Map the Jacobian point back to affine space in wolfSSL_EC_POINT_get_affine_coordinates_GFp

2025-08-01 03:34:39 +02:00 · 2019-11-28 13:05:36 +01:00
parent aea95232d1
commit 84a2ca7a4e
3 changed files with 29 additions and 2 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -34413,12 +34413,14 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
                                                WOLFSSL_BIGNUM *y,
                                                WOLFSSL_BN_CTX *ctx)
 {
+    mp_digit mp;
+    mp_int modulus;
    (void)ctx;

    WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp");

    if (group == NULL || point == NULL || point->internal == NULL ||
-        x == NULL || y == NULL) {
+        x == NULL || y == NULL || wolfSSL_EC_POINT_is_at_infinity(group, point)) {
        WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error");
        return WOLFSSL_FAILURE;
    }
@@ -34432,6 +34434,26 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
        }
    }

+    if (!wolfSSL_BN_is_one(point->Z)) {
+        /* Map the Jacobian point back to affine space */
+        if (mp_read_radix(&modulus, ecc_sets[group->curve_idx].prime, MP_RADIX_HEX) != MP_OKAY) {
+            WOLFSSL_MSG("mp_read_radix failed");
+            return WOLFSSL_FAILURE;
+        }
+        if (mp_montgomery_setup(&modulus, &mp) != MP_OKAY) {
+            WOLFSSL_MSG("mp_montgomery_setup failed");
+            return WOLFSSL_FAILURE;
+        }
+        if (ecc_map((ecc_point*)point->internal, &modulus, mp) != MP_OKAY) {
+            WOLFSSL_MSG("ecc_map failed");
+            return WOLFSSL_FAILURE;
+        }
+        if (SetECPointExternal((WOLFSSL_EC_POINT *)point) != WOLFSSL_SUCCESS) {
+            WOLFSSL_MSG("SetECPointExternal failed");
+            return WOLFSSL_FAILURE;
+        }
+    }
+
    BN_copy(x, point->X);
    BN_copy(y, point->Y);

--- a/tests/api.c
+++ b/tests/api.c
@@ -1825,6 +1825,11 @@ static void test_wolfSSL_EC(void)
    /* check if point X coordinate is zero */
    AssertIntEQ(BN_is_zero(new_point->X), WOLFSSL_FAILURE);

+    /* Force non-affine coordinates */
+    AssertIntEQ(wolfSSL_BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
+                                             (WOLFSSL_BIGNUM*)BN_value_one()), 1);
+    new_point->inSet = 0;
+
    /* extract the coordinates from point */
    AssertIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, ctx), WOLFSSL_SUCCESS);

--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -2281,7 +2281,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,


 /**
-  Map a projective jacbobian point back to affine space
+  Map a projective Jacobian point back to affine space
  P        [in/out] The point to map
  modulus  The modulus of the field the ECC curve is in
  mp       The "b" value from montgomery_setup()