From d827b2c862fd305d9d8d4bae762ae0e23bb339db Mon Sep 17 00:00:00 2001 From: Ondrej Mikle Date: Fri, 4 Jul 2014 17:40:07 +0200 Subject: [PATCH] Account for case when point.y == 0 when doubling. --- ecdsa.c | 21 +++++++++++++++------ ecdsa.h | 1 + 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/ecdsa.c b/ecdsa.c index 7a98fcb5b..20ef26c25 100644 --- a/ecdsa.c +++ b/ecdsa.c @@ -54,14 +54,12 @@ void point_add(const curve_point *cp1, curve_point *cp2) point_copy(cp1, cp2); return; } - if (point_is_equal(cp1, cp2)) { - point_double(cp2); + if (point_is_negative_of(cp1, cp2)) { + point_set_infinity(cp2); return; } - if (point_is_negative_of(cp1, cp2)) { - // set to point at infinity - bn_zero(&(cp2->x)); - bn_zero(&(cp2->y)); + if (point_is_equal(cp1, cp2)) { + point_double(cp2); return; } @@ -98,6 +96,10 @@ void point_double(curve_point *cp) if (point_is_infinity(cp)) { return; } + if (bn_is_zero(&(cp->y))) { + point_set_infinity(cp); + return; + } memcpy(&inverse_y, &(cp->y), sizeof(bignum256)); bn_inverse(&inverse_y, &prime256k1); @@ -151,6 +153,13 @@ void point_multiply(const bignum256 *k, const curve_point *p, curve_point *res) bn_mod(&(res->y), &prime256k1); } +// set point to internal representation of point at infinity +void point_set_infinity(curve_point *p) +{ + bn_zero(&(p->x)); + bn_zero(&(p->y)); +} + // return true iff p represent point at infinity // both coords are zero in internal representation int point_is_infinity(const curve_point *p) diff --git a/ecdsa.h b/ecdsa.h index 40eef61cb..5aaf7d633 100644 --- a/ecdsa.h +++ b/ecdsa.h @@ -36,6 +36,7 @@ void point_copy(const curve_point *cp1, curve_point *cp2); void point_add(const curve_point *cp1, curve_point *cp2); void point_double(curve_point *cp); void point_multiply(const bignum256 *k, const curve_point *p, curve_point *res); +void point_set_infinity(curve_point *p); int point_is_infinity(const curve_point *p); int point_is_equal(const curve_point *p, const curve_point *q); int point_is_negative_of(const curve_point *p, const curve_point *q);