Tighten ecp_mul() validity checks

2013-11-21 09:28:03 +01:00 · 2013-11-21 09:28:03 +01:00 · ff27b7c968
commit ff27b7c968
parent 09ceaf49d0
4 changed files with 42 additions and 43 deletions
--- a/library/ecp.c
+++ b/library/ecp.c
@ -1440,21 +1440,24 @@ int ecp_mul( ecp_group *grp, ecp_point *R,
    ecp_point Q, *T = NULL, S[2];
    mpi M;

-    if( mpi_cmp_int( m, 0 ) < 0 || mpi_msb( m ) > grp->nbits )
-        return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
+    /*
+     * Sanity checks (before we even initialize anything)
+     */
+    if( ( ret = ecp_check_privkey( grp, m ) ) != 0 )
+        return( ret );
+
+    /* We'll need this later, but do it now to possibly avoid cheking P */
+    p_eq_g = ( mpi_cmp_int( &P->Z, 1 ) == 0 &&
+               mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
+               mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
+    if( ! p_eq_g && ( ret = ecp_check_pubkey( grp, P ) ) != 0 )
+        return( ret );

    mpi_init( &M );
    ecp_point_init( &Q );
    ecp_point_init( &S[0] );
    ecp_point_init( &S[1] );

-    /*
-     * Check if P == G
-     */
-    p_eq_g = ( mpi_cmp_int( &P->Z, 1 ) == 0 &&
-               mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
-               mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
-
    /*
     * Minimize the number of multiplications, that is minimize
     * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w
@ -2061,13 +2064,12 @@ int ecp_self_test( int verbose )
    /* exponents especially adapted for secp192r1 */
    const char *exponents[] =
    {
-        "000000000000000000000000000000000000000000000000", /* zero */
        "000000000000000000000000000000000000000000000001", /* one */
-        "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", /* N */
+        "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22830", /* N - 1 */
        "5EA6F389A38B8BC81E767753B15AA5569E1782E30ABE7D25", /* random */
-        "400000000000000000000000000000000000000000000000",
-        "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
-        "555555555555555555555555555555555555555555555555",
+        "400000000000000000000000000000000000000000000000", /* one and zeros */
+        "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", /* all ones */
+        "555555555555555555555555555555555555555555555555", /* 101010... */
    };

    ecp_group_init( &grp );