[crypto] Verify that weierstrass_multiply() result is not point at infinity

The point at infinity cannot be represented in affine coordinates, and
so cannot be returned as a valid result from weierstrass_multiply().

The implementation uses projective coordinates internally, in which a
point at infinity is represented by a zero Z-coordinate.  Treat a zero
Z-coordinate as an invalid result.

The projective coordinates are calculated modulo 4N, and so a zero
value may be represented as 0, N, 2N, or 3N.  To minimise code size,
defer the test until after inverting the Z co-ordinate via Fermat's
little theorem via bigint_mod_exp_ladder() (which will calculate the
inverse of zero as zero, and will always produce a result strictly
modulo N).

Defer the test further until after converting the result back to
affine coordinates, to allow the debug message showing the
multiplication result to be printed.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/weierstrass.c

@@ -858,5 +858,9 @@ int weierstrass_multiply ( struct weierstrass_curve *curve, const void *base,
 	}
 	DBGC ( curve, ")\n" );
 
+	/* Verify result is not the point at infinity */
+	if ( bigint_is_zero ( &temp.multiple.z ) )
+		return -EINVAL;
+
 	return 0;
 }