From 0865f09d20e91dcf358249e0dfc464a84d5d5f65 Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Sat, 17 May 2014 12:03:23 +1000 Subject: [PATCH] ec/dsa: extract P_OVER_FOUR as a curve specific constant This actually resolves a possible bug if multiple ecparams were used (aka different values for P_OVER_FOUR, but only the cached was used). --- src/ec.js | 6 ++++-- src/ecdsa.js | 10 ++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/ec.js b/src/ec.js index 9c7ae1e..d21f073 100644 --- a/src/ec.js +++ b/src/ec.js @@ -343,11 +343,13 @@ ECPointFp.decodeFrom = function (curve, buffer) { var p = curve.getQ() // We precalculate (p + 1) / 4 where p is the field order - var P_OVER_FOUR = p.add(BigInteger.ONE).shiftRight(2) + if (!curve.P_OVER_FOUR) { + curve.P_OVER_FOUR = p.add(BigInteger.ONE).shiftRight(2) + } // Convert x to point var alpha = x.square().multiply(x).add(SEVEN).mod(p) - var beta = alpha.modPow(P_OVER_FOUR, p) + var beta = alpha.modPow(curve.P_OVER_FOUR, p) // If beta is even, but y isn't, or vice versa, then convert it, // otherwise we're done and y == beta. diff --git a/src/ecdsa.js b/src/ecdsa.js index 9993af0..0490523 100644 --- a/src/ecdsa.js +++ b/src/ecdsa.js @@ -6,8 +6,6 @@ var ecparams = sec("secp256k1") var BigInteger = require('bigi') var ECPointFp = require('./ec').ECPointFp -var P_OVER_FOUR = null - function implShamirsTrick(P, k, Q, l) { var m = Math.max(k.bitLength(), l.bitLength()) var Z = P.add2D(Q) @@ -257,9 +255,9 @@ var ecdsa = { var a = curve.getA().toBigInteger() var b = curve.getB().toBigInteger() - // We precalculate (p + 1) / 4 where p is if the field order - if (!P_OVER_FOUR) { - P_OVER_FOUR = p.add(BigInteger.ONE).divide(BigInteger.valueOf(4)) + // We precalculate (p + 1) / 4 where p is the field order + if (!curve.P_OVER_FOUR) { + curve.P_OVER_FOUR = p.add(BigInteger.ONE).shiftRight(2) } // 1.1 Compute x @@ -267,7 +265,7 @@ var ecdsa = { // 1.3 Convert x to point var alpha = x.multiply(x).multiply(x).add(a.multiply(x)).add(b).mod(p) - var beta = alpha.modPow(P_OVER_FOUR, p) + var beta = alpha.modPow(curve.P_OVER_FOUR, p) // If beta is even, but y isn't, or vice versa, then convert it, // otherwise we're done and y == beta.