crypto/secp256k1: fix coordinate check

This commit is contained in:
Felix Lange 2026-02-17 17:01:39 +01:00
parent c709c19b40
commit 9b78f45e33
3 changed files with 15 additions and 2 deletions

View file

@ -73,6 +73,10 @@ func (bitCurve *BitCurve) Params() *elliptic.CurveParams {
// IsOnCurve returns true if the given (x,y) lies on the BitCurve. // IsOnCurve returns true if the given (x,y) lies on the BitCurve.
func (bitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool { func (bitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool {
if x.Cmp(bitCurve.P) >= 0 || y.Cmp(bitCurve.P) >= 0 {
return false
}
// y² = x³ + b // y² = x³ + b
y2 := new(big.Int).Mul(y, y) //y² y2 := new(big.Int).Mul(y, y) //y²
y2.Mod(y2, bitCurve.P) //y²%P y2.Mod(y2, bitCurve.P) //y²%P

View file

@ -109,8 +109,10 @@ int secp256k1_ext_scalar_mul(const secp256k1_context* ctx, unsigned char *point,
ARG_CHECK(scalar != NULL); ARG_CHECK(scalar != NULL);
(void)ctx; (void)ctx;
secp256k1_fe_set_b32_limit(&feX, point); if (!secp256k1_fe_set_b32_limit(&feX, point) ||
secp256k1_fe_set_b32_limit(&feY, point+32); !secp256k1_fe_set_b32_limit(&feY, point+32)) {
return 0;
}
secp256k1_ge_set_xy(&ge, &feX, &feY); secp256k1_ge_set_xy(&ge, &feX, &feY);
secp256k1_scalar_set_b32(&s, scalar, &overflow); secp256k1_scalar_set_b32(&s, scalar, &overflow);
if (overflow || secp256k1_scalar_is_zero(&s)) { if (overflow || secp256k1_scalar_is_zero(&s)) {

View file

@ -167,6 +167,13 @@ type btCurve struct {
*secp256k1.KoblitzCurve *secp256k1.KoblitzCurve
} }
func (curve btCurve) IsOnCurve(x, y *big.Int) bool {
if x.Cmp(secp256k1.Params().P) >= 0 || y.Cmp(secp256k1.Params().P) >= 0 {
return false
}
return curve.KoblitzCurve.IsOnCurve(x, y)
}
// Marshal converts a point given as (x, y) into a byte slice. // Marshal converts a point given as (x, y) into a byte slice.
func (curve btCurve) Marshal(x, y *big.Int) []byte { func (curve btCurve) Marshal(x, y *big.Int) []byte {
byteLen := (curve.Params().BitSize + 7) / 8 byteLen := (curve.Params().BitSize + 7) / 8