diff --git a/lib/std/crypto/pcurves/p256.zig b/lib/std/crypto/pcurves/p256.zig index 0460515511..efda420284 100644 --- a/lib/std/crypto/pcurves/p256.zig +++ b/lib/std/crypto/pcurves/p256.zig @@ -36,7 +36,9 @@ pub const P256 = struct { /// Reject the neutral element. pub fn rejectIdentity(p: P256) IdentityElementError!void { - if (p.x.isZero()) { + const affine_0 = @boolToInt(p.x.equivalent(AffineCoordinates.identityElement.x)) & (@boolToInt(p.y.isZero()) | @boolToInt(p.y.equivalent(AffineCoordinates.identityElement.y))); + const is_identity = @boolToInt(p.z.isZero()) | affine_0; + if (is_identity != 0) { return error.IdentityElement; } } @@ -286,12 +288,14 @@ pub const P256 = struct { /// Return affine coordinates. pub fn affineCoordinates(p: P256) AffineCoordinates { + const affine_0 = @boolToInt(p.x.equivalent(AffineCoordinates.identityElement.x)) & (@boolToInt(p.y.isZero()) | @boolToInt(p.y.equivalent(AffineCoordinates.identityElement.y))); + const is_identity = @boolToInt(p.z.isZero()) | affine_0; const zinv = p.z.invert(); var ret = AffineCoordinates{ .x = p.x.mul(zinv), .y = p.y.mul(zinv), }; - ret.cMov(AffineCoordinates.identityElement, @boolToInt(p.x.isZero())); + ret.cMov(AffineCoordinates.identityElement, is_identity); return ret; } diff --git a/lib/std/crypto/pcurves/p384.zig b/lib/std/crypto/pcurves/p384.zig index 6662fc0011..958543084e 100644 --- a/lib/std/crypto/pcurves/p384.zig +++ b/lib/std/crypto/pcurves/p384.zig @@ -36,7 +36,9 @@ pub const P384 = struct { /// Reject the neutral element. pub fn rejectIdentity(p: P384) IdentityElementError!void { - if (p.x.isZero()) { + const affine_0 = @boolToInt(p.x.equivalent(AffineCoordinates.identityElement.x)) & (@boolToInt(p.y.isZero()) | @boolToInt(p.y.equivalent(AffineCoordinates.identityElement.y))); + const is_identity = @boolToInt(p.z.isZero()) | affine_0; + if (is_identity != 0) { return error.IdentityElement; } } @@ -286,12 +288,14 @@ pub const P384 = struct { /// Return affine coordinates. pub fn affineCoordinates(p: P384) AffineCoordinates { + const affine_0 = @boolToInt(p.x.equivalent(AffineCoordinates.identityElement.x)) & (@boolToInt(p.y.isZero()) | @boolToInt(p.y.equivalent(AffineCoordinates.identityElement.y))); + const is_identity = @boolToInt(p.z.isZero()) | affine_0; const zinv = p.z.invert(); var ret = AffineCoordinates{ .x = p.x.mul(zinv), .y = p.y.mul(zinv), }; - ret.cMov(AffineCoordinates.identityElement, @boolToInt(p.x.isZero())); + ret.cMov(AffineCoordinates.identityElement, is_identity); return ret; } diff --git a/lib/std/crypto/pcurves/secp256k1.zig b/lib/std/crypto/pcurves/secp256k1.zig index 753f929f44..2d94594f61 100644 --- a/lib/std/crypto/pcurves/secp256k1.zig +++ b/lib/std/crypto/pcurves/secp256k1.zig @@ -89,7 +89,9 @@ pub const Secp256k1 = struct { /// Reject the neutral element. pub fn rejectIdentity(p: Secp256k1) IdentityElementError!void { - if (p.x.isZero()) { + const affine_0 = @boolToInt(p.x.equivalent(AffineCoordinates.identityElement.x)) & (@boolToInt(p.y.isZero()) | @boolToInt(p.y.equivalent(AffineCoordinates.identityElement.y))); + const is_identity = @boolToInt(p.z.isZero()) | affine_0; + if (is_identity != 0) { return error.IdentityElement; } } @@ -314,12 +316,14 @@ pub const Secp256k1 = struct { /// Return affine coordinates. pub fn affineCoordinates(p: Secp256k1) AffineCoordinates { + const affine_0 = @boolToInt(p.x.equivalent(AffineCoordinates.identityElement.x)) & (@boolToInt(p.y.isZero()) | @boolToInt(p.y.equivalent(AffineCoordinates.identityElement.y))); + const is_identity = @boolToInt(p.z.isZero()) | affine_0; const zinv = p.z.invert(); var ret = AffineCoordinates{ .x = p.x.mul(zinv), .y = p.y.mul(zinv), }; - ret.cMov(AffineCoordinates.identityElement, @boolToInt(p.x.isZero())); + ret.cMov(AffineCoordinates.identityElement, is_identity); return ret; }