Merge pull request #66 from wilsoncusack/wilson/fix-isOnCurve-check

Fix ecAff_isOnCurve
rdubois-crypto · Apr 21, 2024 · 76f3f13 · 76f3f13
2 parents 4b52404 + 50833b6
commit 76f3f13
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/solidity/src/FCL_elliptic.sol b/solidity/src/FCL_elliptic.sol
@@ -306,7 +306,7 @@ function SqrtMod(uint256 self) internal view returns (uint256 result){
      * @dev Check if a point in affine coordinates is on the curve (reject Neutral that is indeed on the curve).
      */
     function ecAff_isOnCurve(uint256 x, uint256 y) internal pure returns (bool) {
-        if ((0 == x % p) && (0 == y % p)) {
+        if (x >= p || y >= p || ((x == 0) && (y == 0))) {
             return false;
         }
         unchecked {

diff --git a/solidity/tests/WebAuthn_forge/test/FCL_elliptic.t.sol b/solidity/tests/WebAuthn_forge/test/FCL_elliptic.t.sol
@@ -50,6 +50,24 @@ contract ArithmeticTest is Test {
     uint256 constant _NUM_TEST_ECMULMULADD = 1000;
     uint256 constant _NUM_TEST_DBL = 100;
 
+    function test_ecAff_isOnCurve_returnsFalse_whenX0() public {
+        assertFalse(FCL_Elliptic_ZZ.ecAff_isOnCurve(0, gy));
+    }
+
+    function test_ecAff_isOnCurve_returnsFalse_whenY0() public {
+        assertFalse(FCL_Elliptic_ZZ.ecAff_isOnCurve(gx, 0));
+    }
+
+    function test_ecAff_isOnCurve_returnsFalse_whenXGreaterThanEqualP(uint256 x) public {
+        vm.assume(x >= p);
+        assertFalse(FCL_Elliptic_ZZ.ecAff_isOnCurve(x, gy));
+    }
+
+    function test_ecAff_isOnCurve_returnsFalse_whenYGreaterThanEqualP(uint256 y) public {
+        vm.assume(y >= p);
+        assertFalse(FCL_Elliptic_ZZ.ecAff_isOnCurve(gx, y));
+    }
+
     function test_Fuzz_InVmodn(uint256 i_u256_a) public {
         vm.assume(i_u256_a < FCL_Elliptic_ZZ.n);
         vm.assume(i_u256_a != 0);