ecc: fix Montgomery curve bugs.

* cipher/ecc.c (check_secret_key): Y1 should not be NULL when check. (ecc_check_secret_key): Support Montgomery curve. * mpi/ec.c (_gcry_mpi_ec_curve_point): Fix condition.
author: NIIBE Yutaka <gniibe@fsij.org> 2015-08-10 19:09:16 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2015-08-10 19:09:16 +0900
commit: ce746936b6c210e602d106cfbf45cf60b408d871 (patch)
tree: adebcbfe519bbde5525dfd21456112246de55f91 /cipher/ecc.c
parent: 0e17f7a05bba309a87811992aa47a77af9935b99 (diff)
download: libgcrypt-ce746936b6c210e602d106cfbf45cf60b408d871.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/cipher/ecc.c b/cipher/ecc.c
index cc617f80..4958fbba 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -450,7 +450,7 @@ check_secret_key (ECC_secret_key *sk, mpi_ec_t ec, int flags)
   else if (!mpi_cmp_ui (sk->Q.z, 1))
     {
       /* Fast path if Q is already in affine coordinates.  */
-      if (mpi_cmp (x1, sk->Q.x) || (!y1 && mpi_cmp (y1, sk->Q.y)))
+      if (mpi_cmp (x1, sk->Q.x) || (y1 && mpi_cmp (y1, sk->Q.y)))
         {
           if (DBG_CIPHER)
             log_debug
@@ -825,6 +825,8 @@ ecc_check_secret_key (gcry_sexp_t keyparms)
       point_init (&sk.Q);
       if (ec->dialect == ECC_DIALECT_ED25519)
         rc = _gcry_ecc_eddsa_decodepoint (mpi_q, ec, &sk.Q, NULL, NULL);
+      else if (ec->model == MPI_EC_MONTGOMERY)
+        rc = _gcry_ecc_mont_decodepoint (mpi_q, ec, &sk.Q);
       else
         rc = _gcry_ecc_os2ec (&sk.Q, mpi_q);
       if (rc)
author	NIIBE Yutaka <gniibe@fsij.org>	2015-08-10 19:09:16 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2015-08-10 19:09:16 +0900
commit	ce746936b6c210e602d106cfbf45cf60b408d871 (patch)
tree	adebcbfe519bbde5525dfd21456112246de55f91 /cipher/ecc.c
parent	0e17f7a05bba309a87811992aa47a77af9935b99 (diff)
download	libgcrypt-ce746936b6c210e602d106cfbf45cf60b408d871.tar.gz