From: Michael Brown <mcb30@ipxe.org>
Date: Fri, 5 Dec 2025 14:50:57 +0000 (+0000)
Subject: [crypto] Verify that weierstrass_multiply() result is not point at infinity
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80e98dc0d105ae4cd427440ab6380192b927bf2e;p=thirdparty%2Fipxe.git

[crypto] Verify that weierstrass_multiply() result is not point at infinity

The point at infinity cannot be represented in affine coordinates, and
so cannot be returned as a valid result from weierstrass_multiply().

The implementation uses projective coordinates internally, in which a
point at infinity is represented by a zero Z-coordinate.  Treat a zero
Z-coordinate as an invalid result.

The projective coordinates are calculated modulo 4N, and so a zero
value may be represented as 0, N, 2N, or 3N.  To minimise code size,
defer the test until after inverting the Z co-ordinate via Fermat's
little theorem via bigint_mod_exp_ladder() (which will calculate the
inverse of zero as zero, and will always produce a result strictly
modulo N).

Defer the test further until after converting the result back to
affine coordinates, to allow the debug message showing the
multiplication result to be printed.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---

diff --git a/src/crypto/weierstrass.c b/src/crypto/weierstrass.c
index 4974e5252..ecc468af2 100644
--- a/src/crypto/weierstrass.c
+++ b/src/crypto/weierstrass.c
@@ -858,5 +858,9 @@ int weierstrass_multiply ( struct weierstrass_curve *curve, const void *base,
 	}
 	DBGC ( curve, ")\n" );
 
+	/* Verify result is not the point at infinity */
+	if ( bigint_is_zero ( &temp.multiple.z ) )
+		return -EINVAL;
+
 	return 0;
 }