EC_KEY_check_key

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

EC_KEY_check_key

Thulasi Goriparthi
Hi,

I am going through the checks done by EC_KEY_check_key method. I see
the following checks in order.

1. Is point at infinity? - reject.
2. Is point not on curve? reject.
3. Is point not in the primary subgroup? reject.
4. If priv key(scalar) available, then check if scalar * G != point.
If so, reject.

If priv key is available and we do step 4, isn't step 3 redundant? Can
we change this to something like this?

if (priv key)
    step 4
else
   step 3

Thanks,
Thulasi.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: EC_KEY_check_key

OpenSSL - User mailing list
On 02/11/2018 08:50, Thulasi Goriparthi wrote:

> Hi,
>
> I am going through the checks done by EC_KEY_check_key method. I see
> the following checks in order.
>
> 1. Is point at infinity? - reject.
> 2. Is point not on curve? reject.
> 3. Is point not in the primary subgroup? reject.
> 4. If priv key(scalar) available, then check if scalar * G != point.
> If so, reject.
>
> If priv key is available and we do step 4, isn't step 3 redundant? Can
> we change this to something like this?
>
> if (priv key)
>      step 4
> else
>     step 3

For such tests, it's always better safe than sorry.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: EC_KEY_check_key

Thulasi Goriparthi
>> For such tests, it's always better safe than sorry.

Not sure, if repeating the same test (or the test of the same value)
would add any safety.

Thanks,
Thulasi.
On Fri, 2 Nov 2018 at 16:53, Jakob Bohm via openssl-users
<[hidden email]> wrote:

>
> On 02/11/2018 08:50, Thulasi Goriparthi wrote:
> > Hi,
> >
> > I am going through the checks done by EC_KEY_check_key method. I see
> > the following checks in order.
> >
> > 1. Is point at infinity? - reject.
> > 2. Is point not on curve? reject.
> > 3. Is point not in the primary subgroup? reject.
> > 4. If priv key(scalar) available, then check if scalar * G != point.
> > If so, reject.
> >
> > If priv key is available and we do step 4, isn't step 3 redundant? Can
> > we change this to something like this?
> >
> > if (priv key)
> >      step 4
> > else
> >     step 3
>
> For such tests, it's always better safe than sorry.
>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: EC_KEY_check_key

OpenSSL - User mailing list
On 05/11/2018 07:20, Thulasi Goriparthi wrote:
>>> For such tests, it's always better safe than sorry.
>
> Not sure, if repeating the same test (or the test of the same value)
> would add any safety.
>

The safety is in avoiding creating some situation where its tested
zero times because each test assumes the other test does it.

> On Fri, 2 Nov 2018 at 16:53, Jakob Bohm via openssl-users
> <[hidden email]> wrote:
>>
>> On 02/11/2018 08:50, Thulasi Goriparthi wrote:
>>> Hi,
>>>
>>> I am going through the checks done by EC_KEY_check_key method. I see
>>> the following checks in order.
>>>
>>> 1. Is point at infinity? - reject.
>>> 2. Is point not on curve? reject.
>>> 3. Is point not in the primary subgroup? reject.
>>> 4. If priv key(scalar) available, then check if scalar * G != point.
>>> If so, reject.
>>>
>>> If priv key is available and we do step 4, isn't step 3 redundant? Can
>>> we change this to something like this?
>>>
>>> if (priv key)
>>>       step 4
>>> else
>>>      step 3
>>
>> For such tests, it's always better safe than sorry.
>>




Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users