ec/dsa: extract P_OVER_FOUR as a curve specific constant

This actually resolves a possible bug if multiple ecparams were used (aka different values for P_OVER_FOUR, but only the cached was used).
11 years ago · 0865f09d20
2 changed files with 8 additions and 8 deletions
--- a/src/ec.js
+++ b/src/ec.js
@ -343,11 +343,13 @@ ECPointFp.decodeFrom = function (curve, buffer) {
    var p = curve.getQ()

    // We precalculate (p + 1) / 4 where p is the field order
-    var P_OVER_FOUR = p.add(BigInteger.ONE).shiftRight(2)
+    if (!curve.P_OVER_FOUR) {
+      curve.P_OVER_FOUR = p.add(BigInteger.ONE).shiftRight(2)
+    }

    // Convert x to point
    var alpha = x.square().multiply(x).add(SEVEN).mod(p)
-    var beta = alpha.modPow(P_OVER_FOUR, p)
+    var beta = alpha.modPow(curve.P_OVER_FOUR, p)

    // If beta is even, but y isn't, or vice versa, then convert it,
    // otherwise we're done and y == beta.
--- a/src/ecdsa.js
+++ b/src/ecdsa.js
@ -6,8 +6,6 @@ var ecparams = sec("secp256k1")
 var BigInteger = require('bigi')
 var ECPointFp = require('./ec').ECPointFp

-var P_OVER_FOUR = null
-
 function implShamirsTrick(P, k, Q, l) {
  var m = Math.max(k.bitLength(), l.bitLength())
  var Z = P.add2D(Q)
@ -257,9 +255,9 @@ var ecdsa = {
    var a = curve.getA().toBigInteger()
    var b = curve.getB().toBigInteger()

-    // We precalculate (p + 1) / 4 where p is if the field order
-    if (!P_OVER_FOUR) {
-      P_OVER_FOUR = p.add(BigInteger.ONE).divide(BigInteger.valueOf(4))
+    // We precalculate (p + 1) / 4 where p is the field order
+    if (!curve.P_OVER_FOUR) {
+      curve.P_OVER_FOUR = p.add(BigInteger.ONE).shiftRight(2)
    }

    // 1.1 Compute x
@ -267,7 +265,7 @@ var ecdsa = {

    // 1.3 Convert x to point
    var alpha = x.multiply(x).multiply(x).add(a.multiply(x)).add(b).mod(p)
-    var beta = alpha.modPow(P_OVER_FOUR, p)
+    var beta = alpha.modPow(curve.P_OVER_FOUR, p)

    // If beta is even, but y isn't, or vice versa, then convert it,
    // otherwise we're done and y == beta.