Simo Sorce <[email protected]> writes: > While reviewing FIPS requirements for public key checks in Ephemeral > Diffie-Hellman key exchanges it came out that FIPS requires checks that > the public key point is not the (0, 0) coordinate and nettle is not > doing it (only checks that neither point is negative.
ecc_point_set also checks that the point is on the curve, i.e., satisfies the curve equation. That should rule out (0, 0), except if we have some curve with constant term b == 0, which I don't think makes sense. Not sure how FIPS requirements are formulated, but maybe it would be better to add a test case to check that ecc_point_set rejects (0,0) ? Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
