Added curve25519 special case in ecc_set_point.

diff --git a/ChangeLog b/ChangeLog
index e581120d17f80506a15b46d2d4ec03c4cfd1f636..0621b3ee597dff81907baf5c88be1fa87ae6e457 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-08-25  Niels Möller  <nisse@lysator.liu.se>
+
+       * ecc-point.c (ecc_point_set): Handle curve25519 as a special
+       case, when checking if the point is on the curve.
+
 2014-08-24  Niels Möller  <nisse@lysator.liu.se>
 
        * testsuite/ecdh-test.c: Test ecc_point_mul and ecc_point_mul_g,

diff --git a/ecc-point.c b/ecc-point.c
index 448b17b16e524e4e755a625d739c44392178dd86..60fbd080c22b3f8f37c12789d8df792c25c1393d 100644 (file)
--- a/ecc-point.c
+++ b/ecc-point.c
@@ -68,12 +68,26 @@ ecc_point_set (struct ecc_point *p, const mpz_t x, const mpz_t y)
   mpz_init (lhs);
   mpz_init (rhs);
 
-  /* Check that y^2 = x^3 - 3*x + b (mod p) */
+  if (p->ecc->bit_size == 255)
+    {
+      /* curve25519 special case. FIXME: Do in some cleaner way? */
+
+      /* Check that y^2 = x^3 + 486662 x^2 + x (mod p)*/
+      mpz_mul (lhs, x, x); /* Reuse lhs as a temporary */
+      mpz_add_ui (rhs, x, 486662);
+      mpz_mul (rhs, rhs, lhs);
+      mpz_add (rhs, rhs, x);
+    }
+  else
+    {
+      /* Check that y^2 = x^3 - 3*x + b (mod p) */
+      mpz_mul (rhs, x, x);
+      mpz_sub_ui (rhs, rhs, 3);
+      mpz_mul (rhs, rhs, x);
+      mpz_add (rhs, rhs, mpz_roinit_n (t, p->ecc->b, size));
+    }
+
   mpz_mul (lhs, y, y);
-  mpz_mul (rhs, x, x);
-  mpz_sub_ui (rhs, rhs, 3);
-  mpz_mul (rhs, rhs, x);
-  mpz_add (rhs, rhs, mpz_roinit_n (t, p->ecc->b, size));
 
   res = mpz_congruent_p (lhs, rhs, mpz_roinit_n (t, p->ecc->p, size));