From 5c2988716e40e1dc78132fe23d778ad2bfaaebd2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Olivier=20Ch=C3=A9ron?= <olivier.cheron@gmail.com>
Date: Thu, 1 Jun 2017 20:58:53 +0200
Subject: [PATCH] Validate P256 point when decoding

Fixes #165.
---
 Crypto/ECC.hs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Crypto/ECC.hs b/Crypto/ECC.hs
index 019184f..8e8e2f3 100644
--- a/Crypto/ECC.hs
+++ b/Crypto/ECC.hs
@@ -114,7 +114,7 @@ instance EllipticCurve Curve_P256R1 where
         Nothing -> CryptoFailed $ CryptoError_PointSizeInvalid
         Just (m,xy)
             -- uncompressed
-            | m == 4 -> P256.pointFromBinary xy
+            | m == 4 -> P256.pointFromBinary xy >>= validateP256Point
             | otherwise -> CryptoFailed $ CryptoError_PointFormatInvalid
 
 instance EllipticCurveArith Curve_P256R1 where
@@ -202,6 +202,11 @@ instance EllipticCurveDH Curve_X448 where
     ecdh _ s p = SharedSecret $ convert secret
       where secret = X448.dh p s
 
+validateP256Point :: P256.Point -> CryptoFailable P256.Point
+validateP256Point p
+    | P256.pointIsValid p = CryptoPassed p
+    | otherwise           = CryptoFailed $ CryptoError_PointCoordinatesInvalid
+
 encodeECPoint :: forall curve bs . (Simple.Curve curve, ByteArray bs) => Simple.Point curve -> bs
 encodeECPoint Simple.PointO      = error "encodeECPoint: cannot serialize point at infinity"
 encodeECPoint (Simple.Point x y) = B.concat [uncompressed,xb,yb]