Support brainpool curves in ecp_check_pubkey()

This commit is contained in:
Manuel Pégourié-Gonnard 2013-10-08 13:11:30 +02:00
parent 43545c8b4f
commit cd7458aafd
2 changed files with 32 additions and 21 deletions

View file

@ -105,6 +105,9 @@ ecp_point;
* The curves we consider are defined by y^2 = x^3 + A x + B mod P,
* and a generator for a large subgroup of order N is fixed.
*
* If A is not set (ie A.p == NULL) then the value A = -3 is assumed,
* which allows the used of slightly faster point doubling formulas.
*
* pbits and nbits must be the size of P and N in bits.
*
* If modp is NULL, reduction modulo P is done using a generic algorithm.
@ -118,7 +121,7 @@ typedef struct
{
ecp_group_id id; /*!< internal group identifier */
mpi P; /*!< prime modulus of the base field */
mpi A; /*!< currently unused (-3 assumed) */
mpi A; /*!< linear term in the equation (default: -3) */
mpi B; /*!< constant term in the equation */
ecp_point G; /*!< generator of the subgroup used */
mpi N; /*!< the order of G */

View file

@ -1608,11 +1608,19 @@ int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt )
/*
* YY = Y^2
* RHS = X (X^2 - 3) + B = X^3 - 3X + B
* RHS = X (X^2 + A) + B = X^3 + A X + B
* with, as usual, A = -3 if A is ommited
*/
MPI_CHK( mpi_mul_mpi( &YY, &pt->Y, &pt->Y ) ); MOD_MUL( YY );
MPI_CHK( mpi_mul_mpi( &RHS, &pt->X, &pt->X ) ); MOD_MUL( RHS );
MPI_CHK( mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS );
if( grp->A.p == NULL )
{
MPI_CHK( mpi_add_int( &RHS, &RHS, -3 ) ); MOD_SUB( RHS );
}
else
{
MPI_CHK( mpi_add_mpi( &RHS, &RHS, &grp->A ) ); MOD_ADD( RHS );
}
MPI_CHK( mpi_mul_mpi( &RHS, &RHS, &pt->X ) ); MOD_MUL( RHS );
MPI_CHK( mpi_add_mpi( &RHS, &RHS, &grp->B ) ); MOD_ADD( RHS );