From b2280c24b4bb93aaa4b41592ea8fa34aeed7d789 Mon Sep 17 00:00:00 2001
From: nagendra modadugu <ngm@google.com>
Date: Wed, 27 Apr 2016 23:19:27 -0700
Subject: [PATCH] CR50: point multiply should check point for curve membership

_cpri__EccPointMultiply should check whether the provided
point is on the curve prior to doing a multiply.

BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=TCG test CPCTPM_TC2_4_13_01_01 passes

Change-Id: Ia92494070c62f7e03b395975138c0c8446a7284d
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/341112
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
---
 board/cr50/tpm2/ecc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/board/cr50/tpm2/ecc.c b/board/cr50/tpm2/ecc.c
index 838fbc1143..b573284608 100644
--- a/board/cr50/tpm2/ecc.c
+++ b/board/cr50/tpm2/ecc.c
@@ -75,7 +75,9 @@ CRYPT_RESULT _cpri__EccPointMultiply(
 			return CRYPT_PARAMETER;
 		if (n1 != NULL && !check_p256_param(n1))
 			return CRYPT_PARAMETER;
-		if (in != NULL && !check_p256_point(in))
+		if (in != NULL &&
+			(!check_p256_point(in) ||
+				!_cpri__EccIsPointOnCurve(curve_id, in)))
 			return CRYPT_POINT;
 		if (n2 != NULL && !check_p256_param(n2))
 			return CRYPT_PARAMETER;