Implement simple EC point check

ktakashi · Nov 12, 2024 · 571608e · 571608e
1 parent 4e72a9f
commit 571608e
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/ext/crypto/sagittarius/crypto/keys/operations/asymmetric/ecdsa.scm b/ext/crypto/sagittarius/crypto/keys/operations/asymmetric/ecdsa.scm
@@ -207,7 +207,10 @@
 
 (define (generate-ecdsa-public-key (x integer?) (y integer?)
 				   (parameter ec-parameter?))
-  (make <ecdsa-public-key> :Q (make-ec-point x y) :parameter parameter))
+  (let ((q (make-ec-point x y)))
+    (unless (valid-ec-point? (ec-parameter-curve parameter) q)
+      (assertion-violation 'generate-ecdsa-public-key "Invalid EC point"))
+    (make <ecdsa-public-key> :Q q :parameter parameter)))
 (define-method generate-public-key ((m (eql *key:ecdsa*)) x y
 				    :optional (parameter secp256r1))
   (generate-ecdsa-public-key x y parameter))

diff --git a/ext/crypto/sagittarius/crypto/math/ec.scm b/ext/crypto/sagittarius/crypto/math/ec.scm
@@ -54,6 +54,7 @@
 
 	    encode-ec-point
 	    decode-ec-point
+	    valid-ec-point?
 
 	    ;; NIST parameters
 	    NIST-P-192 (rename (NIST-P-192 secp192r1))
@@ -237,7 +238,7 @@
      (let* ((~y (odd? type))
 	    (x (bytevector->integer bv 1 (+ size 1)))
 	    (p (decompress-point curve ~y x)))
-       (unless (valid-ec-point? p)
+       (unless (valid-ec-point? curve p)
 	 (assertion-violation 'decompress-point "Invalid point"))
        p))
     ((#x04)
@@ -249,7 +250,19 @@
 					   "not supported" type))))
 
 ;; FIXME should check better...
-(define (valid-ec-point? p) #t)
+(define (valid-ec-point? curve p)
+  (define field (elliptic-curve-field curve))
+  ;; y^2 = x^3 + ax + b
+  (define (check-fp x y)
+    (define p (ec-field-fp-p field))
+    (define a (elliptic-curve-a curve))
+    (define b (elliptic-curve-b curve))
+    (let ((rhs (mod-add (mod-mul (mod-add (mod-square x p) a p) x p) b p))
+	  (lhs (mod-square y p)))
+      (= rhs lhs)))
+  (cond ((ec-field-fp? field) (check-fp (ec-point-x p) (ec-point-y p)))
+	;; TODO
+	(else #t)))
 
 (define (decompress-point curve ~y x)
   (define field (elliptic-curve-field curve))