_group_finish, + ec_GFp_mont_group_clear_finish, + ec_GFp_mont_group_copy, + ec_GFp_mont_group_set_curve, + ec_GFp_simple_point_get_affine_coordinates, + ec_wNAF_mul /* XXX: Not constant time. */, + ec_GFp_mont_check_pub_key_order, + ec_GFp_mont_field_mul, + ec_GFp_mont_field_sqr, + ec_GFp_mont_field_encode, + ec_GFp_mont_field_decode, + ec_GFp_mont_field_set_to_one, + }; + + return &ret; +} |